FICS Research Guest Lecture: Dr. Arslan Khan

Details

FICS Research is proud to host a guest lecture by Dr. Aslan Khan from Purdue University. The talk is entitled “”Securing Embedded Systems Using Compartmentalization”.
Abstract:
Embedded systems are low-power resource-constrained devices implementing specialized tasks, unlike general-purpose computers. Embedded systems find applications in various domains, from the Internet of Things (IoT) to general purpose Personal Computers (PC). Unfortunately, due to the resource constraints of embedded systems, developers often sacrifice security in favor of performance, leaving a huge attack surface for attackers.

In this talk, I will discuss the challenges of securing embedded systems. I will introduce software compartmentalization and will show how we can utilize compartmentalization to secure embedded systems. Next, I will discuss my research on automatic compartmentalization frameworks that can work within the constraints of embedded systems. We will discuss Compartmentalized Real-Time C (CRT-C), a low-cost compile-time compartmentalization mechanism to achieve privilege separation using specialized programming language dialects and static analyses for user threads and device drivers. CRT-C extends the C language type system to protect the kernel space from user threads and device drivers. CRT-C can enforce isolation 178x faster than state-of-the-art solutions. I will also talk about, Embedded Compartmentalizer (EC), an auto-compartmentalization tool that can achieve compartmentalization in the kernel space. EC uses EC-Kernel (ECK), a formally verified microkernel that uses a novel operating system architecture, to provide privilege separation without hardware context switching in the kernel space. EC can enforce isolation 1.2x faster than state-of-the-art solutions. Lastly, I will briefly talk about my future research directions.