The course focuses on attesting the operation integrity of embedded devices in IoT/CPS systems. The learning outcomes include understanding the concept of Operation Execution Integrity (OEI), learning about the OAT system for remote OEI attestation for ARM-based bare-metal embedded devices, and gaining knowledge on detecting control-flow hijacks and data-only attacks affecting IoT device operations. The course teaches skills such as designing security properties for embedded devices, implementing control-flow measurement schemes, and conducting integrity checks for critical data. The teaching method involves a combination of theoretical explanations, practical examples, and real-world evaluations. The intended audience for this course includes professionals working with IoT devices, cybersecurity experts, and individuals interested in embedded systems security.
OAT - Attesting Operation Integrity of Embedded Devices
Overview
Syllabus
Intro
The unverifiable (blind) trust
Existing solutions -- attestation
Example: vulnerable robotic arm
Our Solution
OEI (Operation Exec. Integrity)
OEI: two sub-properties
Attestation Challenges
OAT (OEI Attestation Framework)
Threat model
Operations
CFI Attestation
Intuitive measurement schemes
A hybrid scheme
Measurement Collection & Verification
Critical variable identification
Existing data integrity checks
Def-Use Value Integrity (DVI)
Implementation notes
Tests on real embedded firmware
Micro Performance Tests
Comparisons
Security Tests & Analysis
Conclusion
Taught by
IEEE Symposium on Security and Privacy
