Research Projects

Ensuring software security is vital, especially in cyber-physical environments where failures can threaten infrastructure or human safety. However, most existing methods overlook the need to balance security with real-time constraints. Real-time embedded systems often rely on Real-Time Operating Systems (RTOS) for strict timing. Yet, most existing software integrity methods render RTOSs (and associated guarantees) ineffective. This project aims to bridge the gap between security and real-time guarantees, enabling them to coexist effectively.

This project seeks to re-examine the security practices related to the trust models used by modern web browsers. Specifically, we aim to introduce mechanisms that (1) reduce dependence on users' ability to avoid mistakes and (2) lessen the currently excessive trust placed in third-party applications, such as browser extensions. Challenges associated with (1) and (2) include lowering overheards/bandwidth of cryptographic mechanisms and backward compatibility with existing browser functionality.

Unfortunately, existing Trusted Computing mechanisms -- used to guarantee or remotely verify the trustworthiness of computing systems -- do not apply to resource-constrained IoT devices. In fact, current IoT devices are implemented based on microcontrollers with limited or nonexistent architectural support for security. This project sets out to design, formally specify, and verify trusted computing services that are both affordable for IoT devices and backed by strong formal security guarantees. Examples of security services include: static and run-time remote attestation, provable execution, and active roots of trust functions, among others.