Professor Wayne Burleson of the Electrical and Computer Engineering (ECE) Department coauthored an pioneering new report, titled Grand Challenges for Embedded Security Research in a Connected World, resulting from a forward-looking workshop on Leadership in Embedded Security, as sponsored by the Computing Community Consortium (CCC) and held in August of 2018 in Baltimore, Maryland. As ECE Department Head Christopher Hollot summarizes the significance of Burleson’s key participation in the workshop and its resulting report, “This is about broadcasting the UMass College of Engineering’s national leadership in embedded security research.”
The report focuses on the challenges and potential research opportunities across five major areas of embedded security: medical and health devices; drones and transportation; smart homes; industry and supply-chain; and the smart grid and critical infrastructure.
Burleson points out that that the report and workshop are in alignment with one of the 14 Grand Challenges in Engineering as identified by the National Academy of Engineering (NAE): secure cyberspace. As the NAE states, “Today, both personal privacy and national security depend on protecting the cyberspace from threats. Despite serious breaches of cyber security occurring in the past, research and development for security systems continues to lag behind.”
As the report observes, “Protecting embedded security is becoming an increasingly challenging research problem for embedded systems due to a number of emerging trends in hardware, software, networks, and applications.”
The report adds that “Without fundamental advances in, and an understanding of, embedded security it will be difficult for future engineers to provide assurance for the Internet of Things and operational technology in wide ranging applications, from home automation and autonomous transportation to medical devices and factory floors.”
The report goes on to explain that “Embedded security in connected devices presents challenges that require a broad look at the overall systems design, including human and societal dimensions as well as technical.”
The report notes that recent trends are converging to make the security of embedded systems an increasingly important and difficult objective, requiring new trans-disciplinary approaches to solve problems on a five-to-10-year horizon.
According to the report, “The workshop breakout presentations revealed that there were numerous common themes in terms of trends, challenges, and solutions that impacted most or all of the five applications areas. However, there were also some important distinctions between the areas.”
For example, as the report says, increased connectivity leads to increased attack surfaces in all five areas covered by the report. However, network-based defenses vary considerably, depending on the threat models and impacts on performance and utility. As another example, machine learning algorithms and the move towards autonomous systems are particularly significant in all five areas, especially for detecting intrusion and anomalous behavior, but specific vulnerabilities vary depending on each area.
“Furthermore,” says the report, “the requirements (performance, cost, reliability, lifetime, etc.) for each area are significantly different, thus leading to different challenges and warranting different approaches to security and privacy.”
Burleson also explains that the workshop and report on cyber security involve a key enabling technology for several of the other NAE Grand Challenges, especially: make solar energy economical; advance health informatics; engineer better medicines; prevent nuclear terror; and restore and improve urban infrastructure.
The 2018 workshop was organized by Burleson of UMass Amherst, former CCC Council Member Kevin Fu (University of Michigan), and Farinaz Koushanfar (University of California at San Diego). ECE Professor Daniel Holcomb also attended the workshop. The workshop brought together approximately 50 academics, industrial researchers, and government agency program managers who work close to the topic of embedded security.
The workshop included deep-dive group discussions as well as short visionary talks by several international speakers to lend perspectives on successful strategies for funding embedded security research overseas. (June 2020)