This is a recording of Global CENTRA Webinar on 13 February 2018 (at 6-7pm EST). The webinar *series is hosted by CENTRA Project (http://www.globalcentra.org, supported by US NSF ACI Award 1550126), headquartered at the **ACIS Lab, University of Florida.
Topic: Dynamic Information Flow for IoT in Hardware
Speaker: Dr. Daniela Oliveira, Dept. of Electrical and Computer Engineering & Florida Institute for Cyber Security, University of Florida
In this talk I will discuss the architecture and initial evaluation results for REVELARE - a hardware-supported dynamic information flow tracking (DIFT) framework to enhance IoT security and forensics. REVELARE consists of the following components: (i) a DIFT-enabling IP core for the ARM and the RISC-V architectures, which complements the main processor with DIFT capabilities, (ii) two DIFT-based security policies (prevention of memory corruption and in-memory-only attacks) enforced by hardware whose accuracy is enhanced by the capture of DIFT indirect flows, and (iii) a mechanism for IoT virtualization-based security analysis and forensics, with the implementation of two types of security/forensics analyses: causality graphs, and personalized (per-device) anomaly detection. Our preliminary evaluation on software showed that REVELARE could detect six advanced in-memory-only injecting malware samples (including reflective DLL injection, process hollowing, and code injection). We also analyzed false positive rate with a sample of 90 non-injecting malware samples and 14 benign software from various categories and REVELARE presented a very low false positive rate of 2%, which gives us confidence on its potential for securing IoT devices.
00:00 Welcome and introducing Dr. Daniela Oliveira by Prof. Renato Figueiredo
01:11 Presentation begins - IoT and issues regarding processing possibilities, data, security, and challenges
02:57 What is DIFT: Dynamic Information Flow Tracking
10:36 Why DIFT is not widely used in security applications? Challenge 1 -prohibitive performance overhead
12:59 Challenge 2 - Flows of Information - Direct and Indirect; challenges
16:50 Why DIFT for IoT?
18:55 REVELARE: Hardware-based DIFT + IoT Virtualization
34:24 Concluding Remarks
36:40 Q&A begins - memory impact when implementing DIFT?
38:08 Experience with Operating Systems patches when implementing DIFT?
39:26 There are different types of IoT devices of various capabilities, what fraction/type of devices that can run DIFT effectively?
41:50 For DIFT methods, can they be used to protect against other types of attacks (other than buffer overflows)?
44:02 Is there any competitor method to DIFT?
45:40 End of webinar
*For information of CENTRA's Spring 2018 Webinar Series (January throughout April 2018), please visit http://www.globalcentra.org/spring2018webinars/ for more information. Registration is available now.
**Advanced Computing and Information Systems Laboratory (ACIS Lab): https://www.acis.ufl.edu/
Follow us on Facebook: http://www.facebook.com/GlobalCENTRA and http://www.facebook.com/acis.lab