CAREER: SaTC: Rethinking Trusted Execution Environments for Embedded and IoT Systems

Networked embedded and Internet of things (IoT) systems are essential to everyday life and predicted to reach one trillion systems by 2035. These systems power a variety of embedded and IoT devices, such as sensors, medical devices, wearables, smart family gadgets, industrial computing units, autonomous vehicles, and infotainment systems. While the benefits of these systems are unparalleled, they are susceptible to cyberattacks, which are occurring at unprecedented levels and often have severe consequences ranging from loss of life to homeland security breaches. To ensure our IoT infrastructure and ecosystem are built on a trustworthy and secure foundation, this project's novelties are to expand knowledge in pursuit of trustworthy and deployable solutions encompassing the hardware and software layers of computer systems. The project's broader significance and importance, beyond securing the IoT infrastructure, are to train the next generation of cybersecurity researchers, educators, and practitioners with deep theoretical understandings and practical skills in this field. Trusted Execution Environments (TEE), an enabling technology for the confidential computing paradigm, are offered in Central Processing Units (CPUs) as a foundational primitive for security to keep code and data loaded inside computer systems protected. The hardware and software layers of existing TEEs nevertheless have been criticized for lack of transparency and presence of vulnerabilities. This project studies a systematic research approach to increase the trustworthiness and deployability of TEEs and TEE-based security solutions for embedded and IoT devices. Specifically, the project advances the frontiers of knowledge in (1) designing trustworthy TEE hardware paradigms with a minimal Trusting Computing Base (TCB); (2) discovering and fixing confused deputy vulnerabilities of TEE software; and (3) developing new security solutions that utilize TEEs and other hardware units for better protection and superior performance. The education thrust advances the state of knowledge in IoT software and system security education pedagogy and platform. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.