How to Assess the Security of Embedded Systems?

By Karim Elish
Tampa, Florida
Computer ScienceEngineering
$4,500
Goal
This project is not live.
You can't donate to this project yet.
Draft
  • $0
    pledged
  • 0%
    funded
  • Private
    Not Launched

About This Project

Embedded systems are deployed in a wide range of application domains including safety-critical systems where conventional server or workstation computers are not applicable due to size and cost constraints. Embedded systems might be vulnerable to intentional passive- and active-attacks. Hence, there is a need to develop a set of automated tools to assess the risks of the embedded system, and analyze the possible risks and/or attack scenarios specific to embedded systems.

Ask the Scientists

Join The Discussion

What is the context of this research?

A lot of work have been proposed on the subject of attack graph, which comprises the information of exploits and networking connectivity, have proven to be efficient in evaluating the security of enterprise network. Unfortunately, it might be inappropriate to directly be applied in the context of embedded systems, due to the missing information about the severity of unknown exploits and the dependency of software components.

To overcome this problem, we need to 1) develop a security evaluation model that considers the causal relationship among software components in embedded systems; 2) quantitatively assess the risk of either an individual component or the whole system, once the risks of software components are altered or new exploits are exposed.

What is the significance of this project?

There is an urgent need to evaluate or predict the impact of the attacks that target the embedded systems. Our proposed approach and tools will allow the security analyst to define, quantify, simulate, and visualize the impact of the risks and/or adversary mission on the embedded systems. Moreover, it will assist the security analyst to come up with the possible countermeasures and mitigation solutions.

What are the goals of the project?

The goal of this project is to assess the security risks in the embedded systems. To achieve this goal, we will develop a set of automated tools that are capable of assessing the security risks of the embedded systems by analyzing the possible risks and the attack scenarios probabilistically and quantitatively. The proposed risk management system will leverage artificial intelligence probabilistic models to quantify the chances of adversary mission, the levels of the possible vulnerabilities, and the overall security of the system when some system parameters are altered.

Budget

The fund will be used to hire two research assistants (either undergrad or Master's) to develop an automated security tool that is general enough to evaluate, predict, and visualize the risks specific to an embedded system with respect to the dynamic changes of the software system. In addition, some embedded devices will be purchased to evaluate and test our approach.

Meet the Team

Karim Elish
Karim Elish
Assistant Professor

Affiliates

Florida Polytechnic University
View Profile

Karim Elish

I am an Assistant Professor in the Department of Computer Science at Florida Polytechnic University. I received my PhD and MS in Computer Science from Virginia Tech in 2015 and 2011, respectively. My current research interests focus on software security, Android malware analysis and detection, and software engineering. I have published several papers in peer-reviewed security and software engineering conferences and journals. Also, I am working as a reviewer for numerous conferences and journals, including IEEE Transactions on Dependable and Secure Computing (TDSC), and IEEE Systems Journal.

Lab Notes

Nothing posted yet.

Project Backers

  • 0Backers
  • 0%Funded
  • $0Total Donations
  • $0Average Donation