A lot can happen in a month.
It’s enough time to learn a new habit or teach an old dog a new trick. And if Tiffany Bao and her team of researchers at Arizona State University get their way, we will also be able to reverse engineer any cyberphysical system in 30 days or less.
Cyberphysical systems are everywhere. They differ from other forms of technology that may contain computer hardware. In a cyberphysical system, a combination of hardware and software components typically work together to control a piece of equipment.
A small computer that monitors a car’s tire pressure is an embedded device. A self-driving car is a cyberphysical system. Satellites, HVAC systems, smart irrigation systems and even the Amazon Echo are examples of cyberphysical technology.
Concern is growing that these systems are vulnerable to attack.
More alarming than the notion that a Google Home might go rogue is the fact that cyberphysical equipment — including drones, unmanned vehicles and mission platforms — is in widespread use on United States military bases. Experts worry that these systems could be hacked. They have drilled against scenarios where cybercriminals assume control of motors, valves and more, possibly triggering explosions and fires.
Team turns out tool kit to secure systems
How this tech will be protected and secured is of vital national security interest. That’s why the U.S. Defense Advanced Research Projects Agency, or DARPA, has awarded a $15 million grant under its Faithful Integration, Reverse-engineering and Emulation, or FIRE, program to a team of researchers who will work to secure these systems.
Bao, an assistant professor of computer science and engineering in the School of Computing and Augmented Intelligence, part of the Ira A. Fulton Schools of Engineering at ASU, will play a pivotal role in these efforts. Her team of cybersecurity professionals includes associate professors Adam Doupé, Yan Shoshitaishvili and Fish Wang, as well as assistant professors Zilin Jiang and Giulia Pedrielli, all faculty members in the Fulton Schools.
The team is developing a suite of tools that officials can use to reverse engineer middle-scale cyberphysical systems. Their project is known as SENPAI — Strategic Exploration, Navigation and Patching of Abstracted Integrations.
“With SENPAI, security experts will be able to find the vulnerabilities in cyberphysical systems, show how these might be exploited and then, finally, patch the vulnerabilities,” Bao says.
Bao says speed is key.
“Experts are already able to do much of this work, but it can take months or years,” she says. “To really be effective, this entire process needs to be done in a month."
SENPAI will provide ways to model software and hardware quickly, helping the defense sector secure the equipment and technology it is already using.
“There’s a lot of equipment in use that was not built with cybersecurity in mind,” says Bao, who notes that aging technology is deployed in many scenarios. “Being able to secure those cyberphysical systems, and to do that as soon as possible, is an important aspect of keeping us all safe.”
The project builds on Bao’s impactful work in the cybersecurity arena.
Real-world solutions for real hardware
Meanwhile, Sandeep Gupta is working to deal with the physical parts of the cyberphysical systems. Gupta is a professor of computer science and engineering in the School of Computing and Augmented Intelligence with an extensive track record in cyberphysical systems research.
Since users of the SENPAI system must be able to profile real equipment that already exists and is in use, Gupta says it’s especially crucial to have a thorough understanding of how hardware and software work together.
He notes that the team’s goal is to automate or replace the manual process of creating models that many experts currently rely on.
“We’re developing tools that will enable teams dealing with cyberphysical threats to create virtual models of hardware and run simulations,” Gupta says. “The team will essentially be making a digital twin of something like a drone and be able to accurately determine how a hack or attack will affect its behavior.”
For example, the team considered a scenario where a drone’s camera might be hacked by a cybercriminal or bad actor who intends to force it to crash. Using SENPAI, security experts would have AI-based tools to analyze which bugs might be introduced in the camera’s software, how feeding incorrect imagery to the drone would affect its behavior and what must be done to protect the whole system from the attack.
Cross-country and cross-disciplinary collaboration
Bao and the ASU team will work with fellow researchers at the University of California, Irvine, and with an industry partner to develop this new technology.
Bao’s team is directly receiving $8 million of the total award. At ASU, the project is highly collaborative with support not just from the School of Computing and Augmented Intelligence but also from the Global Security Initiative. Bao is an associate director in the initiative's Center for Cybersecurity and Trusted Foundations, or CTF.
Nadya Bliss, executive director of the Global Security Initiative and a professor of practice in the School of Computing and Augmented Intelligence, says the group is dedicated to improving national security through mission-focused science and technology research — and sees securing cyberphysical systems as a critical part of the mission.
“Professor Bao and her colleagues in CTF are helping address one of the most challenging and complex national security threats our nation faces,” Bliss says. “Cyberphysical systems are central to the daily functioning of society and are often vulnerable to attacks, making them prime targets for bad actors.”
Ross Maciejewski, director of the School of Computing and Augmented Intelligence, agrees and says that attracting faculty members capable of conducting groundbreaking and high-level research is a key part of the school’s focus.
“Our faculty team is on the front line of cybersecurity research,” he says. “They are working with other top universities and partners to deliver solutions that will yield significant results.”
Bao is proud of her team’s efforts.
“ASU plays a pivotal and major role in this initiative,” she says. “This achievement not only highlights our team’s expertise and dedication but also enhances our standing in advancing research in cybersecurity and cyberphysical systems.”
More Science and technology
ASU student researchers get early, hands-on experience in engineering research
Using computer science to aid endangered species reintroduction, enhance software engineering education and improve semiconductor material performance are just some of the ways Arizona State…
ASU professor honored with prestigious award for being a cybersecurity trailblazer
At first, he thought it was a drill.On Sept. 11, 2001, Gail-Joon Ahn sat in a conference room in Fort Meade, Maryland. The cybersecurity researcher was part of a group that had been invited…
Training stellar students to secure semiconductors
In the wetlands of King’s Bay, Georgia, the sail of a nuclear-powered Trident II Submarine laden with sophisticated computer equipment juts out of the marshy waters. In a medical center, a cardiac…