MU researcher builds upon groundbreaking cybersecurity work


ReWire is a language that helps safeguard against cybersecurity threats at the highest possible security levels. The goal is to eliminate the possibility of error, human or otherwise, while maintaining the strictest possible security. And Bill Harrison, right, is just the guy for the job.

MU Electrical Engineering and Computer Science Professor Bill Harrison has long been a prolific researcher in the world of cybersecurity, embedded systems and high-assurance computing.

A longtime collaborator with the U.S. Naval Research Lab (NRL), he recently received word that their ongoing project received another round of funding, and a recent publication landed Harrison a slot at the 29th International Symposium on Rapid System Prototyping (RSP18) in Torino, Italy, which was part of Embedded Systems Week (ESWEEK).

The NRL project is called “Mechanizing the Metatheory of the ReWire Language with Applications to Code Vulnerability,” and it is based off a programming language Harrison created as part of his 2008 National Science Foundation CAREER Award project. He created ReWire with collaborator and algebraic logician Gerard Allwein of the NRL and his former Ph.D. student Adam Procter.

The purpose of ReWire is to eliminate potential security holes in applications and embedded systems. Military technology and applications need safeguards that both react properly to threats and do not mistake threats and go off when they aren’t supposed to, which could have potentially lethal consequences. It effectively serves as what’s called a runtime monitor, which is a system analysis method that pulls information from currently-running systems and reacts according to whether or not it’s behaving as intended.

“A typical use case might be in an embedded system on a drone or some kind of system,” Harrison explained. “You want to know that if, for example, a drone goes down and an enemy takes that embedded system and tries to start hacking it that it will say, ‘Hey, this is weird, and I’m going to now self-destruct.’

“I don’t want it to self-destruct unless it’s actually weird. I need to guarantee that. I don’t want to be in a combat mission and have it self-destruct because the runtime monitor is stupid.”

ReWire, therefore, is a language that helps safeguard against cybersecurity threats at the highest possible security levels. The goal is to eliminate the possibility of error, human or otherwise, while maintaining the strictest possible security.

And Harrison is just the guy for the job. The NRL also recently granted him an extra $100,000 annually to help assist its personnel with logical methods for reasoning about hardware.

His skills in this realm landed Allwein and Harrison a spot at RSP18 in Italy in early October. Their paper is entitled “Semantics-directed Prototyping of Hardware Runtime Monitors”. Another paper, entitled “The Mechanized Marriage of Effects and Monads with Applications to High Assurance Hardware,” which is based off of Reynolds’ dissertation was accepted to the journal ACM Transactions on Embedded Computing Systems in March. And a new paper on ReWire and its applications, entitled “Language Abstractions for Hardware-based Control-Flow Integrity Monitoring,” was just accepted at the 2018 International Conference on Reconfigurable Computing and FPGAs (ReConFig18) and will be presented there in December.

“What we’re about is more construction methods, which is to say that if you want to build a runtime monitor that you can guarantee something about, here’s a way to do it,” Harrison explained. “That’s the new thing, and that you can prove something about it, that’s also new. We’re trying to make a science of runtime monitoring rather than a bunch of particular examples.”



Source link