SaTC: CORE: Small: HOLMES: Holistic and Hardware-assisted Control-Flow Security for Microcontroller Systems

About This Grant

Microcontrollers (MCU) are tiny computers found in everything from medical devices and home appliances to cars and factory equipment. As these systems become more connected to the internet and each other, they also become more vulnerable to cyber threats. Unfortunately, most existing security protections were designed for more advanced computers and do not work well on these smaller, more limited devices. This project will develop new, practical solutions to protect MCU-based systems from cyberattacks, helping ensure that the technology we increasingly rely on remains trustworthy. These advances will support national priorities in healthcare, energy, transportation, and public safety. To broaden impact, the project will create new educational resources, including hands-on training platforms and classroom materials, to make cybersecurity more approachable for students. The PIs will share learning content publicly and mentor undergraduate, graduate, and high school students through cybersecurity competitions and outreach activities. Together, these efforts will expand participation in STEM fields. The project will realize its research goal by leveraging novel MCU-specific hardware functionalities (hence, hardware-assisted) for memory management, tracing, and cryptographic signatures. If successful, the project will represent a significant advancement in algorithm, mechanism, and system design for safeguarding the control-flow of MCU systems. Specifically, the project initiates by delving into the realm of cross-state control-flow hijacking, seeking to both comprehend and counteract this phenomenon to secure control-flow from TEE to rich execution environment. Then, the project leverages the capabilities of the secured TEE and hardware tracing units to develop comprehensive control-flow violation detection mechanisms on the entire MCU software. Finally, the project capitalizes on the secured TEE and the pointer authentication hardware functionality to devise a space-efficient algorithm to attest the control-flow integrity of a significant portion of the MCU software. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.