As the world becomes more connected, it also becomes more exposed to vulnerabilities. Technological and economic developments have pushed smaller and more capable devices into our work and social lives. Now, it’s common to have a laptop, a smartphone, a tablet, and any number of peripheral supporting devices. And, these devices are only going to evolve in the future, appearing in ordinary objects that we would never have expected.
“With all of this convenience and power comes hidden dangers”, says Wil Robertson, assistant professor and security researcher in the Northeastern University Systems Security Lab. “It’s long been clear that assuring that there isn’t any hidden malicious functionality lurking in the hardware or software running on traditional desktops and servers is a difficult problem. The concern now is how to deal with new classes of embedded devices that can be easily transported and installed behind otherwise hardened security perimeters and is the focus of a new $1.2M DARPA-funded project we are conducting.”
Today’s hackers are way more advanced and sophisticated than before. They can access and hack data remotely from devices as basic as wireless routers and easily bypass firewalls. “Our challenge in this project is this: Can we identify the presence of this malicious behavior before the device has been deployed to the target?”, Robertson notes.
“To tackle this problem, we’re using a set of techniques referred to as program analysis, which — simply put — provides ways of discovering facts about how a program behaves in response to input from its environment. Program analysis has a long history, but our project is focusing on developing analyses specific to rooting out hidden malicious behaviors”, he adds.
However, discovering hidden malicious behavior is no easy task. Hackers have innumerable ways to detect differences between a real environment and the analysis environment to determine whether it should hide its malicious behavior. “Despite the challenges, we’re very excited to be solving emerging problems, staying one step ahead of the attackers, and producing research that will result in a safer, more secure Internet for everyone.”