It is increasingly believed that Resilient Computing will become the main paradigm for achieving secure and dependable operation of computer systems and networks in a near future. It will be a game changer in the craft of designing computer systems of today and future, improving classic Cybersecurity techniques.
As such, achieving Cyber Resilience will be at the center of my vision and the inspiration for the research I propose to foster at KAUST. Being founding Director of the recently created Resilient Computing and Cybersecurity Center (RC3), my group is fully dedicated to its bootstrapping, together with other colleagues’ groups.
Our research investigates such paradigms and techniques reconciling Cybersecurity and Dependability, leveraging Distributed and Real-Time Systems theory, as well as Applied AI/ML. We explore novel ways (theoretical and practical) to achieve Cyber Resilience of systems, in areas like: autonomous vehicles from earth to space; distributed control systems; digital health and genomics; SDN-based infrastructures; or blockchain and cryptocurrencies.
Visit the research center’s web — Resilient Computing and Cybersecurity Center (RC3) — to grasp how these ideas are put into action!
Then, check our PhD and internship projects further down this page and apply now to CybeResil opportunities !!
Broad Research topics
· Robust and Adaptive Fault and Intrusion Tolerance;
· Ultra-Reliable Micro Trusted Execution Environments;
· Privacy and Integrity-preserving Data Processing;
· Next-generation Threat and Intrusion Detection / Prevention Systems;
· High-confidence Vertical Software Verification.
Focused PhD-level research opportunities:
1. Fault and Intrusion Resilience Systems for Modern Vehicles. Modern software-defined vehicles are prone to software faults and intrusions. A modern vehicle is composed of up to hundred commuting units, called Electronic Control Units (ECUs), connected via different types of networks (e.g., CAN, Automotive Ethernet, FlexRay). On top of these ECUs, hundreds of millions of software lines of code are controlling different vehicle’s applications like Advanced Driver Assistance Systems (ADAS), Telematics, and X-by-wire control functionalities. Unfortunately, this increases the likelihood of software faults and vulnerabilities. This topic studies the new concept of Fault and Intrusion Tolerance Systems (FIRS: https://hal.archives-ouvertes.fr/hal-03782751/document) to mask arbitrary benign and intrusion faults. The concept allows running multiple and possibly diverse replicas of a state-full application process on different ECUs, forming a resilient deterministic Replicated State Machine. Replicas are required to agree on a common state through variant of Byzantine Agreement protocols (today widely used in Blockchain) prior to changing their local state. The thesis work proposes and implements an architecture of such FIRS system and introduces new soft- and hard-real-time agreement protocol variants (like PISTIS https://ieeexplore.ieee.org/document/9347806) tailored for different automotive networks (e.g., Automotive Ethernet and FlexRay). The work will also study the feasibility of such systems to ECU capabilities, and network, as well as application.
2. Resilient and Secure Architectures for Modern and Autonomous Vehicles. Modern vehicle architectures are becoming more complex than ever with the increasing adoption of advances in Information Technology (IT) at different granularities. A modern vehicle system is composed of up to hundred commuting units, called Electronic Control Units (ECUs), connected via different types of networks (e.g., CAN, Automotive Ethernet, FlexRay). Managing and coordinating these ECUs is a nightmare if they are completely decentralized. This motivated using more principled architectures with different containment levels, e.g., domain-based, zonal-based, network-based, etc. More recently, there is a tendency to use more centralized architectures, e.g., having a powerful brain computer that controls thin peripherals. This computer takes advantage of two technologies: AI/ML models that are key for autonomous vehicles, connected to the cyberspace, and multicore ECU architectures (e.g., with RISC-V) to create containment at the ECU level. It is clear that this centralization stands as a single point of failure and attack, and leads to serious safety issues; especially with the increasing reliance on AI/ML for autonomous driving (e.g., Tesla) without sufficient rigorous research and engineering. Unfortunately, there are no deep studies in academia on the security, safety, and resilience of these architectures. This thesis topic will study the different possibilities of these architectures and propose new ones. The topic should lead to well-studied architectures or combinations that ensure the functional and nonfunctional properties of a vehicle system, focusing on security and resilience as must-have properties in such a critical cyber-physical system (CPS).
3. Chip-scale fault and intrusion resilience techniques and abstractions. Chip fabrics are the cornerstone of computing technology. They are critical units for modern smart cities and infrastructures as they are used to control sensitive cyber-physical systems (e.g., power-grids, water systems, traffic-road infrastructure, high-tech military technology, etc.). Contrary to the old belief that hardware is secure and robust, a chip fabric is indeed subject to serious failures and vulnerabilities. Unintentional faults can be induced at any development stage in the design, fabrication, or testing process of a chip, or due to glitches in the intrinsic physics of the material used (e.g., aging, overheating, purity, etc.). Intentional faults can be at any chip development stage as a backdoor or a trojan, especially if parts of the process are outsourced to third parties in different countries. This thesis topic will focus on building Fault and Intrusion Tolerance protocols, a.k.a., Byzantine agreement protocols, as those used in building intrusion resilient systems and blockchains. Since these variants are clearly heavyweight to run at chip-scale, more efficient variants will be proposed, e.g., via exploiting the chip characteristics and assumptions. The concept will be used to build abstractions and chiplet components that can be used to building Sovereign Chips synthesized from multi-vendor components, and used for critical Cyber-physical applications like Vehicles, Space systems, UXVs, etc.
4. Dynamic and Adaptive System-on-Chip fault and intrusion tolerant protocols. Fault and Intrusion Tolerance (FIT) protocols are recently being explored to build System-on-Chips (SoC) that are resilient to arbitrary benign and intrusion faults, i.e., by masking them through achieving Byzantine Agreement between replicas. The premise is that a majority of these replicas is not Byzantine, in order to collect a quorum of correct “votes”, i.e., consensus. Nevertheless, if replicas do not fail interpedently, this assumption is deemed hard. Reprogrammable hardware like FPGAs is presenting a significant opportunity to diversify hardware abstractions, e.g., by using modified versions of a softcore–that is then mounted on the FPGA to achieve correct specifications with hardware strengths. Interestingly, these soft-cores can be launched in a hot-swappable manner, without rebooting the FPGA, which provides an ideal environment for replica rejuvenation. This makes it hard even for an Advanced Persistent Attack to exploit the possible vulnerabilities the SoC being dimorphic and obfuscated. This topic will explore the full potential of FPGAs to build dynamic and adaptive FIT protocols that can rejuvenate diverse replicas at runtime as well as smoothly run as many as needed replicas in an elastic manner.
5. Intrusion monitoring and detection for trustworthy containerized environments. Container-based virtualization, like Docker, is increasingly being used for safe and fast deployments given its lightweight nature and support for agility. However, this comes at the price of a reduced isolation level compared to the traditional host-based virtualization techniques, where compromised or rogue containers might exploit existing vulnerabilities or poor container deployment choices to successfully inject security state errors in the host OS (e.g., breaking out of the namespace isolation mechanisms and running as a root at the host level). This requires well-studied Fault and Intrusion Tolerance (FIT) frameworks for error detection-recovery and fault treatment (https://ieeexplore.ieee.org/abstract/document/9973124). This topic aims at exploring specification-based error detection mechanisms at the host level, e.g., Linux, to systematically and formally capture security state errors indicating breaches potentially caused by malicious containers. The work includes studying the key kernel tools used by/with containers and proposing a convenient monitoring architecture for error detection, e.g., inspired by tools such as strace, or sysdig.
VSRP internship topics
** POTENTIAL PhD students:
Enroll (instructions in https://kaust.edu.sa/en/study/phd-program), referring to the PI's name, Prof. Paulo Esteves-Veríssimo.
Next deadline: 7th January 2023.
** PROSPECTIVE graduate students:
Apply in the VSRP page, Visiting Student Research Program page (at https://vsrp.kaust.edu.sa/, expenses fully covered , referring to the PI's name, Prof. Paulo Esteves-Veríssimo.