- Robust and Adaptive Fault and Intrusion Tolerance;
- Ultra-Reliable Micro Trusted Execution Environments;
- Privacy and Integrity-preserving Data Processing;
- Next-generation Threat and Intrusion Detection / Prevention Systems;
- High-confidence Vertical Software Verification.
- Fault and Intrusion Resilience Systems for Modern Vehicles. Modern software-defined vehicles are prone to software faults and intrusions. A modern vehicle is composed of up to hundred commuting units, called Electronic Control Units (ECUs), connected via different types of networks (e.g., CAN, Automotive Ethernet, FlexRay). On top of these ECUs, hundreds of millions of software lines of code are controlling different vehicle’s applications like Advanced Driver Assistance Systems (ADAS), Telematics, and X-by-wire control functionalities. Unfortunately, this increases the likelihood of software faults and vulnerabilities. This topic studies the new concept of Fault and Intrusion Resilience Systems (IRS) to mask arbitrary benign and intrusion faults. The concept allows running multiple and possibly diverse replicas of a state-full application process on different ECUs, forming a resilient deterministic Replicated State Machine. Replicas are required to agree on a common state through variant of Byzantine Agreement protocols (today widely used in Blockchain) prior to changing their local state. The thesis work proposes and implements an architecture of such FIRS system and introduces new soft- and hard-real-time agreement protocol variants (like PISTIS) tailored for different automotive networks (e.g., Automotive Ethernet and FlexRay). The work will also study the feasibility of such systems to ECU capabilities, and network, as well as application.
- Resilient and Secure Architectures for Modern and Autonomous Vehicles. Modern software-defined vehicle architectures are becoming more complex than ever with the increasing adoption of advances in Information Technology (IT) at different granularities. A modern vehicle system is composed of up to hundred commuting units, called Electronic Control Units (ECUs), connected via different types of networks (e.g., CAN, Automotive Ethernet, FlexRay), and whose software is regularly updated. Managing and coordinating these ECUs is a nightmare if they are completely decentralized. This motivated using more principled architectures with different containment levels, e.g., domain-based, zonal-based, network-based, etc. More recently, there is a tendency to use more centralized architectures, e.g., having a powerful brain computer that controls thin peripherals. This computer takes advantage of two technologies: AI/ML models that are key for autonomous vehicles, connected to the cyberspace, and multicore ECU architectures (e.g., with RISC-V) to create containment at the ECU level. It is clear that this centralization stands as a single point of failure and attack, and leads to serious safety issues; especially with the increasing reliance on AI/ML for autonomous driving (e.g., Tesla) without sufficient rigorous research and engineering. Unfortunately, there are no deep studies in academia on the security, safety, and resilience of these architectures. This thesis topic will study the different possibilities of these architectures and propose new ones. The topic should lead to well-studied architectures or combinations that ensure the functional and nonfunctional properties of a vehicle system, focusing on security and resilience as must-have properties in such a critical cyber-physical system (CPS).
Chip-scale fault and intrusion resilience techniques and abstractions. Chip fabrics are the cornerstone of computing technology. They are critical units for modern smart cities and infrastructures as they are used to control sensitive cyber-physical systems (e.g., power-grids, water systems, traffic-road infrastructure, high-tech military technology, etc.). Contrary to the old belief that hardware is secure and robust, a chip fabric is indeed subject to serious failures and vulnerabilities. Unintentional faults can be induced at any development stage in the design, fabrication, or testing process of a chip, or due to glitches in the intrinsic physics of the material used (e.g., aging, overheating, purity, etc.). Intentional faults can be at any chip development stage as a backdoor or a trojan, especially if parts of the process are outsourced to third parties in different countries. This thesis topic will focus on building Fault and Intrusion Tolerance protocols, a.k.a., Byzantine agreement protocols, as those used in building intrusion resilient systems and blockchains. Since these variants are clearly heavyweight to run at chip-scale, more efficient variants, like Samsara, will be proposed, e.g., via exploiting the chip characteristics and assumptions. The concept will be used to build abstractions and chiplet components that can be used to building Sovereign Chips synthesized from multi-vendor components, and used for critical Cyber-physical applications like Vehicles, Space systems, UXVs, etc.
- Dynamic and Adaptive System-on-Chip fault and intrusion tolerant protocols. Fault and Intrusion Tolerance (FIT) protocols are recently being explored to build System-on-Chips (SoC) that are resilient to arbitrary benign and intrusion faults, i.e., by masking them through achieving Byzantine Agreement between replicas. The premise is that a majority of these replicas is not Byzantine, in order to collect a quorum of correct “votes”, i.e., consensus. Nevertheless, if replicas do not fail interpedently, this assumption is deemed hard. Reprogrammable hardware like FPGAs is presenting a significant opportunity to diversify hardware abstractions, e.g., by using modified versions of a softcore–that is then mounted on the FPGA to achieve correct specifications with hardware strengths. Interestingly, these soft-cores can be launched in a hot-swappable manner, without rebooting the FPGA, which provides an ideal environment for replica rejuvenation. This makes it hard even for an Advanced Persistent Attack to exploit the possible vulnerabilities the SoC being dimorphic and obfuscated. In line with our Samsara approach, this topic will explore the full potential of FPGAs to build dynamic and adaptive FIT protocols that can rejuvenate diverse replicas at runtime as well as smoothly run as many as needed replicas in an elastic manner.
- Breaking the Vehicle Over-The-Air Update System
- Vehicle Intrusion Resilience Systems in Action
- Rejuvenation of Diverse FPGA Softcores in a SoC
- Useful Bitcoin Mining with a Matrix-based Puzzle
- Advanced Breach and Attack Simulation using ML
Potential Ph.D. students:
Enroll in the Ph.D. program, referring to the PI's name, Prof. Paulo Esteves-Veríssimo.
October 1st 2023 is the deadline for Ph.D. degree applicants wishing to be admitted for Spring entry (i.e., commencing their program in January 2024).
Prospective graduate students:
Prof. Paulo Esteves-Verissimo
Ines Pinto Gouveia