Octopi: Secure Programming for the Internet of Things
- Reference number
- RIT17-0023
- Project leader
- Russo, Alejandro
- Start and end dates
- 180301-240831
- Amount granted
- 31 000 000 SEK
- Administrative organization
- Chalmers University of Technology
- Research area
- Information, Communication and Systems Technology
Summary
The Internet of Things (IoT) conceives a future where “things” are interconnected by means of suitable information and communication technologies. Unfortunately, recent events have demonstrated the high vulnerability of IoT. This situation calls for immediate action: most European industries will move to IoT by 2020, where the ability of Swedish industry to confront this shift will determine its competitiveness in the near future. There are three root problems in IoT which makes security hard to achieve: lack of security expertise, the use of low-level programming languages (which makes difficult to program securely), and no system-wide control. Octopi will develop technology to easily and securely program the IoT by the use of high-level languages. The proposal focus on developing a programming model which protects (system-wide) privacy and integrity of data. To exhibit it, Octopi delivers a demonstrator in cooperation with Pelagicore AB--a company specialized in driver-facing systems. While high-level languages are better fit for security, they have the drawback of high resource requirements. In this light, Octopi introduces novel techniques to take high-level languages into embedded constrained devices. To evaluate such techniques, Octopi delivers a demonstrator in cooperation with LumenRadio AB--a company which develops "things" for IoT. To achieve all its goals, Octopi brings together experts in security, programming languages, and hardware design.
Popular science description
The Internet of Things (IoT) conceives a future where “things” (embedded electronic devices) are interconnected by means of suitable information and communication technologies. Companies and industries are adopting IoT technology to examine how their products are used by customers by sampling usage data and sensor measurements--so that they can inform the next generation of products, or help diagnose problems early. Most European industries will move to IoT by 2020, and the ability of Swedish industry to confront this shift will determine its competitiveness in the near future. While the enthusiasm for IoT is enormous, many firms agree on the poor state-of-the-art in terms of security. An insecure IoT would allow malicious hackers to disrupt industry and company operations. There are scary examples showing the stakes: smart-fridges can be hacked in order to reveal Gmail passwords, cars can be remotely controlled (Chrysler's notorious vulnerabilities caused a recall of 1.4 million units), and home devices can be exploited to launch massive network attacks. "Things" that are used in our everyday lives can now be weaponised to spy on or harm us. What is special about IoT which makes security difficult to achieve? One of the root problems is that developers use programming languages with little or no abstraction from the computer's language--programming with such low-level details makes it extremely difficult to program securely. Another aspect hindering security is that IoT systems have often no control or monitoring mechanisms for the entire system. This proposal, called Octopi, develops technology for securely programming IoT systems--The acronym is chosen to reflect that our technology controls "many things" in order to provide security. To achieve its goal, Octopi places high-level languages, i.e., languages that can do much more than the computer's language, as the means to easily express and enforce system-wide security policies--a research area where we are pioneers. In that manner, developers are warned when their code might compromise privacy and integrity of data. Although high-level languages provide many desirable features for security, they have the drawback of high resource requirements. In this light, Octopi introduces novel techniques to take high-level languages into constrained devices. To achieve all its goals, the proposal brings together experts in security, programming languages, and hardware design.