CISP		 Massachusetts Institute of Technology
Computer Science and Artificial Intelligence Laboratory
Home Vision People Research Abstracts Projects Courses Conferences Sponsors

CISP Vision



Computing devices are becoming ubiquitous and we are placing more responsibility on the devices that surround us. For example, our society requires a very high level of security for computers and embedded devices that support our national infrastructure for communication, traffic management and catastrophe detection. However, most computing devices today are largely unsupervised. Worse, they are unprotected against malicious software attacks and physical attacks. CISP will address the development of infrastructure for computing systems and embedded networks that will result in provable security guarantees not only for the Internet, but also for the multitude of embedded devices that are being connected together and to the Internet.

Advances in miniaturization, manufacturing, and integration are rapidly leading to a convergence of three hardware technologies which are becoming widely available at low cost:

1. Sensing: tiny sensors that can sense a variety of environmental phenomena, low-cost RFID tags that can "lojack" everything of importance, and actuators for effecting changes in an environment,

2. Processing: low-power embedded general-purpose processors which are computationally powerful, and

3. Wireless communication: low-cost local-area data radios in small form-factors.

The technology push caused by the convergence of these three trends offers a powerful substrate for system designers. At the same time, the demand pull accelerating this technological convergence is the growing interest and need for remote monitoring and control applications; distributed sensors and processors offer unique capabilities for interacting with the physical world. Sensors and processing devices with wireless networking are particularly powerful, since they can collaborate with each other and can be reached from afar (e.g., from software running in the fixed infrastructure across the Internet). Example applications that benefit from networked sensors and processing elements include disaster response (e.g., tracking the trajectory of a fire to take preemptive action and actuating emergency exit signs to point out the best escape routes), environmental and scientific monitoring, real-time highway traffic monitoring and control of metering and tolls, and asset tracking for inventory maintenance, supply chain planning, and theft prevention.

Today, these applications are vertically developed and deployed: each application is designed from the ground up, each with its own runtime environment, sensors, actuators, and embedded processors, with little or no attention to security. These networks and the applications running on them are easier to attack than the Internet as they are susceptible to physical and environmental attacks in addition to software attacks. Further since they are connected to the Internet, they can also be attacked from remote locations!

Traditional approaches to security such as adding a firewall do not work in wireless networks of devices. If a new approach to designing such systems with security in mind is not developed, it is conceivable that, in the near future, we will see the deployment of heterogeneous networks of distributed devices running safety-critical applications, which are riddled with security holes.

The confluence of these application pulls and technology pushes create a tremendous opportunity -- we can now envision a new, general-purpose distributed computing infrastructure. There are, however, many challenges to building such an infrastructure, the biggest of which are security and privacy. We believe that the right time to design and build such an infrastructure is now, while distributed applications are evolving, and before there is a greater deployment of, and dependence on, insecure networks that run safety-critical applications. If a secure, trusted infrastructure can be built, we can likely avoid problems akin to the lack of security that is plaguing the Internet, because its initial design mostly ignored security. Existing insecure Internet servers can and should be replaced by the trusted computing platforms developed in order to provide security guarantees to our society.

CISP has six research thrusts within the unifying theme of security and privacy in the Internet and distributed networks of devices.

They are:
  • Hardware/Physical Security: Processing platforms that provide users with tamper-evident, authenticated environments in which any physical or software tampering by an adversary is guaranteed to be detected, and private and authenticated tamper-resistant environments where additionally the adversary is unable to obtain any information about software or data by tampering with, or otherwise observing, system operation.
  • Operating System Security: Operating system designs that allow users to control applications using encapsulation without having to understand the applications' security properties, so security can be achieved without limiting applications' flexibility.
  • Network Security: Network architectures that leverage the end-to-end security provided by hardware and software platform to determine liveness of paths and guarantee that only live (uncorrupted) paths are used to route messages.
  • Theory: Proving security properties for the hardware platform, the operating system and the network infrastructure, and the development of new new models, techniques and algorithms to enable secure system building.
  • Privacy and Policy: System designs that separate security mechanisms from security policies, and transparent system designs which the systems will expose privacy concerns and technologies to users allowing them to modify their behavior.
  • Application Testbed: A testbed that will allow the emulation of wide-ranging applications including city-scale sensor networks, and pervasive computing networks.