Our work in secure platforms recognises that to enable a secure system, a platform must be trusted by the system software and applications that run on it. For example, users expect smartphones and computers to ensure confidential and personal information stays private and safe. Users also expect resilience against malware and robust communications that mean if one of the platform’s communication and networking channels is down others will remain operational.
Key secure platform research areas:
- Hardened CPUs and chipsets
- Trusted boot
- Trusted execution environment
- Hardware root of trust
- Tamper resistance
- Communication resilience (use of mesh networking)
The next step is to harden software running on the secure platform. This means protecting against malware at both the system and application layer. Attacks against software include driver modifications at the system level or communication protocol breaches at the application level.
These attacks can either subvert behaviour or steal valuable information. Protection and prevention has to be end-to-end. That way, an application running on a device can communicate securely with back-end software in the cloud.
Key research area for software hardening:
- Secure software development
- Secure OS
- Secure applications
- Secure communication (hardened protocols against attacks)
- Secure cloud and fog platforms and software
With a secure platform and hardened software, ensuring system integrity at run time is the final critical component. Malware can subvert behaviour or unknowingly export information from the system.
Key research areas for system integrity and data exfiltration:
- Monitoring systems for abnormal behaviour using machine learning
- Debloating the code base to remove unused functionality
- Creating different dialects of protocols to improve immunity
- Diversifying software variants to enhance resiliency
- Monitoring ML models against poisoning, and self-healing from attacks
Given our priorities across platforms, software, and data integrity, we prioritise the following domains:
- Smartphone and application security
- Security and resilience against single and swarm autonomous drones
- Secure fleet management of drones
- Secure operation of cloud and fog systems
Secure Smartphone enables a full end-to-end protection of communication between the Cloud (Hybrid or External) and itself, and another secure Smartphone. The communication is protected through a secure protocol in Application running on the device and talking with backed on Cloud using a standard encryption algorithm though with our keys with specific strength. The device is running a hardened operating system with proprietary secure applications and is hardened to protect hardware against tampering, thus data is protected at rest and during transmission.
- Secure Sleeve
- Secure Thin Phone
- Secure SOC and Platform
Secure Autonomous Computing
Secure autonomous computing enables automatic control with Cloud based software systems of fleet of Edge devices which can themselves be autonomous (e.g., Drones, Ground Drones). The communication is end-to-end protected between the fleet and the Cloud, while enabling resilience in software and hardware against malware and tampering. The fleet is updated over the air for mission and maintenance updates. Network connectivity is made more robust using a secure mesh network.
- Secure Cloud Based Autonomous Systems
- Secure Autonomous Robots (Edge, Fog, Ground Drones)
- Secure Flight SOC and Platform
To facilitate our work securing autonomous air, land and sea drones (vehicles), we are developing a state-of-the-art drone testing facility in Abu Dhabi that we, and other centres at TII, can use to develop and test new ways to secure drone platforms.