Visible to the public Biblio

Filters: Author is Levis, Philip  [Clear All Filters]
Conference Paper
Levy, Amit, Campbell, Bradford, Ghena, Branden, Pannuto, Pat, Dutta, Prabal, Levis, Philip.  2017.  The Case for Writing a Kernel in Rust. Proceedings of the 8th Asia-Pacific Workshop on Systems. :1:1–1:7.

An operating system kernel written in the Rust language would have extremely fine-grained isolation boundaries, have no memory leaks, and be safe from a wide range of security threats and memory bugs. Previous efforts towards this end concluded that writing a kernel requires changing Rust. This paper reaches a different conclusion, that no changes to Rust are needed and a kernel can be implemented with a very small amount of unsafe code. It describes how three sample kernel mechanisms–-DMA, USB, and buffer caches–-can be built using these abstractions.

Ayers, Hudson, Crews, Paul Thomas, Teo, Hubert Hua Kian, McAvity, Conor, Levy, Amit, Levis, Philip.  2018.  Design Considerations for Low Power Internet Protocols. Proceedings of the 16th ACM Conference on Embedded Networked Sensor Systems. :317–318.
Examining implementations of the 6LoWPAN Internet Standard in major embedded operating systems, we observe that they do not fully interoperate. We find this is due to some inherent design flaws in 6LoWPAN. We propose and demonstrate four principles that can be used to structure protocols for low power devices that encourage interoperability between diverse implementations.
Hong, James, Levy, Amit, Riliskis, Laurynas, Levis, Philip.  2018.  Don't Talk Unless I Say So! Securing the Internet of Things with Default-Off Networking. 2018 IEEE/ACM Third International Conference on Internet-of-Things Design and Implementation (IoTDI). :117-128.

The Internet of Things (IoT) is changing the way we interact with everyday objects. "Smart" devices will reduce energy use, keep our homes safe, and improve our health. However, as recent attacks have shown, these devices also create tremendous security vulnerabilities in our computing networks. Securing all of these devices is a daunting task. In this paper, we argue that IoT device communications should be default-off and desired network communications must be explicitly enabled. Unlike traditional networked applications or devices like a web browser or PC, IoT applications and devices serve narrowly defined purposes and do not require access to all services in the network. Our proposal, Bark, a policy language and runtime for specifying and enforcing minimal access permissions in IoT networks, exploits this fact. Bark phrases access control policies in terms of natural questions (who, what, where, when, and how) and transforms them into transparently enforceable rules for IoT application protocols. Bark can express detailed rules such as "Let the lights see the luminosity of the bedroom sensor at any time" and "Let a device at my front door, if I approve it, unlock my smart lock for 30 seconds" in a way that is presentable and explainable to users. We implement Bark for Wi-Fi/IP and Bluetooth Low Energy (BLE) networks and evaluate its efficacy on several example applications and attacks.

Lampert, Ben, Wahby, Riad S., Leonard, Shane, Levis, Philip.  2016.  Robust, Low-cost, Auditable Random Number Generation for Embedded System Security. Proceedings of the 14th ACM Conference on Embedded Network Sensor Systems CD-ROM. :16–27.

This paper presents an architecture for a discrete, high-entropy hardware random number generator. Because it is constructed out of simple hardware components, its operation is transparent and auditable. Using avalanche noise, a non-deterministic physical phenomenon, the circuit is inherently probabilistic and resists adversarial control. Furthermore, because it compares the outputs from two matched noise sources, it rejects environmental disturbances like RF energy and power supply ripple. The resulting hardware produces more than 0.98 bits of entropy per sample, is inexpensive, has a small footprint, and can be disabled to conserve power when not in use.

Wilson, Judson, Wahby, Riad S., Corrigan-Gibbs, Henry, Boneh, Dan, Levis, Philip, Winstein, Keith.  2017.  Trust but Verify: Auditing the Secure Internet of Things. Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services. :464–474.

Internet-of-Things devices often collect and transmit sensitive information like camera footage, health monitoring data, or whether someone is home. These devices protect data in transit with end-to-end encryption, typically using TLS connections between devices and associated cloud services. But these TLS connections also prevent device owners from observing what their own devices are saying about them. Unlike in traditional Internet applications, where the end user controls one end of a connection (e.g., their web browser) and can observe its communication, Internet-of-Things vendors typically control the software in both the device and the cloud. As a result, owners have no way to audit the behavior of their own devices, leaving them little choice but to hope that these devices are transmitting only what they should. This paper presents TLS–Rotate and Release (TLS-RaR), a system that allows device owners (e.g., consumers, security researchers, and consumer watchdogs) to authorize devices, called auditors, to decrypt and verify recent TLS traffic without compromising future traffic. Unlike prior work, TLS-RaR requires no changes to TLS's wire format or cipher suites, and it allows the device's owner to conduct a surprise inspection of recent traffic, without prior notice to the device that its communications will be audited.