Aravind Machiry

Aravind Machiry

Assistant Professor @ Purdue ECE

Research Areas

My research, in general, has an applied flavor. Specifically, a principled solution will be customized to the underlying domain to achieve both practical and (mostly) formal guarantees.

Embedded Systems Security

Internet of Things (IoT) devices or, in general, embedded devices are ubiquitous and are part of our everyday life. We have been moving into an ecosystem of having several small, low-powered microcontroller or microcontroller unit (MCU) based devices connected directly to the internet or through a proxy. It is important to ensure that the RTOS and system software that runs as part of these systems is secure, and we can rely on it to perform the required mission-critical operations. Furthermore, security vulnerabilities in these systems are likely remotely triggerable.

In this area, we focus on various areas targeted towards improving the security of embedded systems. Our research is along the following thrusts:

Vulnerability Detection

In this thrust, we focus on enabling scalable and precise vulnerability detection on embedded systems. Analysis techniques face unique challenges when dealing with embedded systems, such as asynchronous execution semantics and hardware dependence. We explore techniques such as staged static analysis, systematic testing, rehosting-based dynamic analysis, and machine learning for effective vulnerability detection.

Our work has identified over 100 security vulnerabilities in various embedded software, including network stacks.

Publications

Developer Support

What challenges do developers face in engineering secure embedded systems? What mistakes do developers make in designing embedded systems? Can we develop tools and techniques to assist developers?

These are a few questions we are exploring as part of this thrust.

Publications

Language Based Security

In this thrust, we explore new language primitives that can enable the development of secure embedded systems. Specifically, new programming languages, additions to existing programming languages, new type systems, etc.

The challenging aspect here is ensuring that our techniques align with embedded system constraints – low overhead and backward compatibility (i.e., should work with existing codebase).

Publications

UEFI and Bootloaders Security

In this thrust, we focus on the security of UEFI/EDK-II components. Specifically, vulnerability detection and prevention. We are currently exploring dynamic analysis (fuzzing) based techniques to test DXE drivers and services holistically. We are also exploring techniques for automatically adding Checked C annotations to the UEFI codebase to prevent spatial safety vulnerabilities.

Supported By

DARPA Rolls Royce

Securing Continuous Integration Workflows

Continuous Integration (CI) has become essential to the modern software development cycle. Developers engineer CI scripts, commonly called workflows or pipelines, to automate most software maintenance tasks, such as testing and deployment.

Developers frequently misconfigure workflows resulting in severe security issues, which can have devastating effects resulting in supply-chain attacks. The extreme diversity of CI platforms and the supported features further exacerbate the problem and make it challenging to specify and verify security properties across different CI platforms uniformly. In this area, we aim to addresses the problem by defining the desired security properties of a workflow and developing platform-independent techniques to verify and enforce the security properties.

Publications

Supported By

Amazon and NSF

Mutation for the Masses

Current tools, such as AFL++ and libafl, revolutionalized mutation testing, especially Fuzzing. Traditionally, fuzzing has been mainly used for testing and bug finding. However, in this thrust, we explore various other uses and applications of fuzzing (i.e., mutation testing or stochastic search). We view fuzzing as a way to solve optimization problems intelligently. Provided we can precisely define the following: feedback on how close we are to the desired outcome, a way to map a stream of bytes to the solution space, and an oracle to identify the desired solution.

In addition, we also explore other (more traditional) uses of fuzzing and apply it to dynamic testing of complex systems, such as IoT devices, Kernel Drivers, Network Programs, etc. We explore different techniques that will enable a security researcher to help the fuzzing techniques to test these complex programs effectively. We have exciting ideas in this direction. Get in touch to know more.

Publications

Checked C and Friends

Checked C extends legacy C with checked pointer types that are restricted by the compiler to safe uses. Checked pointer types can coexist with legacy pointers, thus admitting incremental conversion of legacy C to Checked C, in the style of migratory typing. We are working on a technique to port an existing C program to Checked C by converting its pointers to have checked type.

I am also collaborating with David Taditi on this.

Publications

Binary Analysis: Techniques and Applications

I am interested in binary analysis and have always been fascinated by the problems and possible applications. The ability to analyze executables and identify various semantic information is interesting and challenging. I use domain-specific techniques to solve common issues with binary analysis tasks.

Publications

Machine Learing + Security

Machine Learning (and Deep Learning) provides us very useful techniques to achieve best-effort solutions in the presence of a large corpus of data. Many problems in security are proven to be intractable; however, providing a best-effort solution is reasonable. On this front, we are exploring the use of various Machine Learning techniques to handle the problems of: Vulnerability Detecton, Prevention and Mobile Privacy.

Publications