Stephen R. Beard
Assistant Professor
Computer Science and Software Engineering
Computer Engineering
Research
My research interests include architectural, hardware, and cyber-physical security; compiler and language based techniques for security; and I still maintain some interest in architecture and compiler based performance, especially reguarding parallelism. Some current projects and their meeting times (Winter times TBD):
- Arch Sec -
- PG&E Critical Infrastructure -
- Cell Phone Power Side Channel -
Some past projects that could have additional work done on them:
- Laser as Speaker/Microphone
- Compilers Related
- Automatic Hardware/Compiler based parallelization
Architectural Security
Trusted systems require the faithful execution of secure software by secure hardware. Today’s systems have neither. Essentially all software contains bugs that attackers can find and exploit. The complexity of hardware, combined with the large attack surface presented in its development, manufacturing, and deployment processes make it nearly impossible to secure every component. My dissertation focused on leveraging a small, trusted, and potentially formally verified set of hardware and software to contain the potentially ill effects of untrusted/buggy/malicious hardware and software. This wholistic system-based approach has the potential to guarantee the correctness of communication from a system without major impacts to its performance. We have historically called this system TrustGuard and the small, trusted, hardware verification unit the Sentry. There are still many open areas that deserve further investigation in this area, and I would be thrilled to advise student projects that will help me further explore this area. Note that many of these projects will contain a strong research emphasis.
Some example areas and projects
- Architectural simulations for security
- FPGA based implementations of hardware security-based techniques
- Formal verification of hardware and software designs
- Exploration of security policy-based communication verification
- Further exploration of software with clear specification between inputs and outputs for verification-based protection
Cyber Physical Systems
Operational Technology (OT, think factories and power plants) have long been the realm of analog control with some isolated digital systems. Thus, the threat model that such systems have classically faced has excluded many of the classical threats that the Information Technology (IT, think laptops and servers) realm has dealt with. With the increasing connectivity in our world and the business desire for more and more "big data" driven decisions, many OT spaces are being driving towards connectivity. This clashing of worlds has serious consequences for security that we have already begun to see -- the damage caused by a cyber incident in a power plant, water treatment plant, or hospital has serious risk of injury and loss of life.
In recognition of the need for more research and education in this area, PG&E has graciously donated a Critical Infrastructure Cyber Security Lab to Cal Poly. This lab will hopefully serve as the basis for many exciting courses and projects. It is currently a fantastic framework upon which we can build, consisting of several workstations, servers, data diodes, and Programmable Logic Controllers (think the OT version of an FPGA). We currently need a few projects to help flesh out this skeleton. These include projects to create some cyber physical systems that can serve as demonstrations and attack targets, as well as some projects to bring the network side of the lab up to full functionality. Note that many interested attacks require targets of some sort, so there is a natural ordering to some of these projects. Myself, in addition to a few other faculty, are interested in advising projects in these areas.
Some example projects include:
- Closed Loop PLC Controlled Systems
- Traffic light control system
- Simulated power plant / distribution system
- Suspend ping pong ball in a column of air
- System Administration
- Imaging and backup of servers and workstations
- Racking and installing hypervisor-based server
- Network IDS configuration and analysis
- Attack Exploration
- Attacks circumventing data diode-based networks
- Human Machine Interface PLC attacks
- Hardware trojan based attacks
Side Channels
When thinking about computer security, we often focus on securing the parts of the computer we use and think about most often - the software and its execution. However, all computing devices are physical objects at some level with physical characteristics. Side Channel Attacks exploit the physical implementation of a system using physical artifacts that its operation creates - power, timing, electromagnetic radiation, sound, light, etc. For example, you can figure out someone's cell phone PIN just by watching the power draw from its charger cable; you can easily crack a password using timing; you can turn a laser into a speaker and silently activate a smart home system! All kinds of really weird and interesting things are possible when you start to consider computing devices physical objects rather than magic math boxes. I am interested in advising any and all projects that investigate these types of attacks. These types of projects typically draw on a little bit of knowledge in many areas, and thus are great for individuals, teams, and cross-disciplinary groups. There is great potential for projects that have a heavy emphasis on reimplementing existing work, and those with more of a research element to them.
Some example projects that I am currently most interested in:
- Using a laser to transmit sound to silently induce a smart home type device.
- Hiding a cell phone power analysis device in a USB cable
- Extending current work in cell phone power analysis to deduce typed text rather than just 10 key PINs
- AC power analysis for cell phone PIN discovery rather than 5 V DC
- Acoustic analysis of keyboard typing to deduce text
- Voltage glitching attacks to directly attack systems