Secure Code Execution on Untrusted Remote Devices

Thu 02Dec2021

Gene Tsudik, UC Irvine

From 12.30 until 13.30



Our society is increasingly reliant upon a wide range of Cyber-Physical Systems (CPS), Internet-of-Things (IoT), embedded, and so-called “smart”, devices. They often perform safety-critical functions in numerous settings, e.g., home, office, medical, automotive and industrial. Some devices are small, cheap and specialized sensors and/or actuators. They tend to have meager resources, run simple software, sometimes upon “bare metal”. If such devices are left unprotected, consequences of forged sensor readings or ignored actuation commands can be catastrophic, particularly, in safety-critical settings. This prompts the following three questions: (1) How to trust data produced by a simple remote embedded device? (2) How to ascertain that this data was produced via execution of expected software? And, (3) Is it possible to attain (1) and (2) under the assumption that all software on the remote device might be modified or compromised? In this talk, we answer these questions by describing APEX: (Verified) Architecture for Proofs of Execution, the first of its kind result for low-end embedded systems. This work has a range of applications, especially, to authenticated sensing and trustworthy actuation, APEX incurs low overhead, making it affordable even for lowest-end embedded devices; it is also publicly available.

Join us on Zoom at

Download Event to Calendar