CybersecurityProtecting Device Software from Zero-Day Attacks with TrustMS

Published 12 October 2020

An essential step to protecting mobile and embedded devices from cyberattacks is ensuring that software is not vulnerable to malicious attacks. More than 12,000 new common vulnerabilities were identified in 2019 alone. Verifying that devices are secure is a daunting challenge, as thousands of apps and driver updates are released each year and many will contain vulnerabilities that have not yet been discovered. Thanks to the newly-developed Trusted Mobile System (TrustMS), it is now possible to secure app software by preventing attackers from taking advantage of these vulnerabilities.

An essential step to protecting mobile and embedded devices from cyberattacks is ensuring that software is not vulnerable to malicious attacks. More than 12,000 new common vulnerabilities were identified in 2019 alone. Verifying that devices are secure is a daunting challenge, as thousands of apps and driver updates are released each year and many will contain vulnerabilities that have not yet been discovered. Typically, this would leave most devices unprotected against new attacks until patches are issued.

Thanks to the newly-developed Trusted Mobile System (TrustMS), it is now possible to secure app software by preventing attackers from taking advantage of these vulnerabilities, both zero-day and known, with an added protection mechanism below the application layer. The Department of Homeland Security (DHSScience and Technology Directorate (S&T) worked with Intelligent Automation, Inc. (IAI), to build TrustMS, which deploys as code is executing to protect operating systems and apps on embedded platforms against most cyberattacks. TrustMS provides protections against exploits such as stack manipulation, buffer overflows, execution of unintended code, and even execution of an app’s code in the wrong order.

The technology monitors software as it executes, then detects attacks at the lowest levels and responds to eliminate the threat. Most significantly, it works without having to modify any source code. When a device is protected by TrustMS, its software is automatically monitored and the system will issue a customized response when attacked based on the host system’s unique circumstances. Originally created for use in mobile devices such as smart phones, the technology can now be used to protect embedded and Internet of Things devices as well.

“TrustMS is a groundbreaking technology that will help to greatly enhance the security of the most touched parts of the mobile ecosystem—devices and apps—as well as embedded systems,” said Vincent N. Sritapan, S&T Mobile Security R&D program manager. “It will give mobile and embedded device owners and users peace of mind that their devices are safeguarded against zero-day attacks. It also will significantly strengthen the entire mobile ecosystem—from mobile devices to the software that provides functionality to the backend systems that empower mobility.”

To develop TrustMS, the IAI team began by investigating how most attacks gain control of a system and identified ways to detect and prevent them from occurring. The team found that most cyber-attackers gain control of a device by attempting to make software execute code it wasn’t intended to, execute code in the wrong order, or access data it doesn’t need.

Once installed, the technology monitors a software’s execution as the program runs and detects attack scenarios. When a vulnerability is exploited, the system can detect the manipulation as the code is executing and prevent attackers from taking advantage of them, essentially inoculating a device against most cyberattacks.

TrustMS could be employed in many different sectors to protect critical infrastructure and secure operations. For instance, the security of power and gas utilities, national defense entities systems, or state, local, tribal and territorial government agencies could be boosted by it. The common denominator among them is that each deploys vast numbers of critical infrastructure equipment that are prime targets of cyber-attackers. In fact, millions of mobile and embedded systems are deployed to control critical parts of the country’s infrastructure. These systems are among the most vulnerable to cyberattacks, and any vulnerabilities they are shipped with are generally there for the life of the device. Additionally, most of these devices are deployed with little or no physical security, giving attackers unfettered access to them.

Intelligent Automation, Inc., based in Rockville, Maryland, successfully piloted TrustMS on SECO InHand’s Hydra-Q6 Tablet, and the technology is available now for licensing. SECO InHand, also located in Rockville, is a designer of embedded systems and custom portable electronics for the military, medical and industrial markets. TrustMS is now fully integrated in the Hydra-Q6, which is offered as a commercial-off-the-shelf (COTS) tablet or optimized for application-specific needs as a modified COTS device.

IAI’s collaboration with S&T and SECO InHand has resulted in the successful creation of new, deployable cyber technologies for handheld and embedded platforms. We are looking forward to continued partnerships with SECO InHand and S&T to deploy TrustMS on new technologies across the country,” said Vikram Manikonda, IAI president and CEO.

S&T notes that Intelligent Automation, Inc.,  also prototyped the security technology for Xilinx’s field-programmable gate arrays (FPGA) and is working with Xilinx’s security team to make TrustMS available to FPGA developers later this year. They will make TrustMS available for several microprocessor and FPGA development platforms by distributing it through development tools and TrustMS-secured operating systems. And IAI will continue to work with government agencies and commercial customers to integrate TrustMS with new platforms for deployment.