Integrating CHERI-based Security Measures into IoT Systems
Lead
SecTech Innovations LTD
Research leads
Dr. Sami Ullah
Focus
Integrating CHERI-based Security Measures into IoT Systems” focuses on addressing inherent memory vulnerabilities within industrial PLCs. These vulnerabilities — exemplified by issues like CVE-2023-3595 — pose significant risks to automation systems, as traditional, reactive defences often prove insufficient.
Goals:
The project is structured around two primary objectives:
Simulate and Expose Vulnerabilities: Develop a PLC testbed that accurately replicates real-world memory vulnerabilities, including buffer overflows and heap corruption within systems running protocols like Modbus/CIP
Demonstrate Hardware-Enforced Safety: Validate the CHERIoT-PLC design, which integrates a CHERIoT ( running on FPGA) with OpenPLC to enforce capability-based memory safety, thereby preventing exploits at the hardware level.
Progress
The project is currently in an active development phase, with ongoing testing and refinements aimed at enhancing the testbed’s fidelity and security mechanisms.
Update:
View regular updates on this projects progress here: https://www.discribehub.org/s/actionableInsights.pdf