| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | August 24, 2018 |
| Latest Amendment Date: | August 24, 2018 |
| Award Number: | 1816263 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Jeremy Epstein
CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | October 1, 2018 |
| End Date: | September 30, 2022 (Estimated) |
| Total Intended Award Amount: | $500,000.00 |
| Total Awarded Amount to Date: | $500,000.00 |
| Funds Obligated to Date: |
|
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
104 AIRPORT DR STE 2200 CHAPEL HILL NC US 27599-5023 (919)966-3411 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
201 S. Columbia St. Chapel Hill NC US 27599-3175 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
|
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
This project explores approaches to attack and defend the lifespan of flash storage in small mobile devices. While the project focuses on smartphones, the research is applicable to any small flash-based device that allows users to install applications, including smart watches, Internet-of-Things (IoT) devices, computerized medical equipment, and computer-managed critical infrastructure. It is well understood that, over time, writing to flash storage will physically wear out the device. This problem is considered a nonissue with respect to enterprise Solid State Drives (SSDs). However, preliminary findings of this research indicate that wear is unresolved in the context of smartphones. A malicious, unprivileged application can secretly render a phone permanently inoperable in a few short days or weeks, and current mobile systems have no protection against this attack. The risk is exacerbated by the fact that mobile device users typically trust their app store ecosystem and are in the habit of trying out third-party apps with a sense of safety. The goal of this project is to develop ways to alleviate the problem.
Our society is rapidly moving into the era of ubiquitous computing. Users depend on smartphones for wide-ranging aspects (such as commerce, education, and healthcare), and wearables and internet-connected gadgets likewise proliferate. Moreover, an increasing amount of critical infrastructure is internet-connected via small embedded devices, which may thus control physical systems. This research identifies and addresses a critical vulnerability that seriously undermines the ability of users to trust that downloading a new application will not ruin their mobile devices. If unmitigated, this vulnerability might severely hamper the usability of such devices. To address the problem, this project is studying the input/output behavior of mobile devices and applications. Based on this behavioral analysis, the project explores new attacks on and defenses for flash wear. The end goal is to create defenses that are minimally disruptive to end users, yet provide a lower bound on the lifetime expectancy of the device. This work advances the state of the art of operating systems by creating techniques to manage permanently consumable resources.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
This project investigated techniques for a malicious, but unprivileged application to attack the lifespan of mobile, embedded, and internet-of-things (IoT) devices, such as a smartphone, by wearing out the flash. Although flash wearout is a known issue, it is also considered a solved problem in enterprise-grade SSDs; the project shows that this sense of security does not extend to all flash devices. The project has yielded several highly visible publications at venues including HotOS, HotStorage and MobiSys.
Intellectual Merit: This award has generated a highly effective attack strategy, wherein an unprivileged application can ``brick'' (or, render unbootable) a range of different smartphones within days or weeks. The project further contributes a substantial dataset and analysis of Android application I/O behaviors, in order to categorize typical and atypical I/O patterns, as well as a proactive wear management scheme that requires minimal user input. Our techniques show how one can budget wear on a device, even in the presence of misbehaving applications, in order to ensure that the device lasts for its desired lifespan.
Broader Impacts: The issue of embedded flash wear-out has been highly relevant to computing practice during the life of this grant; for instance, Tesla has issued two recalls for vehicle components that failed due to embedded flash wear-out, Apple's M1 computers have seen wear issues and some SSD manufacturers have declared that certain applications may void the device's warranty. Meta has also requested our materials to develop a training course for engineers working on the Oculus system. Similarly, over the life of this project, Android has added features to help users and developers manage flash lifespan.
The PIs have also continued promoting US-Israel collaboration through regular contributions to the ACM SYSTOR conference (as well as the HotStorage workshop), now held annually in Haifa.
Last Modified: 11/14/2022
Modified by: Donald E Porter
Please report errors in award information by writing to: awardsearch@nsf.gov.
