Automated Malware Detection for Life-Critical Systems
Funded by the National Science Foundation and an International Research and Program Development grant from the University of Arizona, UA electrical and computer engineering professor Roman Lysecky has created multimodal software for life-critical systems -- including pacemakers, insulin pumps, radiation therapy, clinical laboratory systems, autonomous vehicles and airplanes -- that allows the systems to automatically detect and mitigate threats.
Tech Launch Arizona, the office of the UA that commercializes inventions stemming from research, got an inside look at Lysecky’s lab, where he explained the impact his invention could have on the medical world.
TLA: Tell us about the background of your invention.
Lysecky: My prior research was on runtime optimizations that would profile how a system was executing, identify the common execution patterns, and optimize the system to improve performance or reduce energy consumption. As part of that research, we developed very efficient ways to accurately profile the system execution. That then led us to consider how that profiling capability could be transformed to enable efficient malware detection. We then focused on the malware detection for embedded systems (i.e., computing systems embedded in other systems, such as computers embedded within medical devices or automobiles). Detection was just part of the solutions. This eventually led us to creating a comprehensive framework for efficient malware detection and automated mitigation that could change the system execution to reduce harm to users (e.g., patients using medical devices, passengers within vehicles).
TLA: What problem does it solve?
Lysecky: Current approaches to deal with vulnerabilities found within life-critical systems -- such as pacemakers, insulin pumps, radiation therapy, clinical laboratory systems, autonomous vehicles and airplanes -- require either firmware updates or replacing the faulty device. For example, some recent recalls of pacemakers may require the devices to be replaced, which requires very invasive surgery. Similarly, firmware updates for life-critical systems often require oversight during the updates to ensure safety for users. In both cases, such updates are not fixed as soon as a vulnerability is found. Instead, users remain vulnerable for a prolonged period of time awaiting corrections. Our technology solves these problems by automatically detecting threats and reconfiguring the system into a different operational mode to mitigate the threat. This ensures continuity of these life-critical operations.
TLA: Who would be the top beneficiaries of a technology like this?
Lysecky: Any life-critical embedded systems would benefit from this technology. We’ve demonstrated the capabilities of these techniques for medical devices, but the automated threat detection and mitigation would be highly advantageous for other systems such as automobiles, autonomous vehicles, critical infrastructure, military systems and more.
TLA: What are you most excited about with this going forward?
Lysecky: We are really excited to transfer this technology from the proof-of-concept we have developed in the lab to commercial products. In particular, we'd love to see this technology become a core requirement of all connected medical devices. Given that we’re depending more and more on these systems, and -- as we all know -- systems go through failure, this will be a great way to manage these inherent faults, and help save lives as problems are addressed.