EECS500 Fall 2012 Department Seminar

Stephen Checkoway
Motors, Voters, and the Future of Embedded Security
Johns Hopkins University
White Bldg., Room 411
11:30am - 12:30pm
November 15, 2012

The stereotypical view of computing, and hence computer security, is a landscape filled with laptops, desktops, smartphones and servers; general purpose computers in the proper sense. However, this is but the visible tip of the iceberg. In fact, most computing today is invisibly embedded into systems and environments that few of us would ever think of as computers. Indeed, applications in virtually all walks of modern life, from automobiles to medical devices, power grids to voting machines, have evolved to rely on the same substrate of general purpose microprocessors and (frequently) network connectivity that underlie our personal computers. Yet along with the power of these capabilities come the same potential risks as well. My research has focused on understanding the scope of such problems by exploring vulnerabilities in the embedded environment, how they arise, and the shape of the attack surfaces they expose. In this talk, I will particularly discuss recent work on two large-scale platforms: modern automobiles and electronic voting machines. In each case, I will explain how implicit or explicit assumptions in the design of the systems have opened them to attack. I will demonstrate these problems, concretely and completely, including arbitrary control over election results and remote tracking and control of an unmodified automobile. I will explain the nature of these problems, how they have come to arise, and the challenges in hardening such systems going forward.


Stephen Checkoway joined Johns Hopkins University's Department of Computer Science in Fall 2012. Checkoway earned bachelor's degrees in mathematics and computer science from the University of Washington in 2005 and his Ph.D. in computer science in 2012 from the University of California, San Diego. His Ph.D. advisor was Hovav Shacham. Checkoway is a member of the Johns Hopkins University Information Security Institute. His research interests include systems security and the security of electronic voting.