Msb Associates STTR Phase I Award, January 2021

Memory sticks are a convenient mechanism for portable data storage and transfer. Unfortunately, the embedded microcontroller required to present raw flash as a USB peripheral exposes an attack surface that can enable privilege escalation on a host computer even in the presence of tamper-resistant device designs, data encryption, and host protections such as anti-virus software. We propose Twizzler, a novel operating system for secure embedded devices, as a means to secure memory sticks against these and other threats. Twizzler is a customizable, small footprint operating system designed for low-latency and high-bandwidth access to byte-addressable persistent memory, providing a flat privilege model with no superuser role. We intend to extend the current Twizzler code base to include: a system of cryptographically signed capabilities which form the basis for security contexts, a flexible and secure replacement for roles, integrate Twizzler's content-based, verified object names with the state-of-the-art in secure boot technology, and develop secure gated APIs as a fine-grained replacement for system calls and IPC. These extensions to Twizzler's 5000 line kernel (which is already amenable to formal verification) will ensure a system based upon least privilege, data integrity, and fine-grained isolation.