"Research Team Looking to Patch Code in Embedded Systems, Aid in Cybersecurity"
A team of researchers from Purdue University, the University of California, Santa Barbara, and Swiss Federal Institute of Technology Lausanne (EPFL) received a $3.9 million grant from the Defense Advanced Research Projects Agency (DARPA) in support of research aimed at improving the process of patching code in vulnerable embedded systems. Their project titled "Assured Micropatching" is expected to last four years. Many embedded systems, such as those found in trucks, planes, and medical devices, run old code for which the source code and original compilation toolchain are no longer available. Many of the older software components in these systems are known to be vulnerable but patching them to fix vulnerabilities is not always possible or easy. Patching a vulnerability without source code requires directly editing the binary code. Furthermore, even in a patched system, there is no guarantee that the patch will not interfere with the device's original functionality. Because of these difficulties, the researchers claim the code running in embedded systems is frequently left unpatched, even when it is known to be vulnerable. The approach proposed by the team involves defining and validating a set of properties that a patch must have to ensure it does not interfere with the device's original functionality. Their work also intends to create automatic and minimal code patching for devices vulnerable to cyberattacks. This article continues to discuss the team's project on patching code in embedded systems.