Brain Computing Interface (BCI) technologies, both invasive and non-invasive, are increasingly used in a wide range of applications, from health-care to smart communication and control. Most BCI applications are safety-critical or privacy-sensitive. However, the infinite potentials of BCI and its ever-growing market size have been distracted the BCI community from significant security and privacy threats. In this research, we first investigate the security and privacy threats of various BCI devices and applications, from machine learning adversarial threats to untrusted systems and malicious applications. Then, we propose a hybrid framework for analyzing and mitigating these threats utilizing effective combinations of ML robustness techniques, information flow control, and systems/hardware security.

Internship Projects:

  • Security analysis of BCI systems. In this project, you explore the impact of current security threats on BCI stacks, including applications, frameworks, libraries, and systems abstractions. You will also investigate the possibility of new attack vectors and build tools to make the security analysis easier and more fun/automatic. You need to have development skills with C/C++ and scripting languages (e.g., Python). Experience with embedded devices, OS and sandboxes, reverse engineering, and threat analysis is preferred.
  • Adversarial attacks on BCI. In collaboration with Lorena Qendro , you explore various methods to detect and analyze security threats on BCI ML models, including attacks based on perturbed inputs, inference, and model patterns. You need to have development skills (e.g., C, C++, Python) and experience with at least one ML/Deep Learning framework such as PyTorch or TensorFlow. Previous work on embedded devices and adversarial attacks is preferred.
  • Mitigation and Defense-in-Depth. As a part of this project, you work with us to design and build efficient mitigation and isolation techniques for various BCI use cases. We work on both ML and systems mechanisms for providing a secure and privacy-preserved BCI framework.

    • Please submit your CV to this email.

    >

    Compartmentalization and Isolation

  • Dispersed Compartments. We are working on a new approach for building applications that encapsulate arbitrary isolation boundaries across privilege levels instead of the traditional process abstraction. There are several ongoing/future projects, including improvement of our OS abstractions, adapting new hardware security features (e.g., TME, CHERI), or porting the system to different hardware architectures (e.g., RISC-V), OSs, TEE systems, and Unikernels. Ping me if you like to chat.
  • Security analysis of WASM-based TEEs/enclaves. WebAssembly-based TEE frameworks are popular but their security impacts are not explored well. In this project, we would explore existing attacks and security threats on WASM-based enclaves/TEE systems, investigate the possibility of new attack vectors, and build security analysis and mitigation tools.