Detection and Mitigation of Malicious Modifications on the Minnowboard Turbot

Presenter: Bryan Koch

Research Category: Computer and Information Sciences
Student Type: Graduate
PI: Agnes Chan
Award Winner Category: Computer and Information Sciences

Malicious modifications affecting the hardware or firmware of commercial off-the-shelf (COTS) devices is far more persistent than traditional software-based malware, and can be hard to detect and remove once the devices are deployed in an organization. This research analyzes and proposes cost-effective procedures to detect and mitigate malicious modifications associated with the supply chain of the Minnowboard Turbot, an open-source COTS device. Findings demonstrate that screening hardware with existing quality assurance techniques and installing clean firmware on the device can successfully mitigate most of the supply chain risks. These procedures and risk analysis provide a road map for identifying supply chain risk on other commercial off-the-shelf devices.