Tech Blog: Automated Malware Detection for Life-Critical Systems

Funded by the US National Science Foundation and an International Research and Program Development (IRPD) Grant from the University of Arizona, Roman Lysecky, PhD, professor at the University of Arizona Department of Electrical and Computer Engineering has created multi-modal software for life-critical systems (e.g., pacemakers, insulin pumps, radiation therapy, clinical laboratory systems, autonomous vehicles, airplanes, etc.), which allows the user to interact with the system through various modes.

We had the opportunity to get an inside look at Dr. Lysecky’s lab, where he explained the impact his invention could have on the medical world.

TLA: Tell us about the background of your invention.

Lysecky: My prior research was on runtime optimizations that would profile how a system was executing, identify the common execution patterns, and optimize the system to improve performance or reduce energy consumption. As part of that research, we developed very efficient ways to accurately profile the system execution. That then led us to consider how that profiling capability could be transformed to enable efficient malware detection. We then focused on the malware detection for embedded systems (i.e., computing systems embedded in other systems, such as computers embedded within medical devices or automobiles). Detection was just part of the solutions. This eventually led us to creating a comprehensive framework for efficient malware detection and automated mitigation that could change the system execution to reduce harm to users (e.g., patients using medical devices, passenger within vehicles).

TLA: What problem does it solve?

Lysecky: Current approaches to deal with vulnerabilities found within life-critical systems (pacemakers, insulin pumps, radiation therapy, clinical laboratory systems, autonomous vehicles, airplanes, etc.), require either firmware updates or replacing the faulty device. For example, some recent recalls of pacemakers may require the devices to be replaced, which requires very invasive surgery. Similarly, firmware updates for life-critical systems often require oversight during the updates to ensure safety for users. In both cases, such updates are not fixed as soon as a vulnerability is found. Instead, users remain vulnerable for a prolonged period of time awaiting corrections. Our technology solves these problems by automatically detecting threats and reconfiguring the system into a different operational mode to mitigate the threat. This ensures continuity of these life- critical operations.

TLA: Who would be the top beneficiaries of a technology like this?

Lysecky: Any life-critical embedded systems would benefit from this technology. We’ve demonstrated the capabilities of these techniques for medical devices, but the automated threat detection and mitigation would be highly advantageous for other systems such as automobiles, autonomous vehicles, critical infrastructure, military systems and more.

TLA: What are you most excited about with this going forward?

Lysecky: We are really excited to transfer this technology from the proof-of-concept we have developed in the lab to commercial products. In particular, we'd love to see this technology become a core requirement of all connected medical devices. Given that we’re depending more and more on these systems, and—as we all know—systems go through failure, this will be a great way to manage these inherent faults, and help save lives as problems are addressed.

Interested in learning more about this invention? Would you like to talk to us about licensing opportunities? Visit the link below for details and contact information.

UA18-226: Runtime Adaptive Risk Assessment and Automated Mitigation(link is external)

Also, check out these related technologies:

UA19-123 Wireless Wearable Biological Signals(link is external)

UA16-054 Method for Securing Wireless Communication at the Physical Layer(link is external)