NSF Award
2303639
Tiny computers called microcontrollers are ubiquitous throughout our lives, technology, and infrastructure. They are in sensor networks, wearables, cars, buildings, the smart grid, and airplanes. They are part<br/>of larger computing systems, too: microcontrollers are the foundation of computer security in security keys, phones, laptops, and datacenter servers. While microcontrollers themselves underpin so many security-critical systems, their own security is ad-hoc and difficult, involving labor-intensive engineering and completely custom software. Tock is the first secure, reliable, open-source operating system designed for microcontrollers. The product of previous NSF-funded research, Tock provides the building blocks necessary to quickly build and deploy secure applications on microcontroller systems. Today, the Tock open source project is a shared resource. Companies both small and large are using Tock to build next-generation secure roots-of-trust for laptops, phones and servers, authentication devices, and automotive and other embedded applications. Hobbyists and researchers build wearables and sensor networks using Tock. Educators use Tock to teach courses in operating systems and embedded systems. This project lays the foundation to sustain the Tock open source project through documentation, developer tools, security audits, and educational resources as well as establishing stewardship over these.<br/><br/>Tock is uniquely able to provide isolation primitives in low-resource microcontrollers by leveraging novel techniques in modern, statically-typed programming languages and hardware isolation. While these mechanisms are no longer experimental (for example, Rust, the language in which Tock is written), the ecosystem lags on tools, documentation, best-practices, and educational materials for these particular use cases. This project creates educational materials for on-boarding developers to Rust and embedded systems in the context of Tock, is developing and maintaining a federated hardware-based continuous integration system to enable continuous testing across heterogeneous platforms and settings, and establishes best-practices for upstreaming contributions from a wide array of developers while maintaining a high degree of confidence in the security and reliability of the operating system.<br/><br/>This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
