Ph.D. student Maxwell Bland nominated for RSAC Security Scholar Program


Lauren Laws, CSL

They’re the next generation of cybersecurity professionals, and a UIUC Ph.D. student is counted among them.

Information Trust Institute (ITI) graduate student researcher Maxwell Bland will be one of 50 handpicked undergraduate, master’s and Ph.D. students from across 34 universities attending the RSA Conference in the Security Scholar Program. He was nominated by ECE Illinois Professor David M. Nicol, ITI Director and the Herman M. Dieckamp Endowed Chair of Engineering. 

The program connects up-and-coming cybersecurity students to thought leaders, industry luminaries, peers, and conference attendees, with the goal to share knowledge, experience, and connections to stay ahead of cyberthreats.

Maxwell BlandBland’s recent work focuses on verifying cyber-physical systems, specifically developing techniques to analyze embedded systems. Those are systems that are used to control things, such as airplanes, nuclear power plants, and more.

Bland co-authored a paper that was recently presented at the 2020 USENIX Security Symposium, called “Jetset: Targeted Firmware Rehosting for Embedded Systems.” He, along with two other researchers, developed a software for interpreting the hardware interactions of a Boeing 737’s Communication Management Unit (CMU). From that, Bland was able to develop a bootloader, or operating system, and malware for the CMU. The team disclosed that, along with more than 2,000 other faulting software paths to UTC Aerospace.

“Max was essential to the success of the Jetset project,” said Kirill Levchenko, ECE Associate Professor and Bland’s advisor. “He is currently leading several other projects that will make it easier to test the security of cyber-physical systems.”

Levchenko is also a faculty member in ITI and the Coordinated Science Lab.

Bland is also working on software to help understand the dynamics of multi-system interactions. In other words, how signals sent out by a machine or physical anomaly can affect or control other machines.

“At the heart of my work there are interesting questions about information theory,” said Bland. “My papers demonstrate how information (about hardware, about physical interactions) flows into, through, and out of a system, one key takeaway being that the only perfect model of a system is the system itself.”

The RSA Conference will take place in San Francisco at the Moscone Center from February 7-10. Bland will have a chance to present his research during the RSAC Security Scholar Poster Board Session.