Tock Logo

MobiSys 2025 Tock Tutorial

Tock, Secure Root-of-Trust, and IoT

We will be holding a full-day tutorial at MobiSys on the Tock Operating System. This event will take place on June 27, 2025.

The goal of this tutorial is to provide members of the mobile systems and computing community a contemporary guide to the foundations of security for modern computational systems.

The event is divided into four semi-independent sessions. The first session invites TBD: lightning talks? posters? what do we want to solicit?

Each of the subsequent technical sessions is a mixture of educational content and hands-on hardware experience. Over the course of the day, we will develop an end-to-end system which dynamically deploys signed, verified applications onto edge, microcontroller-class devices where the application will generate a stream of tamper-proof sensor readings for a cloud endpoint.

While participants are encouraged to attend for the full day, each session aims to be sufficiently standalone to allow “drop-ins” for different portions of the event.

Call For Lightning Introduction Talks

We encourage participants to submit one slide introducing themselves and their research area. During the first session of the tutorial we will invite participants who submitted a slide to introduce themselves, their background, and their interest in secure IoT operating systems. Our goal is to get better sense of the participants in the tutorial so we can facilitate a more interactive tutorial and adapt some of the content based on participant interest and background.

Please submit your slide here in either .pdf or .pptx form.

If capacity for the tutorial is reached priority will be given to participants who have submitted an introduction slide.

Times are estimates for planning flow Pat just made up for the moment.

[1hr] Session 0: Welcome, Getting Started, & Lightning Talks
Chair: Pat Pannuto, UC San Diego
8:45 (10m) Welcome, Intro to Tock, and Overview of the Day
8:55 (5m) Setting up your development environment
  • Get folks started on this.
  • Work independently on these (high-latency, low-interaction) steps during the rest of the session.
9:00 (45m) Introduction Lightning Talks
  • 1 slide / person, 2 minutes
  • Tell us a bit about who you are and what your research area or background is.
  • Interactive at all?
9:45 (10m) Coffee Break
[2hr] Session 1: Roots of Trust
Chair: Kat Fox, ZeroRisc
10:00 (50m+10m) A Primer on Roots of Trust
  • What is a RoT?
  • Examples of RoTs you use already? (Directly, e.g. SecureEnclave; Indirectly, e.g. cloud)
  • Top-Down: What does RoT provide platform, app developers? Why does mobile/edge computing care about RoT?
  • Bottom-Up: What is required to act as a RoT? From HW? SW?
  • Demo??
  • Open challenges / concerns / problems for RoT / security ecosystem around them?
  • Q&A
11:00 (25m+5m) TockOS as firmware for RoT
  • What is Tock (quickly; avoid re-hash of Session 0 Intro)? Who is using Tock as part of RoT solution today?
  • What parts of "what defines a RoT" does Tock provide?
  • What does Tock provide above and beyond bare metal / minimal RoT firmware?
  • Understand trust boundaries, relationships? What "parts of Tock" are "parts of the RoT"?
  • What does a mobile developer, edge device developer gain from RoT+Tock? Transition to hands-on component?
11:30 (30m) Interactive Session
  • Maybe: Turn nrf52840dk into a U2F token?
12:00 [1h] Lunch
[1hr45m] Session 2: Dynamic Applications and Security-by-Policy
Chair: Viswajith Govinda Rajan, University of Virginia
13:00 (20m+10m) A Policy-Based Approach to Secure and Flexible Platform Deisgn
  • Dynamic app loading—what's different on embedded, different concerns on RoT platform, especially with mixed use cases?
  • App identity in Tock (mabye sig's / enforcement etc too)?
  • OS/platform policy approach, runtime flexibility, etc; some dive into the implementation
  • Specific examples, maybe use as transition to hands-on part?
  • Q&A
13:30 (75m) Interactive Session
  1. Basic interaction with multiple, static processes on Tock
  2. Process loading example [how to "get" other apps? in-binary, DFU USB, Thread?]
  3. Policy enforcement for dynamic apps
  4. Example of security / attacker scenario Tock protects against
14:45 [15m] Coffee Break
[1hr45m] Session 3: Networking and End-to-End Integration
Chair: Tyler Potyondy, UC San Diego
15:00 (10m+5m) Thread Networking Primer
  • What networking options does Tock provide?
  • What is thread, why focus on it?
  • How does thread work, how does Tock implement Thread?
  • What can we do with Thread?
  • How do Tock apps share a Thread network connection?
15:45 (30m) Interactive Session
  1. Basic interaction with Thread networking on Tock
  2. Running multiple processes which all use Thread
16:15 (10m+5m) End-to-end Examples / Security in distributed environments
  • What does trust look like across multiple endpoints? Edge, mobile, cloud?
  • Scenario: Deploy app to collect trusted data
  • (walk through security model/steps to): Get new app loaded on (semi-?)trusted(?) platform [maybe Signpost as motivating example?]
  • (walk through security model/steps to): Have the app create authenticated sensor measurements, sent over untrusted network, to trusted cloud endpoint
16:30 (30m) Interactive Session (Implement scenarios above)
  1. Remote-load of a trusted app
  2. Demonstrate e2e signed data to cloud endpoint
17:00 Wrap-up, feedback, etc