CAREER: Toward Securing Emerging Computing Platforms via Large-Scale Dynamic Analysis

Sponsor: National Science Foundation

Award Number: CNS-1942793

PI: Manuel Egele

Abstract:

The Internet of Things (IoT) is poised to permeate all aspects of our daily lives, from already existing smart home assistants, over increasingly popular industrial applications, to yet to be developed personal health devices. Clearly, these technologies offer exciting and new opportunities, yet the software and devices that comprise the IoT encompass serious security threats. While analysis tools for commodity systems, such as Windows or Android, allow developers to scan their products for potential security vulnerabilities, the landscape of the IoT poses additional, unique challenges for bringing such security tools to bear. These challenges include the heterogeneity of the architectures, operating systems, and software stacks employed by the IoT, the rapidly changing capabilities and deployments of IoT systems, and the sheer number of different IoT gadgets. Hence, any analysis aiming to improve the security of the IoT must be able to accommodate this diversity.

The investigator’s prior work demonstrated that security-focused analysis for Linux-powered IoT devices can greatly improve the security of the supported devices and their users. However, prior research also revealed that there is a substantive body of IoT devices and software that either relies on operating systems other than Linux, or no operating system at all. Thus, this project will research and develop novel scalable dynamic analysis techniques that help developers and security analysts to proactively identify potential security issues in contemporary IoT systems. The resulting analysis will support reasoning about various layers of abstraction in the computing stack, including user space, kernel space, and, importantly, so-called bare metal code that executes directly on an IoT device’s CPU without the help of an operating system. These analysis will be brought to bear on a large collection of software powering the IoT, resulting from the investigator’s prior research augmented with IoT software to be collected during the project. By covering this broad spectrum of the IoT, this project holds the promise to significantly improve the security of current and future IoT systems.

This award reflects NSF’s statutory mission and has been deemed worthy of support through evaluation using the Foundation’s intellectual merit and broader impacts review criteria.

For more information: click here