Undergraduate ECE Students Get Recognition from CRA for Solutions to Issues of the Modern World

With the ever-expanding scope of the internet and cloud computing, ensuring security and robustness are among the biggest priorities. Failing to track the contents of cloud instances (such as virtual machines or containers) limits efficiency, and puts sensitive information at risk as highlighted by the 2016 Mirai Internet-of-Things (IoT) botnet and the 2017 Equifax Breach

Headshot of Sadie Allen

In conjunction with BU’s Performance and Energy Aware Computing Lab (PEACLab), Sadie Allen developed a cloud content monitoring system, and John Mikulskis with BU’s Networking and Information Systems Lab developed an IoT network mapping and penetration testing tool. 

Allen’s research with PEACLab contributed to the development of Praxi, a solution to the cloud monitoring problem. It’s an efficient, scalable method which uses a machine learning algorithm to identify recurring patterns in software installations and alert cloud administrators to any vulnerabilities.

The comprehensive, hands-on tutorial about the approach was presented at the International Conference on Cloud Engineering in Prague and the ACM IFIP Middleware 2019 conference with her colleague, Anthony Byrne. 

Since then, Allen’s developed a code framework and proof-of-concept for a modified version of Praxi which can detect individual versions of software applications.

John Mikulskis with poster and live demo of Snout at ACM CCS

Mikulskis and Johannes K Becker, a PhD student, developed Snout, a software-defined, radio-based network scanning tool for IoT networks. The applications of IoT devices range from the most modern pacemakers and bluetooth enabled headphones to automated bluetooth thermostats. 

At this stage, Snout can detect vulnerabilities in Zigbee devices; getting the same functionality for Bluetooth devices is in progress. Mikulskis and his partners in BU’s Networking and Information Systems Lab plan to continue their work on Snout and see it through to full functionality. 

Ultimately, the tool will lend itself to detecting more vulnerabilities of IoT devices. As for real world application Mikulskis explains the finished technology would appeal to security researchers, IoT developers, CISOs and network managers, and amateur developers given their focus on code readability.

Both students were given honorable mentions by the Computing Research Association for their research and developments.