Adaptive Vulnerability Detection in IoT Ecosystems
- 講者黃暐倫 先生 (University of Michigan)
邀請人:楊柏因 - 時間2024-04-02 (Tue.) 10:00 ~ 12:00
- 地點新館106會議室
摘要
IoT applications are ubiquitous in our daily lives. They collect sensitive user data, help users make critical decisions, and are thus popular targets of security attacks. Most IoT applications run with real-time constraints and limited compute resources, so it is undesirable and sometimes infeasible to patch their vulnerabilities on the fly. IoT vendors detect and remove vulnerabilities in their products beforehand to reduce the need for on-the-fly patches. However, it is hard to design vulnerability detection for general IoT applications since they run on diverse platforms and serve a wide range of purposes.
In this talk, I will share my Ph.D. research on vulnerability detection for general IoT applications. To resolve the challenges posed by the diversity in application platforms and purposes, I have designed several approaches that adapt to the observed executions of IoT applications under test. (1) ES-Fuzz boosts the coverage of firmware fuzz-testing by refining stateless and fixed peripheral models into stateful and adaptive ones. This refinement runs iteratively on the observed high-coverage executions of firmware under test. (2) BLE-Cracker assesses the location privacy of Bluetooth LE (BLE) devices by their data in BLE advertisements. It monitors the BLE traffic in an area, estimates the exploitability of each data therein for area-specific device tracking, and enables real-time tracking attacks in the area that adapt to the latest estimates. (3) Cipherfast mitigates ciphertext side channels in crypto software running on AMD EPYC automatically. It hardens crypto software at the LLVM-IR level rather than the binary level, thus lowering the run-time overhead of masking-based solutions and enabling nonce-based solutions. It adapts side-channel detection from the binary level to the LLVM-IR level by tracing the executions of software under test. My works have respectively improved the security of end devices (leaf nodes), device communications (edges), and the cloud (powerful core) in an IoT ecosystem.
In this talk, I will share my Ph.D. research on vulnerability detection for general IoT applications. To resolve the challenges posed by the diversity in application platforms and purposes, I have designed several approaches that adapt to the observed executions of IoT applications under test. (1) ES-Fuzz boosts the coverage of firmware fuzz-testing by refining stateless and fixed peripheral models into stateful and adaptive ones. This refinement runs iteratively on the observed high-coverage executions of firmware under test. (2) BLE-Cracker assesses the location privacy of Bluetooth LE (BLE) devices by their data in BLE advertisements. It monitors the BLE traffic in an area, estimates the exploitability of each data therein for area-specific device tracking, and enables real-time tracking attacks in the area that adapt to the latest estimates. (3) Cipherfast mitigates ciphertext side channels in crypto software running on AMD EPYC automatically. It hardens crypto software at the LLVM-IR level rather than the binary level, thus lowering the run-time overhead of masking-based solutions and enabling nonce-based solutions. It adapts side-channel detection from the binary level to the LLVM-IR level by tracing the executions of software under test. My works have respectively improved the security of end devices (leaf nodes), device communications (edges), and the cloud (powerful core) in an IoT ecosystem.