< Back to previous page

Project

Security Hardening Support during the Development and Maintenance of Embedded Devices

The Internet-of-Things has already proven valuable. Embedded devices are being connected to the internet, with plenty of potential applications and often a reduction in development costs. Moreover, devices are provisioned with multiple communication technologies and mobile devices are used to control these devices. Simple devices such as sensors, coffee machines, refrigerators and lights can now be controlled remotely through the smart phone. Connecting these smart appliances with IT infrastructure has great potential. But with great power comes great responsibility. Previously, the potential attacks on embedded devices were limited, and during design and development, security was of a lesser or no concern. Connecting those devices to IT infrastructure drastically increases the harm that may be done by hacking those devices. Not only hacking the device itself is an issue, IoT systems have been used as a leverage to intrude private networks resulting in much greater damage than the device could ever do. While security should be an inherent part of the design of new devices, not every company has the means and expertise to do this appropriately. Moreover, for existing devices it is often too late to properly integrate security. Therefore, during the testing phase of the secure development lifecycle, devices are analyzed automatically in order to detect newly introduced and unknown issues, potentially not tackled in former steps of the development lifecycle. Numerous tools are available or added daily that perform static of dynamic security analysis of devices. However, the results of such tools are often overwhelming especially for developers and managers with little security expertise. This PhD will focus on shaping the feedback coming from security analysis tools towards IoT developers during the development of embedded devices. Moreover, it aims at decreasing the need of hard core security expertise to figure out whether some vulnerability is indeed a vulnerability, to determine if it is critical or not, and what’s the best approach to tackle the issue. This work will help those developers in taking the appropriate actions before those devices are released to the public. The research questions to be addressed in this PhD work are: • What are the most important threats and vulnerabilities common to IoT systems? • How can we filter out false positive vulnerabilities? • How do we determine which vulnerabilities and threats are relevant for the system under consideration? • How can those results from the security analysis get turned into actionable insights and meaningful feedback?

Date:24 Nov 2021 →  Today
Keywords:IoT, Security, Testing
Disciplines:Computer system security
Project type:PhD project