University of Florida
April 23, 2021
11:00am - 12:00pm
Improving IoT Reliability and Security using Automated Model Extraction and Guided Analysis
The number of Internet of Things (IoT) devices has reached 26 billion in 2019. A typical IoT ecosystem consists of a variety of components including the cloud, mobile devices, edge devices, and (un)constrained IoT devices. Although each component in IoT comes with unique capabilities and challenges, the system software that runs on each type of IoT component forms an important part of the IoT attack surface. Therefore, the ability to perform precise and scalable analysis of system software and to detect deep system vulnerabilities throughout the IoT ecosystem are critical for IoT reliability and security. Despite recent advances in program analysis techniques and decision procedures, the complexity of system software creates challenges in terms of scalability and precision. In this talk, I will introduce Model Extraction and Model Guided Analysis as an approach for effective and scalable analysis of system software. The idea is to use extracted models as oracles in a client analysis, where the client analysis can become a model extraction step for another client analysis, and so on. I will present our experience with Model Extraction and Model Guided analysis in the context of USB and Bluetooth firmware and protocol stacks, Linux device drivers, and cryptographic libraries. I will specifically discuss the motivations, challenges, and our achievements using the tools and methodologies we have developed including FirmUSB, ProXray, MOXCAFE, and PROMPT. I will conclude with a vision and a roadmap for Model Extraction and Model Guided Analysis to support the reliable and secure development and evolution of IoT frameworks.
Dr. Tuba Yavuz is currently an Assistant Professor at the Electrical and Computer Engineering Department of University of Florida (UF). She is also affiliated with the Nelms Institute for the Connected World and the Florida Institute of Cyber Security Research (FICS) at UF. She received her Ph.D. in computer science from the Computer Science Department of University of California, Santa Barbara in 2004. Her research areas include formal methods, software engineering, and system security. She has recently developed tools and techniques for detecting vulnerabilities and malicious behavior in system software. She received an NSF CAREER Award in 2020 to develop automated model extraction techniques to improve IoT reliability and security.