Visible to the public Cloud-Assisted IoT Systems Privacy--2020Q4Conflict Detection Enabled

Submitted by FengjunLi on Thu, 01/07/2021 - 5:12pm

PI(s), Co-PI(s), Researchers: Fengjun Li, Bo Luo

HARD PROBLEM(S) ADDRESSED

The goal of this project is to develop principles and techniques to model privacy needs, threats, and protection mechanisms in cloud-assisted IoT systems. The work aims to address the hard problems of resilient architectures, security metrics as well as scalability and composability.

PUBLIC ACCOMPLISHMENT HIGHLIGHTS

In this quarter, we continue working on two projects.

  • The first project is to analyze privacy information leakage in IoT applications and cross-app interactions. We added a few new privacy leakage scenarios to our IoT Privacy Checker, in which private information about the user can be leaked by linking multiple data attributes collected by different apps, while each single attribute is not privacy-sensitive.
  • The second project is about IoT device firmware security analysis. Finding bugs in microcontrollers (MCUs) is challenging, even for device manufacturers who own the source data. Many existing sophisticated software testing tools on x86 cannot be directly used, because the MCU runs different instruction sets than x86 and exposes a very different development environment. To maintain a unified developing and testing environment, a straightforward way is rehosting that re-compiles the source code into the native executable for a commodity machine, however, ad-hoc re-hosting is a daunting and tedious task and subject to many issues such as library dependence, kernel dependence and hardware dependence. To tackle this challenge, we systematically explored the portability problem of MCU software, and proposed a novel para-rehosting approach to ease the porting process. Our result has been accepted by the 2021 NDSS conference.

PUBLICATIONS

  • Wenqiang Li, Le Guan, Jingqiang Lin, Jiameng Shi, Fengjun Li, "From Library Portability to Para-rehosting: Natively Executing Microcontroller Software on Commodity Hardware," in NDSS 2021. (accepted)

  • Bo Luo, Razvan Beuran, and Yasuo Tan. Smart Grid Security: Attack Modeling from a CPS Perspective. In IEEE Computing, Communications and IoT Applications Conference (ComComAp), December 20-22, 2020.

COMMUNITY ENGAGEMENTS

N/A

EDUCATIONAL ADVANCES

N/A

Groups: