*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Title: Towards Evaluating the Security Risks of Using Third-party Components in IoT Firmware
Committee:
Dr. Beyah, Advisor
Dr. Zonouz, Chair
Dr. Saltaformaggio
Dr. Ji
Abstract: The objective of the proposed research is to evaluate the security risks of using third-party components (TPCs) in IoT firmware. Currently, more and more IoT devices integrate a wealth of TPCs in firmware to shorten the development cycle. Nevertheless, adopting TPCs in IoT firmware may lead to serious consequences. In this proposal, we explore the security issues raised by TPCs in IoT firmware in three steps. First, we present a comprehensive overview of the security issues in real-world IoT devices. We confirm that many N-days vulnerabilities caused by TPCs are still endangering a great number of IoT devices. Second, we conduct a large-scale empirical analysis of the vulnerabilities introduced by TPCs in IoT firmware. We design and implement FirmSec, the first scalable and automated framework to analyze the TPCs used in firmware and identify the corresponding vulnerabilities. Finally, we study the TPC usage violation problem in IoT firmware. To achieve this goal, we propose an NLP-guided and rule-driven method to detect TPC usage violations in IoT firmware.
