During the last decade we witnessed the growth of the so-called Internet-of-Things (IoT) revolution: millions of devices interconnected through the Internet that actively support our everyday tasks. IoT devices are today pervasive in extremely diverse scenarios: from leisure applications and home automation setups up to industrial settings where intelligent machines have today taken the place of humans in production lines. Such a growing trend is expected to further accelerate in the forthcoming years. However, great opportunities come with their own risks.
Recently, several global attacks that involved embedded devices (e.g. the Mirai botnet and its derivatives) demonstrated that IoT systems are affected by severe vulnerabilities that can be exploited to launch cyberattacks of sheer size. This reality will hardly change as several devices are designed such to minimize their price, cutting all non-essential costs, including costs for security screening and software quality assurance. Most of the vulnerabilities are present in the firmware of the devices, which will probably see no updates during the device's lifespan.
Governments are today taking steps to mitigate such problems by requiring security certification for embedded devices (e.g., the EU cybersecurity certification framework). The costs of this process are however today very large, as each firmware needs to be manually analyzed: a complex and time-consuming task for highly skilled experts. Without further technical evolutions in the field of security for embedded devices, this approach will simply not scale.
This project aims to study a comprehensive solution for vulnerability lifecycle management in IoT firmware through 3 objectives: binary quality assessment, practical attestation, and vulnerability situation awareness. These three goals, synergically exercised, will provide a scalable framework for IoT firmware security analysis.
In general, the proposed synergic approach will provide new tools and methodologies for the management of vulnerabilities in IoT networks, with a potentially strong practical impact. From a scientific standpoint, we expect stronger state of the art advancement to happen in the specific objective as reported below.
Obj1 - The innovations that we will pursue with Obj1 are divided into the novelty of (part of) our goals and the innovation in the methodology that we propose. Regarding the goals, as far as we know, no one has investigated the detection of code smells in compiled code. This is surprising and it is a well defined and worth investigating research question. Therefore, we will advance the state of the art by investigating this possibility either with a negative answer (providing evidences on the infeasibility of detecting code smells in compiled code using the current SoA in statistical software analysis) or with a positive answer (showing a tool that is able to detect some code smells).
This goal will be pursued using a new methodology, as a matter of fact Transformer-based solutions and GNN have not been previously used in the domain of code smell detection (while plenty of works have used SVM, Random Forest and other non deep learning techniques [4]). Since both techniques have shown top-class performance on several program analysis tasks [2,14], we believe that their investigation in the code smell detection realm is reasonable and needed.
Obj2 - Most of the attestation schemes employ specialized hardware, and some of them employ hardware-software co-design to carry out their attestation schemes. In existing deployments, however, the presence of such components is unlikely. The project looks into solutions that are practical even for existing deployments, studying necessary trade-offs between security and usability of such techniques. The static scenario where the network does not change during the CRA protocol has been widely exploited. Thus we will mainly focus on designing efficient CRA protocols for dynamic networks or optimized for emerging technologies, such as Fog [9] or Edge [13] networks.
To the best of our knowledge, few CRA protocols [3] are eligible for dynamic networks or networks with intermittent connectivity. SALAD is able to provide a reliable list of attestation results, but the protocol is expensive to run. PADS is really efficient, but relies on a fixed bitmask where a couple of bits is associated with each device, making the protocol unsuitable for scenarios where devices continuously join or leave the network. The recently proposed Bloom filter-based CRA solves the problem, but provides only an approximated number of compromised devices, without identifying them. We therefore aim to develop new protocols that are efficient, scalable, and able to exactly identify compromised devices to be analyzed in Obj3.
As far as we know, nobody has investigated so far CRA protocols that leverage novel IoT architectures as edge/fog computing. Remote attestation solutions should be validated to secure such new architectural schemes. Moreover, collective remote attestation protocols should be tailored around fog or edge architectures by first aggregating attestation reports locally, and later broadcasting aggregated results for their fusion.
Obj3 - The main innovation resulting from the research related to this objective is the capability to dynamically adapt the situation assessment in time. Practically speaking, this will result in three practical innovation directions: (i) innovation in the models for vulnerability situation awareness that are able to cope with the peculiarities of the IoT domain, (ii) definition of novel situation metrics that are able to consider temporal aspects related to vulnerabilities lifecycle and (iii) new algorithms for dynamic vulnerability analysis.