IoT-STYLE - Increasing the awareness in IoT Security Through vulnerabilitY Lifecycle managEment
| Componente | Categoria |
|---|---|
| Giuseppe Antonio Di Luna | Componenti strutturati del gruppo di ricerca / Structured participants in the research project |
| Daniele Cono D'Elia | Dottorando/Assegnista/Specializzando componente non strutturato del gruppo di ricerca / PhD/Assegnista/Specializzando member non structured of the research group |
| Silvia Bonomi | Componenti strutturati del gruppo di ricerca / Structured participants in the research project |
| Riccardo Lazzeretti | Componenti strutturati del gruppo di ricerca / Structured participants in the research project |
| Fabrizio D'Amore | Componenti strutturati del gruppo di ricerca / Structured participants in the research project |
| Componente | Qualifica | Struttura | Categoria |
|---|---|---|---|
| Fiorella Artuso | Dottoranda | Dipartimento di Ingegneria Informatica Automatica e Gestionale Antonio Ruberti | Altro personale aggregato Sapienza o esterni, titolari di borse di studio di ricerca / Other aggregate personnel Sapienza or other institution, holders of research scholarships |
| Francesca Console | Dottoranda | Dipartimento di Ingegneria Informatica Automatica e Gestionale Antonio Ruberti | Altro personale aggregato Sapienza o esterni, titolari di borse di studio di ricerca / Other aggregate personnel Sapienza or other institution, holders of research scholarships |
| Marco Cuoci | Dottorando | Dipartimento di Ingegneria Informatica Automatica e Gestionale Antonio Ruberti | Altro personale aggregato Sapienza o esterni, titolari di borse di studio di ricerca / Other aggregate personnel Sapienza or other institution, holders of research scholarships |
| Enkeleda Bardhi | Dottoranda | Dipartimento di Ingegneria Informatica Automatica e Gestionale Antonio Ruberti | Altro personale aggregato Sapienza o esterni, titolari di borse di studio di ricerca / Other aggregate personnel Sapienza or other institution, holders of research scholarships |
During the last decade we witnessed the growth of the so-called Internet-of-Things (IoT) revolution: millions of devices interconnected through the Internet that actively support our everyday tasks. IoT devices are today pervasive in extremely diverse scenarios: from leisure applications and home automation setups up to industrial settings where intelligent machines have today taken the place of humans in production lines. Such a growing trend is expected to further accelerate in the forthcoming years. However, great opportunities come with their own risks.
Recently, several global attacks that involved embedded devices (e.g. the Mirai botnet and its derivatives) demonstrated that IoT systems are affected by severe vulnerabilities that can be exploited to launch cyberattacks of sheer size. This reality will hardly change as several devices are designed such to minimize their price, cutting all non-essential costs, including costs for security screening and software quality assurance. Most of the vulnerabilities are present in the firmware of the devices, which will probably see no updates during the device's lifespan.
Governments are today taking steps to mitigate such problems by requiring security certification for embedded devices (e.g., the EU cybersecurity certification framework). The costs of this process are however today very large, as each firmware needs to be manually analyzed: a complex and time-consuming task for highly skilled experts. Without further technical evolutions in the field of security for embedded devices, this approach will simply not scale.
This project aims to study a comprehensive solution for vulnerability lifecycle management in IoT firmware through 3 objectives: binary quality assessment, practical attestation, and vulnerability situation awareness. These three goals, synergically exercised, will provide a scalable framework for IoT firmware security analysis.