Ecole d'ingénieur et centre de recherche en Sciences du numérique

Finding vulnerabilities in Internet of Things devices

Francillon, Aurélien

4th GDR RSD and ASF Winter School on Distributed Systems and Networks 2019, Keynote Speech, 4-8 February 2019, Pleynet, France

The goal of this presentation is to provide an introduction to the domain of security relevant bug discovery in embedded systems which are at the core of the Internet of Things. Embedded software has a number of particularities which makes it slightly different than general purpose software. In particular, embedded devices are more exposed to software attacks but have less defenses and are often left unattended. At the same time, analyzing their security is more difficult because they are very "opaque'', while the execution of custom and embedded software is often entangled with the hardware and peripherals. Those differences have an impact on our ability to find software bugs in such systems. This talk will present how software vulnerabilities can be identified, at different stages of the software life-cycle, (for example during development, integration of different components, testing, by the deployment of the device or in the field by third parties) and using different approaches (static analysis, emulation with hardware in the loop, or full emulation).

Bibtex

Titre:Finding vulnerabilities in Internet of Things devices
Type:Talk
Langue:English
Ville:Pleynet
Pays:FRANCE
Date:
Département:Sécurité numérique
Eurecom ref:5797
Copyright: © EURECOM. Personal use of this material is permitted. The definitive version of this paper was published in 4th GDR RSD and ASF Winter School on Distributed Systems and Networks 2019, Keynote Speech, 4-8 February 2019, Pleynet, France and is available at :
Bibtex: @talk{EURECOM+5797, year = {2019}, title = {{F}inding vulnerabilities in {I}nternet of {T}hings devices}, author = {{F}rancillon, {A}ur{\'e}lien}, number = {EURECOM+5797}, month = {02}, institution = {Eurecom} address = {{P}leynet, {FRANCE}}, url = {http://www.eurecom.fr/publication/5797} }
Voir aussi: