The goal of this presentation is to provide an introduction to the domain of security relevant bug discovery in embedded systems which are at the core of the Internet of Things. Embedded software has a number of particularities which makes it slightly different than general purpose software. In particular, embedded devices are more exposed to software attacks but have less defenses and are often left unattended. At the same time, analyzing their security is more difficult because they are very "opaque'', while the execution of custom and embedded software is often entangled with the hardware and peripherals. Those differences have an impact on our ability to find software bugs in such systems. This talk will present how software vulnerabilities can be identified, at different stages of the software life-cycle, (for example during development, integration of different components, testing, by the deployment of the device or in the field by third parties) and using different approaches (static analysis, emulation with hardware in the loop, or full emulation).
Finding vulnerabilities in Internet of Things devices
4th GDR RSD and ASF Winter School on Distributed Systems and Networks 2019, Keynote Speech, 4-8 February 2019, Pleynet, France
Type:
Talk
City:
Pleynet
Date:
2019-02-05
Department:
Digital Security
Eurecom Ref:
5797
Copyright:
© EURECOM. Personal use of this material is permitted. The definitive version of this paper was published in 4th GDR RSD and ASF Winter School on Distributed Systems and Networks 2019, Keynote Speech, 4-8 February 2019, Pleynet, France and is available at :
See also:
PERMALINK : https://www.eurecom.fr/publication/5797
