Ruotong Yu (Stevens Institute of Technology, University of Utah), Yuchen Zhang, Shan Huang (Stevens Institute of Technology)

Embedded devices are ubiquitous. However, previous research puts little effort on understanding the adoption of common attack mitigations in embedded devices, creating a knowledge gap on embedded security. To bridge this gap, we present an in-depth study by evaluating the adoption of common attack mitigations on embedded devices. In this paper, we summarize our effort on building a high-quality dataset, accurately evaluating kernel-level and user-space attack mitigations and inferring the factors contributing to the absence of attack mitigations. The dataset contains the firmware images from 38 real world vendors range over a decade, reflecting the up- to-date ecology of embedded security. The lack of enough adoption of attack mitigations exposes threat in the coming IoT era as the situation is not improving over time. We envision that understanding the potential factors leading to the lack of adoption of attack mitigations will shed light on improving the security of embedded devices in the future.

Speakers' biography

Ruotong Yu earned his bachelor’s degree in Electrical Engineering from the University of Washington in 2017 and finished his master’s degree from George Washington University in 2019. He then joined Professor Jun Xu’s group as a Ph.D. student in Fall 2019. Currently, he is a third-year Ph.D. student at the University of Utah. His research area focuses on binary analysis, IoT security and etc.

Yuchen Zhang obtained his BA in Computer Science at Boston University and took master courses at Brandeis University. He is currently in his third year of his Ph.D. in Computer Science at Stevens Institute of Technology. His research interests center around Software, System Security, and malware.

Shan Huang recently worked as a penetrating tester in a leading group of the TIC industry for three years. He is now a first-year Ph.D. student at the Stevens Institute of Technology under the supervision of professor Georgios Portokalidis and professor Jun Xu. Previously he obtained his bachelor's in CS and computer security at Henan University and The University of Manchester. His current research interest focuses on system security and embedded system security.

View More Papers

The Droid is in the Details: Environment-aware Evasion of...

Brian Kondracki (Stony Brook University), Babak Amin Azad (Stony Brook University), Najmeh Miramirkhani (Stony Brook University), Nick Nikiforakis (Stony Brook University)

Read More

LogicMEM: Automatic Profile Generation for Binary-Only Memory Forensics via...

Zhenxiao Qi (UC Riverside), Yu Qu (UC Riverside), Heng Yin (UC Riverside)

Read More

What You See is Not What the Network Infers:...

Yijun Yang (The Chinese University of Hong Kong), Ruiyuan Gao (The Chinese University of Hong Kong), Yu Li (The Chinese University of Hong Kong), Qiuxia Lai (Communication University of China), Qiang Xu (The Chinese University of Hong Kong)

Read More