Assistant Professor Tuba Yavuz has been awarded a 2020 NSF CAREER Award for her project, “Towards a Secure and Reliable Internet of Things through Automated Model Extraction and Analysis.” The project will additionally help broaden participation of women and other underrepresented groups in IoT security, formal methods, and software engineering research.
This project will investigate scalable analysis of system software to reason about system-level behavior. The key insight underpinning the project is the fact that software is often developed according to a programming model, a model which imposes certain structural and semantic associations for data and code. Understanding these associations provides guidance on how to analyze the components in isolation and how to effectively explore the state space during analysis.
Dr. Yavuz’ work aims to extended or tailor existing program analysis techniques to analyze system software and extract behavioral properties or find deep bugs. In some cases, code analysis does not actually run the code being tested, but instead represents the code structure and semantics so that it can be inferred how the code would behave at run-time. Analyzing the massive and convoluted code running underneath the hood of today’s IoT devices using symbolic or representational versions of the code is much more precise and will yield a more scalable bug detection capability.
Specifically, the project builds on three research thrusts: 1) Formalization of programming models that are used in system software, 2) Automated model extraction and model guided analysis that leverage formally defined programming models and the integration of a variety of program analysis techniques, and 3) System-level analysis of IoT systems through integration of automatically extracted component models with run-time data. The automatically constructed system-level model will be subjected to rigorous analysis and will support effective run-time monitoring of IoT deployments for improved usability, reliability, privacy, and security. A novel, incremental, and model checking based regression analysis will enable safe and secure evolution of IoT systems.
More detailed information about the project is available on the NSF website.
The Internet of Things (IoT) is expected to transform the quality of our lives in various domains.
However, the Mirai botnet and other cyber attacks that exploited vulnerabilities in IoT devices have revealed major security and privacy issues in the current deployments of IoT. These incidents indicate the importance of securing the IoT ecosystem as a precursor to achieving the transformative power of IoT. The IoT ecosystem involves a variety of components including constrained devices, edge devices, mobile devices, and the cloud. Securing an IoT deployment requires a deep understanding of the attack surface of each component and the attack surfaces that are formed as a result of the interactions between various components. However, the complexity of software that powers these components poses a big challenge. The goal of this project is to achieve a holistic view of security engineering using automated model extraction and model guided analysis. The project will yield methodologies, tools, and educational material that will empower the IoT industry in terms of secure software development and deployment practices. Additionally, the project will help broaden participation of women and other underrepresented groups in IoT security, formal methods, and software engineering research.
The CAREER Program
The Faculty Early Career Development (CAREER) Program is an NSF-wide activity that offers the National Science Foundation’s most prestigious awards in support of early-career faculty who have the potential to serve as academic role models in research and education and to lead advances in the mission of their department or organization. Activities pursued by early-career faculty should build a firm foundation for a lifetime of leadership in integrating education and research. NSF encourages submission of CAREER proposals from early-career faculty at all CAREER-eligible organizations and especially encourages women, members of underrepresented minority groups, and persons with disabilities to apply.