Ph.D. Proposal Oral Exam - Binbin Zhao

Event Details
  • Date/Time:
    • Tuesday November 15, 2022
      9:00 am - 11:00 am
  • Location:
  • Phone:
  • URL:
  • Email:
  • Fee(s):
  • Extras:
No contact information submitted.

Summary Sentence: Towards Evaluating the Security Risks of Using Third-party Components in IoT Firmware

Full Summary: No summary paragraph submitted.

Title:  Towards Evaluating the Security Risks of Using Third-party Components in IoT Firmware


Dr. Beyah, Advisor        

Dr. Zonouz, Chair

Dr. Saltaformaggio

Dr. Ji

Abstract: The objective of the proposed research is to evaluate the security risks of using third-party components (TPCs) in IoT firmware. Currently, more and more IoT devices integrate a wealth of TPCs in firmware to shorten the development cycle. Nevertheless, adopting TPCs in IoT firmware may lead to serious consequences. In this proposal, we explore the security issues raised by TPCs in IoT firmware in three steps. First, we present a comprehensive overview of the security issues in real-world IoT devices. We confirm that many N-days vulnerabilities caused by TPCs are still endangering a great number of IoT devices. Second, we conduct a large-scale empirical analysis of the vulnerabilities introduced by TPCs in IoT firmware. We design and implement FirmSec, the first scalable and automated framework to analyze the TPCs used in firmware and identify the corresponding vulnerabilities. Finally, we study the TPC usage violation problem in IoT firmware. To achieve this goal, we propose an NLP-guided and rule-driven method to detect TPC usage violations in IoT firmware.

Additional Information

In Campus Calendar

ECE Ph.D. Proposal Oral Exams

Invited Audience
Phd proposal, graduate students
  • Created By: Daniela Staiculescu
  • Workflow Status: Published
  • Created On: Nov 13, 2022 - 10:42am
  • Last Updated: Nov 13, 2022 - 3:39pm