A decade of IoT/embedded firmware security - a vision stretching from large-scale offensive analysis to scalable defensive techniques

21 Dec

Andrei Costin, Senior Lecturer/Assistant Professor in Cybersecurity at University of Jyväskylä

External Presentation (External Speaker)

Firmware is at the heart and core of any (I)IoT/embedded system and device. Firmware is essentially software, and time and time again research and industry demonstrates that software is generally full of bugs and security vulnerabilities. However, when compared to software for traditional computing systems (e.g., x86-based), the (I)IoT firmware presents many more challenges due to its heterogeneity, tech fragmentation, and lagging behind in adopting latest development practices.

In first part of the talk, we take a look at Firmware.RE – our firmware reverse-engineering and analysis seminal paper (along with an equally important follow-up work) that envisioned the (I)IoT firmware cybersecurity problems to come and outlined some core challenges to be faced by research and industry, which was long before that IoT was even a properly coined term.

In the second part of the talk, we take a look at HALE-IoT – our recent and quite unique advances on the scalable defensive techniques (a collab of UCLM, JYU, IMDEA) that aim to close some of the main cybersecurity gaps faced by the (I)IoT devices and firmware, and that take inputs from the decade old insights presented in the first part.

About Andrei Costin

Dr. Andrei Costin is currently a Senior Lecturer/Assistant Professor in Cybersecurity at University of Jyväskylä (Central Finland), with a particular focus on IoT/firmware cybersecurity and Digital Privacy. He received his PhD in 2015 from EURECOM/Telecom ParisTech under co-supervision of Prof. Francilon and Prof. Balzarotti. Dr. Costin has been publishing and presenting at more than 45 top international cybersecurity venues, both academic (Usenix Security, ACM ASIACCS, etc.) and industrial (BalckHat, CCC, HackInTheBox, etc.). He is the author of the first practical ADS-B attacks (BlackHat 2012) and has literally established the large-scale automated firmware analysis research areas (Usenix Security 2014) – these two works are considered seminal in their respective areas, being also most cited at the same time. Dr. Costin is also the CEO/co-founder of Binare.io, a deep-tech cybersecurity spin-off from University of Jyväskylä, focused on innovation and tech-transfer related to IoT cybersecurity.

This event will be conducted in English

  • Location: MR-A1 [Ramón] & MR-A2 [Cajal], IMDEA Networks Institute, Avda. del Mar Mediterráneo 22, 28918 Leganés – Madrid
  • Organization: NETCOM Research Group (Telematics Engineering Department, UC3M); IMDEA Networks Institute
  • Time: 14:00
  • Add to Calendar: iCalendar Outlook Google