Work Package 4
– The first goal in this work package is to understand the attacks and attackers themselves, as well as their modus operandi and the important vulnerabilities and systems on which to focus—with an eye on new developing attack prediction models. Existing work focuses on traditional computer crime while in the IoT entirely new attacks become possible for potentially new classes of attacker, leading to unique research challenges. The data-driven analysis of attacks and modus operandi (T4.2) will serve as input for the types of vulnerabilities, attacks and exploitation techniques to prioritize in the analysis (T4.3 and T4.4), while weaknesses found during our analysis (T4.3 and T4.4) in turn influence our prediction model (T4.2b), as well as work packages such as Governance, Design, and Defences. Likewise, advances in Design, Defences, and Governance will influence a system’s attack surface, vulnerabilities, and exploitability.
– The second goal of this WP is to develop automated techniques for automated vulnerability finding, exploit generation, and patch generation for IoT devices. For automated vulnerability finding, the first important step towards identifying the attack surface, we will focus our efforts on fuzzing of embedded (and thus less accessible) software systems. Given a newly discovered vulnerability, we then need to understand its impact in production. For this purpose, we will devise automated exploit generation. In addition, for patchable systems, a functional exploit together with our analysis of the vulnerability paves the way for the automated generation of patches.
Start date: M0
End date: M96
Herbert J. Bos
Vrije Universiteit Amsterdam
Herbert J. Bos is a full professor at the Vrije Universiteit Amsterdam (VU University). At the VU he is heading a group of people working mostly on System Security (e.g., the Argos, Minemu, and Rosetta projects) and OS design for networking (e.g., the Streamline/FFPF project). In addition, he is involved in the development of the Minix3 Operating System.