Compositional Safety and Security Reasoning in IoT Environments

Compositional Safety and Security Reasoning in IoT Environments

Speaker Name: 
Muslum Ozgur Ozmen
Speaker Title: 
Computer Science PhD candidate
Speaker Organization: 
Purdue University
Start Time: 
Thursday, February 2, 2023 - 12:00pm
End Time: 
Thursday, February 2, 2023 - 1:00pm
Location: 
E2-506 or via Zoom at https://ucsc.zoom.us/j/94944339976?pwd=RVRUVHN2UGc4Z1dydGt2Q1ZkNlQ4dz09
Organizer: 
Ricardo Sanfelice

  

Abstract

The integration of digital connectivity with physical processes in IoT environments has enabled sensors and actuators to interact with each other over the physical space. However, IoT environments have complex physical interactions between actuators and sensors that create new classes of vulnerabilities. Unfortunately, traditional IoT security measures ignore such complex physical interactions and fail to achieve sufficient breadth and fidelity to uncover these vulnerabilities, causing poor accuracy and false alarms.

In this talk, I will discuss our efforts in safety and security reasoning in IoT deployments through physical modeling and formal analysis. First, I will introduce our approach to discovering physical interaction vulnerabilities in IoT deployments. Our approach builds the joint physical behavior of interacting IoT apps through code and dynamic analysis. It next validates a set of new metric temporal logic policies through falsification. Second, I will demonstrate how attackers can evade existing IoT defenses by exploiting complex physical relations between actuators and sensors. I will next introduce software patching and sensor placement to make the existing defenses robust against evasion attacks. Through these efforts, we create holistic physical models toward achieving the compositional safety and security of an IoT system.

 

Bio

Muslum Ozgur Ozmen is currently pursuing a Ph.D. degree in the Department of Computer Science at Purdue University, where he is advised by Professor Z. Berkay Celik. Prior to joining Purdue, Ozgur earned his Master of Science degree in computer science from Oregon State University, USA, and his Bachelor‘s degree in electrical and electronics engineering from Bilkent University, Turkey. His research interests broadly lie in the area of systems security. Through systems design and formal verification, his research seeks to improve security and privacy guarantees in emerging computing platforms. His research approach is best illustrated by his work in IoT safety and security. He expects to earn his Ph.D. in the Spring of 2024. More information can be obtained at https://ozgurozmen.github.io/.spacer