A Systematic Approach for Studying Security Flaws and Threats in Smart-Home IoT Deployments

Smart-home IoT devices provide many benefits such as home automation, energy savings, and entertainment, but they have a bleak reputation for being insecure. Because of their heterogeneous nature, assessing their attack surface is challenging. This, in turn, leaves latent security flaws exposed for malware to exploit. In this talk, I will discuss fundamental challenges in evaluating the security of networked systems and how that contributes to insecurities in modern-day applications, such as smart-home IoT deployments. My work addresses these challenges by combining complementary perspectives, namely vulnerability analysis and threat analysis to discover how malware attack and abuse networked systems. Specifically, I will present how to apply novel systematic methods that bridge network vulnerability analysis and end-host binary program analysis to evaluate the security for smart-home IoT deployments. In closing, I will discuss how to build on the foundation of systematic assessments to protect large-scale systems and networks by incorporating AI planning for predictive and defensive capabilities.