Search Icon
Submissions

An In-Depth Analysis on Adoption of Attack Mitigations in Embedded Devices

Ruotong Yu (Stevens Institute of Technology, University of Utah), Yuchen Zhang, Shan Huang (Stevens Institute of Technology)

Embedded devices are ubiquitous. However, previous research puts little effort on understanding the adoption of common attack mitigations in embedded devices, creating a knowledge gap on embedded security. To bridge this gap, we present an in-depth study by evaluating the adoption of common attack mitigations on embedded devices. In this paper, we summarize our effort on building a high-quality dataset, accurately evaluating kernel-level and user-space attack mitigations and inferring the factors contributing to the absence of attack mitigations. The dataset contains the firmware images from 38 real world vendors range over a decade, reflecting the up- to-date ecology of embedded security. The lack of enough adoption of attack mitigations exposes threat in the coming IoT era as the situation is not improving over time. We envision that understanding the potential factors leading to the lack of adoption of attack mitigations will shed light on improving the security of embedded devices in the future.

Speakers' biography

Ruotong Yu earned his bachelor’s degree in Electrical Engineering from the University of Washington in 2017 and finished his master’s degree from George Washington University in 2019. He then joined Professor Jun Xu’s group as a Ph.D. student in Fall 2019. Currently, he is a third-year Ph.D. student at the University of Utah. His research area focuses on binary analysis, IoT security and etc.

Yuchen Zhang obtained his BA in Computer Science at Boston University and took master courses at Brandeis University. He is currently in his third year of his Ph.D. in Computer Science at Stevens Institute of Technology. His research interests center around Software, System Security, and malware.

Shan Huang recently worked as a penetrating tester in a leading group of the TIC industry for three years. He is now a first-year Ph.D. student at the Stevens Institute of Technology under the supervision of professor Georgios Portokalidis and professor Jun Xu. Previously he obtained his bachelor's in CS and computer security at Henan University and The University of Manchester. His current research interest focuses on system security and embedded system security.

View More Papers

Chosen-Instruction Attack Against Commercial Code Virtualization Obfuscators

Shijia Li (College of Computer Science, NanKai University and the Tianjin Key Laboratory of Network and Data Security Technology), Chunfu Jia (College of Computer Science, NanKai University and the Tianjin Key Laboratory of Network and Data Security Technology), Pengda Qiu (College of Computer Science, NanKai University and the Tianjin Key Laboratory of Network and Data…

Read More

A Framework for Consistent and Repeatable Controller Area Network...

Paul Agbaje (University of Texas at Arlington), Afia Anjum (University of Texas at Arlington), Arkajyoti Mitra (University of Texas at Arlington), Gedare Bloom (University of Colorado Colorado Springs) and Habeeb Olufowobi (University of Texas at Arlington)

Read More

ditto: WAN Traffic Obfuscation at Line Rate

Roland Meier (ETH Zürich), Vincent Lenders (armasuisse), Laurent Vanbever (ETH Zürich)

Read More

Building Embedded Systems Like It’s 1996

Ruotong Yu (Stevens Institute of Technology, University of Utah), Francesca Del Nin (University of Padua), Yuchen Zhang (Stevens Institute of Technology), Shan Huang (Stevens Institute of Technology), Pallavi Kaliyar (Norwegian University of Science and Technology), Sarah Zakto (Cyber Independent Testing Lab), Mauro Conti (University of Padua, Delft University of Technology), Georgios Portokalidis (Stevens Institute of…

Read More