Ruotong Yu (Stevens Institute of Technology, University of Utah), Yuchen Zhang, Shan Huang (Stevens Institute of Technology)

Embedded devices are ubiquitous. However, previous research puts little effort on understanding the adoption of common attack mitigations in embedded devices, creating a knowledge gap on embedded security. To bridge this gap, we present an in-depth study by evaluating the adoption of common attack mitigations on embedded devices. In this paper, we summarize our effort on building a high-quality dataset, accurately evaluating kernel-level and user-space attack mitigations and inferring the factors contributing to the absence of attack mitigations. The dataset contains the firmware images from 38 real world vendors range over a decade, reflecting the up- to-date ecology of embedded security. The lack of enough adoption of attack mitigations exposes threat in the coming IoT era as the situation is not improving over time. We envision that understanding the potential factors leading to the lack of adoption of attack mitigations will shed light on improving the security of embedded devices in the future.

Speakers' biography

Ruotong Yu earned his bachelor’s degree in Electrical Engineering from the University of Washington in 2017 and finished his master’s degree from George Washington University in 2019. He then joined Professor Jun Xu’s group as a Ph.D. student in Fall 2019. Currently, he is a third-year Ph.D. student at the University of Utah. His research area focuses on binary analysis, IoT security and etc.

Yuchen Zhang obtained his BA in Computer Science at Boston University and took master courses at Brandeis University. He is currently in his third year of his Ph.D. in Computer Science at Stevens Institute of Technology. His research interests center around Software, System Security, and malware.

Shan Huang recently worked as a penetrating tester in a leading group of the TIC industry for three years. He is now a first-year Ph.D. student at the Stevens Institute of Technology under the supervision of professor Georgios Portokalidis and professor Jun Xu. Previously he obtained his bachelor's in CS and computer security at Henan University and The University of Manchester. His current research interest focuses on system security and embedded system security.

View More Papers

Building Embedded Systems Like It’s 1996

Ruotong Yu (Stevens Institute of Technology, University of Utah), Francesca Del Nin (University of Padua), Yuchen Zhang (Stevens Institute of Technology), Shan Huang (Stevens Institute of Technology), Pallavi Kaliyar (Norwegian University of Science and Technology), Sarah Zakto (Cyber Independent Testing Lab), Mauro Conti (University of Padua, Delft University of Technology), Georgios Portokalidis (Stevens Institute of…

Read More

Drivers and Passengers Maybe the Weakest Link in the...

Aiping Xiong (Pennsylvania State University), Zekun Cai (Pennsylvania State University) and Tianhao Wang (University of Virginia)

Read More

The Taming of the Stack: Isolating Stack Data from...

Kaiming Huang (Penn State University), Yongzhe Huang (Penn State University), Mathias Payer (EPFL), Zhiyun Qian (UC Riverside), Jack Sampson (Penn State University), Gang Tan (Penn State University), Trent Jaeger (Penn State University)

Read More

Chhoyhopper: A Moving Target Defense with IPv6

A S M Rizvi (University of Southern California/Information Sciences Institute) and John Heidemann (University of Southern California/Information Sciences Institute)

Read More