Search Icon
Submissions

An In-Depth Analysis on Adoption of Attack Mitigations in Embedded Devices

Ruotong Yu (Stevens Institute of Technology, University of Utah), Yuchen Zhang, Shan Huang (Stevens Institute of Technology)

Embedded devices are ubiquitous. However, previous research puts little effort on understanding the adoption of common attack mitigations in embedded devices, creating a knowledge gap on embedded security. To bridge this gap, we present an in-depth study by evaluating the adoption of common attack mitigations on embedded devices. In this paper, we summarize our effort on building a high-quality dataset, accurately evaluating kernel-level and user-space attack mitigations and inferring the factors contributing to the absence of attack mitigations. The dataset contains the firmware images from 38 real world vendors range over a decade, reflecting the up- to-date ecology of embedded security. The lack of enough adoption of attack mitigations exposes threat in the coming IoT era as the situation is not improving over time. We envision that understanding the potential factors leading to the lack of adoption of attack mitigations will shed light on improving the security of embedded devices in the future.

Speakers' biography

Ruotong Yu earned his bachelor’s degree in Electrical Engineering from the University of Washington in 2017 and finished his master’s degree from George Washington University in 2019. He then joined Professor Jun Xu’s group as a Ph.D. student in Fall 2019. Currently, he is a third-year Ph.D. student at the University of Utah. His research area focuses on binary analysis, IoT security and etc.

Yuchen Zhang obtained his BA in Computer Science at Boston University and took master courses at Brandeis University. He is currently in his third year of his Ph.D. in Computer Science at Stevens Institute of Technology. His research interests center around Software, System Security, and malware.

Shan Huang recently worked as a penetrating tester in a leading group of the TIC industry for three years. He is now a first-year Ph.D. student at the Stevens Institute of Technology under the supervision of professor Georgios Portokalidis and professor Jun Xu. Previously he obtained his bachelor's in CS and computer security at Henan University and The University of Manchester. His current research interest focuses on system security and embedded system security.

View More Papers

Demo #1: Security of Multi-Sensor Fusion based Perception in...

Yulong Cao (University of Michigan), Ningfei Wang (UC, Irvine), Chaowei Xiao (Arizona State University), Dawei Yang (University of Michigan), Jin Fang (Baidu Research), Ruigang Yang (University of Michigan), Qi Alfred Chen (UC, Irvine), Mingyan Liu (University of Michigan) and Bo Li (University of Illinois at Urbana-Champaign)

Read More

What You See is Not What the Network Infers:...

Yijun Yang (The Chinese University of Hong Kong), Ruiyuan Gao (The Chinese University of Hong Kong), Yu Li (The Chinese University of Hong Kong), Qiuxia Lai (Communication University of China), Qiang Xu (The Chinese University of Hong Kong)

Read More

The Nuts and Bolts of Building FlowLens

Diogo Barradas (Instituto Superior Técnico, Universidade de Lisboa)

Read More

Demo #13: Attacking LiDAR Semantic Segmentation in Autonomous Driving

Yi Zhu (State University of New York at Buffalo), Chenglin Miao (University of Georgia), Foad Hajiaghajani (State University of New York at Buffalo), Mengdi Huai (University of Virginia), Lu Su (Purdue University) and Chunming Qiao (State University of New York at Buffalo)

Read More