A variety of Internet of Things (IoT) devices are increasingly being used in homes and businesses. These devices run software that is often based on open source products in combination with proprietary code developed by manufacturers. However, manufacturers often pay little attention to IT security. Especially for low-cost products, security updates are provided only for a limited time or not at all, and customer support may be unreliable. Thus, known security vulnerabilities in the incorporated open source projects remain permanently open and attackers can still successfully exploit them years later.
The goal of this project is to harden the IoT infrastructure by closing vulnerabilities directly on the devices. Known vulnerabilities in open source projects are to be collected and, with the help of samples, detected directly in the device software and subsequently eliminated, even if a manufacturer does not provide any assistance for this.
The focus of this project is on the software aspects of such an approach for hardening firmware. Semantic patches will precisely match and remove specific vulnerabilities, while preserving the integrity and functionality of the firmware. Functional tests will confirm the successful application.
Prof. Dr. Johannes Kinder
Phone: +49 (0) 89 6004-7335