Automated loT Security and Privacy Analysis
The introduction of commodity Internet of Things (loT) devices that integrate physical processes with digital connectivity has changed the way we live. Yet, while industry and users have embraced the systems supporting loT, the technical community has limited capability to evaluate and ultimately enforce the correct operation of loT implementations. As a consequence, software design flaws, bugs, and security vulnerabilities in loT systems, can and have led to failures and privacy loss. In this talk, I will discuss how to ensure loT implementations adhere to safety, security, and privacy properties using a range of analysis techniques. In particular, I will introduce two systems for automated security and privacy analysis of loT source code: A static taint analysis system, which characterizes the use and potential misuse of sensitive data and uncovers privacy issues in loT applications; and a system for formal verification of loT applications via model checking for safety and security. Through this research, we develop formally grounded methods for analysis of loT applications and enable developers, markets, and consumers to identify threats to security and privacy.
Berkay Celik is a PhD candidate in Computer Science and Engineering at the Pennsylvania State University, where he is advised by Professor Patrick McDaniel. Berkay has researched a variety of security topics, including machine learning systems, network security, and privacy enhancing technologies. He earned his M.S. degree at Penn State University with a major in Computer Science and Engineering and a minor in Computational Science. His dissertation is in the area of Internet of Things (loT), particularly the construction of systems that ensure safety, security, and privacy in commodity loT applications through program analysis. He expects to earn his PhD in the Spring of 2019. Berkay has had several internships in industry, including at VMware and Vencore Labs.
Host: Professor Berk Sunar