TWC: Medium: Handling a Trillion Unfixable Flaws on Billions of Internet-of-Things

TWC：Medium：处理数十亿个物联网上的万亿个无法修复的缺陷

• 批准号: 1564009
• 负责人: Vyas Sekar
• 金额: $ 120万
• 依托单位: Carnegie-Mellon University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-07-01 至 2022-06-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1564009&HistoricalAwards=false
• 关键词: TWC; Medium; Handling; Trillion; Unfixable

The Internet-of-Things (IoT) has quickly moved from concept to reality, with estimates that the number of deployed IoT devices will rise to 25 billion in 2020. However, studies show that many IoT devices have serious security vulnerabilities. Moreover, the limitations of IoT devices and scale of networks of IoT devices often make traditional IT security approaches impractical. This project takes a first-principles approach to rethinking network security and address these concerns for IoT networks: (1) scalable alternatives to simple perimeter defenses; (2) new methods to manage security in deployed networks of IoT devices; and (3) new security policies with sufficient generality to administer IoT devices and networks in many diverse use-cases. By providing a principled architecture to secure IoT deployments, the project will help realize the full potential societal benefits of IoT. The project will result in the development of novel open-source tools, modeling abstractions, algorithms, and prototype implementations that will reduce the time to deploy novel IoT security solutions, and make the results of the project available to the community. The project's PIs will engage in educational and outreach activities to train the next generation talent for the emerging area of IoT. In particular, the PIs plan to integrate the interdisciplinary research ideas into courses spanning security, networking, systems and cyber-physical systems. The project will also actively encourage participation from underrepresented groups. Finally, the tools and measurements generated by this project will inform and accelerate the industry transition to pervasive IoT deployments that are safe and secure.

物联网 (IoT) 已迅速从概念变为现实，预计到 2020 年，已部署的物联网设备数量将增至 250 亿。然而，研究表明，许多物联网设备存在严重的安全漏洞。 此外，物联网设备和物联网设备网络规模的局限性往往使传统的 IT 安全方法变得不切实际。 该项目采用第一原则方法来重新思考网络安全并解决物联网网络的这些问题：（1）简单外围防御的可扩展替代方案； (2) 管理物联网设备部署网络安全的新方法； (3) 新的安全策略具有足够的通用性，可以在许多不同的用例中管理物联网设备和网络。通过提供一个原则性的架构来保护物联网部署，该项目将有助于实现物联网的全部潜在社会效益。该项目将开发新颖的开源工具、建模抽象、算法和原型实现，从而减少部署新颖的物联网安全解决方案的时间，并将项目的结果提供给社区。 该项目的 PI 将参与教育和推广活动，为物联网新兴领域培训下一代人才。特别是，PI 计划将跨学科研究思想整合到涵盖安全、网络、系统和网络物理系统的课程中。该项目还将积极鼓励代表性不足的群体参与。最后，该项目生成的工具和测量结果将告知并加速行业向安全可靠的普遍物联网部署的过渡。

项目成果

Which Privacy and Security Attributes Most Impact Consumers’ Risk Perception and Willingness to Purchase IoT Devices?

哪些隐私和安全属性对消费者的风险感知和购买物联网设备的意愿影响最大？

• DOI: 10.1109/sp40001.2021.00112
• 发表时间: 2021-05
• 期刊: 2021 IEEE Symposium on Security and Privacy (SP
• 作者: Emami;Dheenadhayalan, Janarth;Agarwal, Yuvraj;Cranor, Lorrie Faith
• 通讯作者: Cranor, Lorrie Faith

Capture: Centralized Library Management for Heterogeneous IoT Devices

捕获：异构物联网设备的集中库管理

• 发表时间: 2024-09-14
• 作者: Han Zhang;Abhijith Anilkumar;Matt Fredrikson;Yuvraj Agarwal
• 通讯作者: Yuvraj Agarwal

Analyzing Third Party Service Dependencies in Modern Web Services: Have We Learned from the Mirai-Dyn Incident?

分析现代 Web 服务中的第三方服务依赖性：我们从 Mirai-Dyn 事件中吸取了教训吗？

• DOI: 10.1145/3419394.3423664
• 发表时间: 2020-10
• 期刊: Internet Measurement Conference (IMC
• 作者: Kashaf, Aqsa;Sekar, Vyas;Agarwal, Yuvraj
• 通讯作者: Agarwal, Yuvraj

Ask the Experts: What Should Be on an IoT Privacy and Security Label?

询问专家：物联网隐私和安全标签上应该包含什么内容？

• DOI: 10.1109/sp40000.2020.00043
• 发表时间: 2020-02-11
• 期刊: 2020 IEEE Symposium on Security and Privacy (SP)
• 作者: Pardis Emami Naeini;Yuvraj Agarwal;L. Cranor;Hanan Hibshi
• 通讯作者: Hanan Hibshi