CAREER: Integrating Trust and Accountability into Compliance Enforcement for a Secure Internet of Things

职业：将信任和问责融入安全物联网的合规执行中

• 批准号: 2237012
• 负责人: Adwait Nadkarni
• 金额: $ 53.77万
• 依托单位: College of William and Mary
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-03-15 至 2028-02-29
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2237012&HistoricalAwards=false
• 关键词: CAREER; Integrating; Trust; Accountability; into

Regulators have only recently begun to grapple with the reality of billions of vulnerable Internet of Things (IoT) products and have responded with targeted security and privacy regulations. The usefulness of such policy initiatives relies on their enforcement in practice. The enforcement strategy outlined in such regulations is similar to that used for software security compliance, wherein regulators delegate enforcement to Commercially Licensed Evaluation Facilities (CLEFs), which evaluate vendor products. While such delegation is useful in scaling the enforcement to millions of products, it comes at a price: the affected party, i.e., the regulators and consumers who are the primary beneficiaries of security compliance, play a limited role in it, enabling an incentive structure skewed against effective enforcement. To elaborate, product vendors have little incentive to select an ideal CLEF that would thoroughly evaluate their product, instead of one that offers the fastest route to certification. Even if a vendor searched for an ideal CLEF in good faith, they have few means to gauge the CLEF’s effectiveness aside from brochures, limited demonstrations, and the CLEF’s reputation. Moreover, CLEFs are not licensed on the basis of their performance at detecting vulnerabilities, but instead on procedural competence (e.g., adequate facilities, personnel). Hence, traditional model, if applied as is to the IoT sector, would foster unvalidated CLEFs who have little incentive to improve, and vendors who simply view certifications as liability shields. This project seeks to avert such a future by empowering the affected party with practical tools to objectively measure the performance of CLEFs, and influence accountability in security compliance enforcement. The systematic, data-driven, evaluation techniques developed in this research will enable regulators and standards bodies to reform the compliance infrastructure by directly evaluating the claimed performance of CLEFs as a part of the license-granting process or periodic audits. Moreover, this research will also help CLEFs and vendors improve through self-evaluation, help vendors seek effective CLEFs, and help CLEFs compete on the basis of performance. By improving the compliance enforcement infrastructure for IoT, this project will generate tangible benefits for consumers in the form of secure IoT products, and has the potential to increase consumer confidence in and adoption of IoT technology. The research will be incorporated into graduate and undergraduate security classes at William & Mary through experiential learning activities, and disseminated to key stakeholders such as policymakers and developers, as well as the broader research community. This project synergistically blends the approach of mutation testing with static and dynamic analysis, machine learning, and qualitative studies, to lay the foundation for empirically and systematically evaluating CLEFs, along three core research thrusts and a fourth thrust that investigates extensibility. The first thrust examines if the scope of work assumed by CLEFs is sufficient, by investigating a key underlying question: what should CLEFs look for? To this end, the research acquires and analyzes IoT products at market-scale, in order to develop a generalizable understanding of what vulnerabilities are relevant to detect, i.e., pose risk in the IoT context, resulting in a comprehensive, risk-based IoT vulnerability taxonomy. The second thrust rigorously evaluates a CLEF’s ability to detect non-trivial variants of vulnerabilities from the taxonomy, i.e., mutants. It develops a threat-aware mutation framework that generates mutants guided by a threat model for compliance enforcement that encapsulates the conditions CLEFs must account for, thus ensuring a non-arbitrary evaluation of CLEFs. The third thrust re-imagines security analysis for compliance enforcement with the approach of mutation-driven vulnerability prediction, which combines the strengths of machine learning and security-focused mutation for effective detection. The fourth thrust explores the extensibility of the research to IoT product-types, application domains (e.g., smart cities), and usage paradigms. This research project leverages well-founded techniques from security, software engineering, and machine learning to make novel contributions at the intersection of security and software engineering. Finally, the initial focus on mobile-IoT apps as a target product-type will advance security research at the key intersection of mobile and IoT security.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

监管机构直到最近才开始努力应对数十亿个脆弱的物联网（IoT）产品的现实，并对有针对性的安全和隐私法规做出了响应。这种政策计划的有用性依赖于实践中的执法。此类法规中概述的执法策略类似于用于软件安全合规性的执行策略，该法规将执法委派给了评估供应商产品的商业许可评估设施（CLEFS）。尽管此类代表团可用于将执法扩展到数百万个产品，但它是有代价的：受影响的一方，即是安全合规性的主要善良者的监管机构和消费者，在IT中发挥了有限的作用，使激励结构偏向于有效执行。为了详细说明，产品供应商几乎没有动力选择一个可以彻底评估其产品的理想谱号，而不是提供最快的认证途径的产品。即使供应商真诚地寻找理想的谱号，除了小册子，有限的示威活动和谱号的声誉外，他们几乎没有任何手段来评估谱号的有效性。此外，Clefs不是根据其在发现漏洞的绩效的基础上获得许可的，而是基于程序能力（例如，适当的设施，人员）。因此，传统模型，如果对物联网行业的应用，将培养几乎没有动力改进的未验证的谱号，而仅将认证视为责任盾牌的供应商。该项目旨在通过使用实用工具来客观地衡量CLEF的绩效并影响安全合规执行中的问责制，以避免这种未来。本研究中开发的系统，数据驱动的评估技术将使监管机构和标准机构通过直接评估CLEFS作为许可过程或定期审核的一部分来改革合规性基础设施。此外，这项研究还将通过自我评估来帮助谱号和供应商改善，帮助供应商寻求有效的谱号，并帮助Clefs在绩效的基础上竞争。通过改善物联网的合规执行基础架构，该项目将以安全的物联网产品的形式为消费者带来切实的收益，并有可能提高消费者对物联网技术的信心和采用。这项研究将通过专家学习活动纳入William＆Mary的研究生和本科安全班，并将其传播到政策制定者和开发人员等主要利益相关者以及更广泛的研究社区中。该项目协同融合了突变测试的方法与静态和动态分析，机器学习和定性研究，为经验和系统地评估CLEFS的基础，沿三个核心研究推力和研究可扩展性的第四个推力。如果CLEFS假定的工作范围足够，则首次推力考试是通过调查一个关键的基本问题：Clefs应该寻找什么？为此，该研究在市场规模上获取和分析了物联网产品，以便对它们与检测到的脆弱性有所了解，即在物联网环境中施加风险，从而导致全面的，基于风险的IoT脆弱性分类。第二个推力严格评估了Clef检测分类法（即突变体）中脆弱性的非平凡变体的能力。它开发了一个威胁感知的突变框架，该框架生成了由威胁模型引导的突变体，该突变体的合规执行构成了clefs条件必须考虑的条件，从而确保对CLEF进行非肢体评估。第三个推力重新构想了对合规执行的安全性分析与突变驱动的漏洞预测的方法，该预测结合了机器学习的优势和以安全性为中心的突变，以进行有效检测。第四个推力探索了研究对物联网产品类型，应用域（例如智能城市）和用法范式的可扩展性。该研究项目利用安全，软件工程和机器学习的良好基础技术在安全和软件工程的交集中做出新颖的贡献。最后，最初对移动iot应用程序作为目标产品类型的关注将在移动和物联网安全的关键交叉点上提高安全研究。该奖项反映了NSF的法定任务，并通过使用该基金会的知识分子的优点和更广泛的影响来评估NSF的法定任务。