APPIOTS
Main funder
Funder's project number: 1758/31/2018
Funds granted by main funder (€)
- 392 000,00
Funding program
Project timetable
Project start date: 01/07/2018
Project end date: 31/12/2019
Summary
It is expected there will be nearly 50 billion IoT/embedded connected devices by 2020. These devices are expected to be present in all commercial and organizational verticals, as well as in all aspects of private individuals' modern lives. Therefore, the security and privacy aspects of IoT/embedded devices are of paramount importance. The Mirai botnet demonstrated in 2016 the largest DDoS attack (1+ Tbps) in modern history, and it was composed of less than 200 thousand vulnerable and compromised IoT/embedded devices [MIRAI1], which is less than 0.0004% of envisioned 50 billion IoT devices. At the same time, the recent US DHS compromise of Boeing 757 in 2017 revealed that fixing 1 line of code in critical IoT/embedded devices (e.g., avionics) may cost up to 1 million USD and may take up to 1 year to pass all tests and recertifications [BOEING1].
The objective of this project is to investigate the commercialization potential of our advanced automated methods and tools for addressing vulnerabilities in software and firmware of IoT/embedded devices. One of the aims of this project is to find a customer base for new software security services, informed by our research, which will provide the following capabilities: identification of vulnerabilities using multiple advanced analysis techniques at various stages of software/firmware life-cycle; confirmation of identified vulnerabilities by performing targeted tests on the vulnerable components and by demonstrating that a compromise would have been possible; elimination of the vulnerability using auto-healing and auto-patching techniques specific to each class of vulnerabilities; extra features that can bring additional value to certain customer segments (e.g., IoT malware investigation for antivirus companies); all the features supported and provided by scalable and AI-powered techniques.
The objective of this project is to investigate the commercialization potential of our advanced automated methods and tools for addressing vulnerabilities in software and firmware of IoT/embedded devices. One of the aims of this project is to find a customer base for new software security services, informed by our research, which will provide the following capabilities: identification of vulnerabilities using multiple advanced analysis techniques at various stages of software/firmware life-cycle; confirmation of identified vulnerabilities by performing targeted tests on the vulnerable components and by demonstrating that a compromise would have been possible; elimination of the vulnerability using auto-healing and auto-patching techniques specific to each class of vulnerabilities; extra features that can bring additional value to certain customer segments (e.g., IoT malware investigation for antivirus companies); all the features supported and provided by scalable and AI-powered techniques.
Principal Investigator
Primary responsible unit
Follow-up groups
Profiling area: Cyber security (University of Jyväskylä JYU)