Lorenzo De Carli

IoT firmware security is notoriously problematic. IoT software ships with potentially insecure components, and may be bloated by unnecessary functionality. This situation creates danger for end users, who are at risk of falling victims to cyberattacks. It also enables attackers to create large botnets by exploiting simple vulnerabilities in devices with a large installed base. In this line of research, we explore the application of various program analysis and transformation techniques for improving the security of libraries and tools used in the IoT space. In our most recently published work (see our 2021 ACM TOSEM paper), we propose a technique for removing unnecessary features from IoT software components (feature debloating). Collaborator: Long Lu (Northeastern).