Breaking and Fixing the Web of Things
Date and time: 8 October 2020, 12pm – 1pm
Speaker: Musard Balliu, KTH Royal Institute of Technology
Title: Breaking and Fixing the Web of Things
Watch the recorded presentation here:
Abstract: The rapidly evolving Internet of Things (IoT) makes the world a fascinating place to live. Innovative automated IoT systems break conventional paradigms to connect otherwise unconnected services. Our society is increasingly dependent on the IoT, relying on a wide variety of connected “things” from heart pacemakers, baby monitors, surveillance cameras to cars, industrial and military robots, and to large-scale IoT systems like smart cities. The complexity and heterogeneity of the IoT along with the critical reliance on the IoT by our society, pose a number of questions pertaining to security and privacy. Unfortunately, the power of IoT apps can be abused by malicious makers, unnoticeably to users. In this talk, we discuss how popular IoT app platforms are susceptible to several novel classes of attacks that violate user privacy, integrity, and availability resulting in massive exfiltration of sensitive information. We present a large-scale empirical study to estimate the scale of possible threats. We suggest short- and medium-term countermeasures based on fine-grained access control and present long-term countermeasures based on tracking the flow of information in IoT apps. The talk is self-contained and no prior knowledge is required.
Bio: Musard Balliu is an Assistant Professor at the School of Electrical Engineering and Computer Science at KTH Royal Institute of Technology in Stockholm, Sweden. His research interests lie at the intersection of computer security, programming languages, formal methods and software engineering. Musard Balliu’s research ranges from foundations to practice of security and privacy with main focus on language-based security and its applications to the Web and IoT domain