-
CS Colloquium: Luyi Xing (Indiana University) - Security Foundations for Cloud-based IoT Systems
Wed, Feb 28, 2024 @ 10:00 AM - 11:00 AM
Thomas Lord Department of Computer Science
Conferences, Lectures, & Seminars
Speaker: Luyi Xing, Indiana University
Talk Title: Security Foundations for Cloud-based IoT Systems
Abstract: The Internet of Things (IoT) cloud is one of the key pillars of the foundation upon which modern IoT systems rest (Smart Home, Industrial, Smart City, Retail, and Health applications, etc.). IoT manufacturers generally deploy IoT devices under managed PaaS and IaaS IoT cloud services (e.g., AWS IoT Core, Azure IoT Hub, SmartThings, Apple Home/iCloud), which offload much of the security responsibilities and deployment burden to the cloud providers. IoT clouds must trust-manage hundreds of millions of IoT devices and users, and provide device manufacturers reliable and usable tools for secure IoT deployments and control. In IoT systems, compromised security or improper deployments can cause hazardous situations and serious consequences. In this talk, we will focus on three areas of fundamental problems in the security of IoT systems: (1) IoT supply chain, (2) IoT security models and real-world deployments, (3) emerging IoT design and application paradigms. Our systematic research in advancing these areas are backed by formal verification, automatic analysis on protocols and programs, and ML/AI-based semantic analysis and formal-model generation. We developed principled, open-source approaches to reveal emerging threats, and formally verify complex, deployed IoT systems to provide new security and privacy guarantees. We identified more than 50 new types of attacks/vulnerabilities in 200+ IoT devices/services (e.g., smart locks, drones) with serious security, safety, and privacy implications. Our formal verification tools have been adopted by industry and government agencies such as AWS. Our security patches have been adopted and deployed by 50+ IoT vendors (AWS IoT, Apple HomeKit, Samsung SmartThings, Microsoft Azure IoT, Yale Locks, August, iRobot, etc.).
This lecture satisfies requirements for CSCI 591: Research Colloquium
Biography: Luyi Xing is an Assistant Professor in the department of Computer Science, Luddy School of Informatics, Computing, and Engineering at Indiana University Bloomington since 2018. He is founder of the System Security Foundations lab at IU. Prior to IU, he had years of professional experience in engineering large production systems at AWS and Amazon. He is a recipient of the NSF CAREER award (2021, IoT systems security), Facebook Research Award (2021, Privacy Enhancing Technologies), 5 Facebook Whitehat awards (2012, 2013, 2020, 2021), Google Developer Data Protection award (2019), Microsoft Whitehat award (2019), Android Security Acknowledgements (2013 - 2016, 2018) and Apple Security Acknowledgement (2015, 2019, 2020), among others. His research has changed the design space (access control, authentication) of hundreds of operating system modules (Unix/Linux based OSes, MacOS, Android, iOS), applications, and online services that almost every citizen uses every day. His research aims at improving guarantees for security and privacy in deployed systems, in particular, IoT, cloud, mobile, and software supply chain, with efforts in formal verification, program analysis, machine learning/NLP, compliance, and technology standardization. His research has led to the discovery of 100+ new types of vulnerabilities in the design of commercial and open-source systems, uncovering new attack techniques and undermining prior security guarantees and assumptions. He is a pioneer for a few key research directions, including formal methods for IoT systems security, logic flaws in systems, iOS security and privacy, and security of IoT standards. He is an active practitioner in applying AI/NLP for system security and formal methods.
Host: Chao Wang
Location: Olin Hall of Engineering (OHE) - 132
Audiences: Everyone Is Invited
Contact: CS Faculty Affairs