Smart-home IoT devices provide many benefits such as home automation, energy savings, and entertainment, but they have a bleak reputation for being insecure. Because of their heterogeneous nature, assessing their attack surface is challenging. This, in turn, leaves latent security flaws exposed for malware to exploit. In this talk, I will discuss fundamental challenges in evaluating the security of networked systems and how that contributes to insecurities in modern-day applications, such as smart-home IoT deployments. My work addresses these challenges by combining complementary perspectives, namely vulnerability analysis and threat analysis to discover how malware attack and abuse networked systems. Specifically, I will present how to apply novel systematic methods that bridge network vulnerability analysis and end-host binary program analysis to evaluate the security for smart-home IoT deployments. In closing, I will discuss how to build on the foundation of systematic assessments to protect large-scale systems and networks by incorporating AI planning for predictive and defensive capabilities.
Omar Alrawi is a Ph.D. candidate in the Electrical and Computer Engineering School at Georgia Institute of Technology. His research interests lie in computer systems security and cyber-attack attribution with focuses on network vulnerability assessments, binary program analysis, vetting of untrusted software, and IoT security. His work has been featured in highly-regarded media outlets, such as Newsweek and The New York Times on smart-home IoT security. His research was selected as a finalist for the CSAW applied research competition, and he was awarded The Presidential Fellowship for his exemplary level of scholarship and innovation. At Georgia Tech, his work was awarded first place for Best Research Idea, Cyber Security Demo Day, and Create-X Research Commercialization.