Finding Vulnerabilities in IoT Software using Fuzzing, Symbolic Execution and Abstract Interpretation
Primary supervisor
Contact admissions office
Other projects with the same supervisor
- Application Level Verification of Solidity Smart Contracts
- Designing Safe & Explainable Neural Models in NLP
- Exploiting Software Vulnerabilities at Large Scale
- Verification Based Model Extraction Attack and Defence for Deep Neural Networks
- Using Program Synthesis for Program Repair in IoT Security
- Automated Repair of Deep Neural Networks
- Automatic Detection and Repair of Software Vulnerabilities in Unmanned Aerial Vehicles
- Combining Concolic Testing with Machine Learning to Find Software Vulnerabilities in the Internet of Things
- Verifying Cyber-attacks in CUDA Deep Neural Networks for Self-Driving Cars
- Hybrid Fuzzing Concurrent Software using Model Checking and Machine Learning
Funding
- Directly Funded Project (Students Worldwide)
This research project has funding attached. Applications for this project are welcome from suitably qualified candidates worldwide. Funding may only be available to a limited set of nationalities and you should read the full department and project details for further information.
Project description
Our reliance on the correct functioning of embedded systems is growing rapidly. Such systems are used in a wide range of applications such as airbag control systems, mobile phones, and high-end television sets. As Internet of Things (IoT) is now present in all technology sections, allowing different embedded systems to connect and exchange data, the chances of security breach have expanded to a large extent. Thus, the reliability of the embedded (distributed) software in IoT is a key issue in the system development. This PhD research is concerned with identifying software vulnerabilities, which compromise not only network security but also information security in IoT devices. In particular, it aims to find software vulnerabilities using fuzzing, symbolic execution, and abstract interpretation techniques, in order to prevent unauthorised access to the network by shielding the network from malicious attacks and thus protecting the data flowing through the network. The main objectives of this PhD research are: (1) analyse and develop a deeper understanding of network security as a whole to capture main properties of interest to a secure network in IoT; (2) understand all possible cyber threats/attacks that IoT devices can face; (3) propose a method to identify software vulnerabilities using fuzzing, symbolic execution, and abstract interpretation techniques, in order to make them less susceptible to the cyber threats/attacks.
Person specification
For information
- Candidates must hold a minimum of an upper Second Class UK Honours degree or international equivalent in a relevant science or engineering discipline.
- Candidates must meet the School's minimum English Language requirement.
- Candidates will be expected to comply with the University's policies and practices of equality, diversity and inclusion.
Essential
Applicants will be required to evidence the following skills and qualifications.
- You must be capable of performing at a very high level.
- You must have a self-driven interest in uncovering and solving unknown problems and be able to work hard and creatively without constant supervision.
Desirable
Applicants will be required to evidence the following skills and qualifications.
- You will have good time management.
- You will possess determination (which is often more important than qualifications) although you'll need a good amount of both.
General
Applicants will be required to address the following.
- Comment on your transcript/predicted degree marks, outlining both strong and weak points.
- Discuss your final year Undergraduate project work - and if appropriate your MSc project work.
- How well does your previous study prepare you for undertaking Postgraduate Research?
- Why do you believe you are suitable for doing Postgraduate Research?