4EU+ online seminars on "Security, Privacy, and Data Protection"

Automatic defenses against IoT memory attacks

10 March 2022
16:00 – 17:30 CET

Link to online seminars: Zoom

Abstract

Nowadays embedded devices (IoT frontends) become increasingly connected and mission-critical, which in turn has attracted advanced attacks (e.g., control-flow hijacks and data-only attacks). Unfortunately, IoT backends are unable to reveal the code position of such attacks in the software. In this talk we will describe the state of the art of the defensive mechanism against memory errors in the IoT environment. We will present some new ideas for finding the root cause of such attacks. The talk will introduce and bring the attendees up to speed on topics like Memory Errors, Program Analysis and attack root cause.

Short bio

Andrea Lanzi is currently an associate professor at Università degli studi di Milano at the Computer Science Department, Italy. He has been a Senior Research at Eurecom Graduate School and Research Center, located in Sophia Antipolis on the French riviera and Security Researcher at the Georgia Tech University, US. He is interested in several aspects of Cyber Security. In particular, his main area of research deals with Host Intrusion Detection Systems (HIDS), memory error exploits, reverse engineering, malware and forensic analysis. In recent years he has mainly studied the application of emulation/virtualization and compiler techniques for malware analysis and detection. In addition He has been working on analyzing large-scale security datasets (e.g., Anubis malware collection) to investigate the behavior of current cyber threats.