CYBERSEC 2021 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree

May 4-6 at Taipei Nangang Exhibition Center, Hall 2

  • May 5th (Wed)
  • 14:45 - 15:15
  • 4F 展區會議室 4A

Enabling IoT EDR by Firmware Emulation and Re-hosting

Chinese Onsite

The mature protection mechanisms for traditional desktops (e.g., Antivirus or EDR) cannot be directly applied into IoT endpoint devices with constrained resource, unfriendly interface, and heterogeneous architectures, thereby making the protection of IoT endpoint devices extremely difficult. Recently, several research works applied firmware emulation techniques to re-host firmware of IoT endpoint device in emulated IoT systems and enabled system-level monitoring and testing for virtual IoT endpoint device with high fidelity so that dynamic analysis and fuzzing can be realized. In this speech, we further exploit emulated and virtual IoT endpoint device as a “substitute” of a physical device which we want to protect. By integrating system-level monitoring component, the malicious behavior in the virtual device can be captured and the corresponding suspicious network payload containing malicious command or binary. Via IDS, we can block anomalous packets and realize EDR. Finally, we demonstrate how the developed experimental EDR platform protects several commercial IoT devices. 

Endpoint Detection & Response Firmware SecurityEndpoint Security
Shin-Ming Cheng

Shin-Ming Cheng

Professor, Department of Computer Science and Infomration Engineering, National Taiwan University of Sciecne and Technology
Joint Appointment Research Fellow, CITI, Academia Sinica

Prof. Shin-Ming Cheng received his B.S. and Ph.D. degrees in computer science and information engineering from National Taiwan University, Taipei, Taiwan, in 2000 and 2007, respectively. He was a Post-Doctoral Research Fellow at the Graduate Institute of Communication Engineering, National Taiwan University, from 2007 to 2012. Since 2012, he has been on the faculty of the Department of Computer Science and Information Engineering, National Taiwan University of Science and Technology, Taipei, where he is currently a professor. Since 2017, he has been with the Research Center for Information Technology Innovation, Academia Sinica, Taipei, where he is currently a Joint Appointment Associate Research Fellow.

His current interests are security mechanism design and application development in the following areas:

  • 4G LTE, 5G NR, O-RAN
  • IoT system
  • ML/DL models

Since 2015, he leads an Advanced Information Security Summer School (AIS3) project and incubates more than 1000 security young talnets in Taiwan. He received 2014 K. T. Li Young Researcher Award from ACM Taipei/Taiwan Chapter, IEEE PIMRC 2013 and IEEE Trustcom 2020 Best Paper Award, CISC 2020 and 2021 Best Paper Award, and 2013 Young Scholar Award from National Taiwan University of Science and Technology.