TCSE logo 
 Sigsoft logo
Sustainability badge
Sat 3 May 2025 14:20 - 14:40 at 206 - Paper session 2 and panel questions Chair(s): Eunkyoung Jee

The unprecedented surge in Internet of Things (IoT) device deployment has brought forth significant security challenges, primarily arising from vulnerabilities within firmware that facilitate unauthorized access, data exfiltration, and network exploitation. This study undertakes a comprehensive static analysis of 1,520 IoT firmware samples using the Firmware Analysis and Comparison Tool (FACT) alongside metadata from the WikiDevi archive to systematically identify inherent security flaws. Among the key vulnerabilities discovered are improper handling of format strings (CWE-134, 10.07%), memory mismanagement issues (CWE-416, 10.06%; CWE-415, 10.03%), and the presence of exposed debugging interfaces (CWE-782, 10.07%). These results highlight enduring risks in critical domains such as healthcare and industrial IoT, often magnified by insecure coding practices and reliance on outdated software components. To address these systemic shortcomings, this study proposes the Risk Mitigation Modeling for IoT Development Lifecycle (RMMIDL), a secure-by-design framework that embeds proactive security measures throughout each phase of IoT development. RMMIDL offers a systematic and well-defined framework for addressing pervasive risks, enhancing the resilience of IoT ecosystems, and promoting the implementation of robust security measures. Furthermore, this study outlines prospective research directions, emphasizing the potential of integrating large language models (LLMs), broadening the scope of firmware datasets, and fostering industry-wide collaboration to drive advancements in IoT security

Sat 3 May

Displayed time zone: Eastern Time (US & Canada) change

14:00 - 15:30
Paper session 2 and panel questionsEnCyCriS at 206
Chair(s): Eunkyoung Jee KAIST, South Korea
14:00
20m
Paper
RANDART: A Hybrid Approach Leveraging File Traps and Registry Monitoring to Thwart Crypto Ransomware on Windows Endpoints
EnCyCriS
P. Mohan Anand Indian Institute of Technology Kanpur, India, P.V. Sai Charan New York University, USA, Hrushikesh Chunduri Indian Institute of Technology Kanpur, India, Sandeep K. Shukla Indian Institute of Technology Kanpur
14:20
20m
Paper
Static Analysis of IoT Firmware: Identifying Systemic Vulnerabilities with RMMIDL
EnCyCriS
Ahmad Al-Zuraiqi Queen's University Belfast, UK, Desmond Greer Queens University 
14:40
45m
Panel
Panel based discussions and open questions - afternoon session
EnCyCriS

15:25
5m
Day closing
Workshop Closure
EnCyCriS
Coralie Esnoul Institute For Energy Technology (IFE)
:
:
:
: