Award Abstract # 1646305
CPS: Synergy: Collaborative Research: Support for Security and Safety of Programmable IoT Systems

NSF Org: CNS
Division Of Computer and Network Systems
Recipient: UNIVERSITY OF ILLINOIS
Initial Amendment Date: September 13, 2016
Latest Amendment Date: September 13, 2016
Award Number: 1646305
Award Instrument: Standard Grant
Program Manager: Ralph Wachter
rwachter@nsf.gov  (703)292-8950
CNS  Division Of Computer and Network Systems
CSE  Directorate for Computer and Information Science and Engineering
Start Date: January 1, 2017
End Date: December 31, 2020 (Estimated)
Total Intended Award Amount: $352,088.00
Total Awarded Amount to Date: $352,088.00
Funds Obligated to Date: FY 2016 = $352,088.00
History of Investigator:
  • Darko Marinov (Principal Investigator)
     marinov@illinois.edu
Recipient Sponsored Research Office: University of Illinois at Urbana-Champaign
 506 S WRIGHT ST
 URBANA
 IL  US  61801-3620
(217)333-2187
Sponsor Congressional District: 13
Primary Place of Performance: University of Illinois at Urbana-Champaign
 IL  US  61820-7473
Primary Place of Performance
Congressional District:		 13
Unique Entity Identifier (UEI): Y8CWNJRCNN91
Parent UEI: V2PHZ2CSCH63
NSF Program(s): CPS-Cyber-Physical Systems
Primary Program Source: 01001617DB NSF RESEARCH & RELATED ACTIVIT
01001617RB NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s): 7918, 8235, 8237
Program Element Code(s): 791800
Award Agency Code: 4900
Fund Agency Code: 4900
Assistance Listing Number(s): 47.070

ABSTRACT

This work examines how to get safety and security in Internet of Things (IoT) systems where multiple devices (things), each designed in isolation from others, are brought together to form a networked system, controlled via one or more software applications ("apps"). "Things" in an IoT environment can include simple devices such as switches, lightbulbs, smart locks, thermostats, and safety alarms as well as complex systems such as appliances, smartphones, and cars. Software IoT "apps" can monitor and control multiple devices in homes, cars, cities, and businesses, providing significant benefits such as energy efficiency, security, safety, and user convenience. Unfortunately, programmable IoT systems also introduce new risks, including enabling remote control by hackers of devices in smart homes, cars, and cities, via buggy IoT apps. Testing IoT apps to remove bugs is currently challenging due to a variety of physical devices with which such apps may interact, including devices that were not even available during app development. The proposed work will help develop techniques for testing IoT apps efficiently and for enforcing safety and security constraints on their run-time behavior.

More specifically, the proposed work is centered around three technical thrusts: 1) creating virtual device models to help efficiently test IoT apps systematically without knowing the precise details of physical devices that the apps will control in advance; 2) automating test development for an IoT app to check safety and security specifications against a flexible set of devices; and 3) providing support for enforcement of specifications at run-time for security and safety assertions. The work includes extensive experimentation and evaluation using diverse devices and will represent a significant advance in hardening this important spaces

PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH

Note:  When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

Hilton, Michael and Bell, Jonathan and Marinov, Darko "A large-scale study of test coverage evolution" 33rd IEEE/ACM Conference on Automated Software Engineering , 2018 10.1145/3238147.3238183 Citation Details
Gyori, Alex and Garg, Pranav and Pek, Edgar and Madhusudan, P. "Efficient Incrementalized Runtime Checking of Linear Measures on Lists" 2017 IEEE International Conference on Software Testing, Verification and Validation (ICST) , 2017 10.1109/icst.2017.35 Citation Details
Gyori, Alex and Lahiri, Shuvendu K. and Partush, Nimrod "Refining interprocedural change-impact analysis using equivalence relations" Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis - ISSTA 2017 , 2017 10.1145/3092703.3092719 Citation Details
Gyori, Alex and Legunsen, Owolabi and Hariri, Farah and Marinov, Darko "Evaluating Regression Test Selection Opportunities in a Very Large Open-Source Ecosystem" 29th International Symposium on Software Reliability Engineering (ISSRE) , 2018 10.1109/ISSRE.2018.00022 Citation Details
Miranda, Breno and Lima, Igor and Legunsen, Owolabi and d'Amorim, Marcelo "Prioritizing Runtime Verification Violations" 2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST 2020) , 2020 https://doi.org/10.1109/ICST46399.2020.00038 Citation Details
Shi, August and Hadzi-Tanovic, Milica and Zhang, Lingming and Marinov, Darko and Legunsen, Owolabi "Reflection-aware static regression test selection" Proceedings of the ACM on Programming Languages , v.3 , 2019 10.1145/3360613 Citation Details
Wang, Kaiyuan and Sullivan, Allison and Marinov, Darko and Khurshid, Sarfraz "Fault Localization for Declarative Models in Alloy" 31st IEEE International Symposium on Software Reliability Engineering (ISSRE 2020) , 2020 https://doi.org/10.1109/ISSRE5003.2020.00044 Citation Details
Yang, Jiayi and Wang, Wenxi and Marinov, Darko and Khurshid, Sarfraz "AlloyMC: Alloy meets model counting" 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Demo Papers (ESEC/FSE Demo 2020) , 2020 https://doi.org/10.1145/3368089.3417938 Citation Details

PROJECT OUTCOMES REPORT

Disclaimer

This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.

This project was a collaboration between the University of Michigan and the University of Illinois at Urbana-Champaign. The project developed novel techniques to improve security, safety, and testing of Internet of Things (IoT) and related systems. In IoT, multiple devices ("things"), often designed in isolation from others, are brought together to form a networked system, controlled via one or more software applications ("apps"). "Things" in an IoT environment can include simple devices such as "smart" switches, light bulbs, locks, thermostats, and safety alarms, as well as complex systems such as appliances and cars. Software IoT "apps" can monitor and control multiple devices in homes, cars, cities, and businesses. However, these programmable IoT systems also introduce new security and safety risks, including enabling remote control by hackers of devices.


The project resulted in research contributions on several topics, including these highlights: (1) identifying and addressing emerging security threats in computer vision systems such as autonomous vehicles in which, for example, tampered traffic signs with stickers or graffiti can result in misclassification of the traffic sign by machine learning models; (2) addressing emerging security and safety threats due to side-channel exploits in processor vulnerabilities, which are expected to become a significant issue even on IoT platforms that use much simpler processors and may not allow execution of arbitrary downloaded code; and (3) identifying weaknesses in reporting of security vulnerabilities in open-source ecosystems and recommending ways of addressing the weaknesses.


The project also resulted in broader impact. The popular GitHub platform now offers recommended mechanisms for reporting security vulnerabilities. The work on vulnerability of computer vision systems to physical perturbations, especially in the context of recognizing traffic signs, has resulted in open-sourced software and has been highly cited in popular press, including BBC, and a stop sign from the work has been exhibited at the London Science Museum to illustrate how machines can differ from humans in recognizing objects. The grant partially supported training of over a dozen graduate students and several undergraduate students who published over 20 research papers, mostly at top conferences. Several PhD students involved in this project became assistant professors, including at Cornell University, Stony Brook University, University of Wisconsin-Madison, and University of Texas at Austin.


Last Modified: 01/21/2021
Modified by: Darko Marinov

Please report errors in award information by writing to: awardsearch@nsf.gov.

Print this page

Back to Top of page

Top