Senior Design Team sdmay21-41 • IoT Security Verification
Project Overview:
The Internet of Things (IoT) is becoming more and more a part of people's everyday lives. Devices
such as locks, cameras, and smart-speakers are just a very small view of all the ways our lives are
going online. With all of these devices having important roles, being located in private places, and
gathering loads of information, the security of them is much more prevalent as it would be
problematic if it got into the wrong hands.
There are already some ways that the security of the code behind these IoT devices is being tested.
However, there are a lot of security properties that aren't being as thoroughly checked. One of the
ways is through a program called BenchExec. BenchExec is a security validation software that helps
compare different software verification tools to help find which tools will suitably satisfy your
needs. These tools test a variety of common security failings to ensure that the software can be
validated and secure for any developing needs regarding the compatible c software. Our project is
developing on BenchExec and expanding it to focus on IoT device code and test different IoT
libraries.
The final goal of the project is to create a set of IoT benchmarks, and utilize the top three tools and
security properties to verify said benchmarks. This will allow future competitions to validate future
tools for IoT code.