Archive / INF Seminars / INF_2022_03_15_Andrea_Continella
USI - Email

Automated Vulnerability Research for Smart Embedded Devices


Host: Prof. Antonio Carzaniga




USI Campus EST, room D1.14, Sector D // online on MS Teams

Andrea Continella
University of Twente, Netherlands
You can join here

Low-power, single-purpose embedded devices (e.g., routers and IoT devices) have become ubiquitous. While they automate and simplify many aspects of users’ lives, recent large-scale attacks have shown that their sheer number poses a severe threat to the Internet infrastructure.
Unfortunately, the software running on these systems is hardware-dependent and typically executes in unique, minimal environments with non-standard configurations, making security analysis particularly challenging. In this talk, I will discuss the challenges of applying traditional testing methods, such as symbolic execution and fuzzing, in the IoT domain, and I will present novel techniques for effective and automated discovery of security vulnerabilities.

Andrea Continella is an Assistant Professor at the Faculty of Electrical Engineering, Mathematics and Computer Science of the University of Twente, where he leads the Cybersecurity group, and he is a member of the International Secure Systems Lab (iSecLab). Previously, he was a Postdoctoral Researcher in the Computer Science Department at UC Santa Barbara, and he obtained a Ph.D. cum laude in Computer Science and Engineering at Politecnico di Milano in Italy. His research focuses on aspects of computer security traditionally known as systems security. In particular, his main research interests lie in the security of the software that people use in their daily tasks, and revolve around analyzing such software for multiple security purposes, such as malware detection, identification of privacy disclosures, and vulnerability discovery. For example, Andrea has worked on analysis and defense mechanisms against advanced threats such as the infamous ransomware families, on the detection of obfuscated privacy leaks in Android apps, and on the design of novel program analysis techniques to identify and patch vulnerabilities in embedded firmware. Andrea regularly publishes at top-tier security venues and he serves in the program committees of well-known systems security conferences (USENIX, CCS) and workshops (BAR).