skip to main content


This content will become publicly available on May 1, 2024

Title: DEVFUZZ: Automatic Device Model-Guided Device Driver Fuzzing
Award ID(s):
2153747
NSF-PAR ID:
10417602
Author(s) / Creator(s):
; ; ;
Date Published:
Journal Name:
IEEE Symposium on Security and Privacy
Page Range / eLocation ID:
3246-3261
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. This paper considers cache-aided device-to-device (D2D) networks where a trusted server helps to preserve the privacy of the users’ demands. Specifically, the trusted server collects the users’ demands before the delivery phase and sends a query to each user, who then broadcasts multicast packets according to this query. Recently the Authors proposed a D2D private caching scheme that was shown to be order optimal except for the very low memory size regime, where the optimality was proved by comparing to a converse bound without privacy constraint. The main contribution of this paper is a novel converse bound for the studied model where users may collude (i.e., some users share cache contents and demanded files, and yet cannot infer what files the remaining users have demanded) and under the placement phase is uncoded. To the best of the Author’s knowledge, such a general bound is the first that genuinely accounts for the demand privacy constraint. The novel converse bound not only allows to show that the known achievable scheme is order optimal in all cache size regimes (while the existing converse bounds cannot show it), but also has the potential to be used in other variants of demand private caching. 
    more » « less
  2. null (Ed.)
  3. The security of Internet-of-Things (IoT) devices in the residential environment is important due to their widespread presence in homes and their sensing and actuation capabilities. However, securing IoT devices is challenging due to their varied designs, deployment longevity, multiple manufacturers, and potentially limited availability of long-term firmware updates. Attackers have exploited this complexity by specifically targeting IoT devices, with some recent high-profile cases affecting millions of devices. In this work, we explore access control mechanisms that tightly constrain access to devices at the residential router, with the goal of precluding access that is inconsistent with legitimate users' goals. Since many residential IoT devices are controlled via applications on smartphones, we combine application sensors on phones with sensors at residential routers to analyze workflows. We construct stateful filters at residential routers that can require user actions within a registered smartphone to enable network access to an IoT device. In doing so, we constrain network packets only to those that are consistent with the user's actions. In our experiments, we successfully identified 100% of malicious traffic while correctly allowing more than 98% of legitimate network traffic. The approach works across device types and manufacturers with straightforward API and state machine construction for each new device workflow. 
    more » « less