Supervised by: Laurent Mounier
Keywords: software security, fuzzing, Industrial IoT
Industrial Internet of Things (IIoT) refers to interconnected sensors, control automata (PLCs), and other devices networked together with computers’ industrial applications. Long-running IIoT infrastructures provide many benefits in terms of productivity and efficiency, but also raise challenges with respect to reliability, security, and evolvability. In particular, being able to maintain and update such systems while keeping dependability properties is a critical issue, highlighted by industrial norms (like IEC 62443-4-2).
In this broad context, this internship objective is to explore some techniques allowing to predict and anticipate the security impact when upgrading the code of an IIoT component. The approach proposed is to leverage existing code analysis techniques (like shadow symbolic execution  and differential/directed fuzzing [2,3]) in this specific application context, namely targeting binary code of industrial controllers.
This internship takes place in the D-IIoT project, supported by the Labex Persyval of the Université Grenoble-Alpes, and gathering several partners (LIG, INRIA Rhône-Alpes, Verimag and CEA-List).
 Tomasz Kuchta, Hristina Palikareva, and Cristian Cadar. Shadow symbolic execution for testing software patches. ACM Trans. Softw. Eng. Methodol., 27(3):10:1–10:32, 2018.
 Yannic Noller, Corina Pasareanu, Marcel Böhme, Youcheng Sun, Hoang Lam Nguyen, and Lars Grunske. Hydiff: Hybrid differential software analysis. In 42st International Conference on Software Engineering, 2020.
 Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen, Abhik Roychoudhur Directed Greybox Fuzzing. CCS 2017