DESCRIPTION
IoT-SESOD aims to run closed-loop system experiment producing cybersecurity dataset(s), namely generating complete and accurate (I)IoT firmware SBoMs and their always-up-to-date vulnerability (CVE) mappings
By 2025, 80% of the data will be processed by IoT devices, though many times they are “black-boxes” from UI/UX and cybersecurity perspectives. New security reports are regularly published about new vulnerabilities in IoT devices. Many of those vulnerabilities are the result of integration/reuse of (vulnerable) software components, as well as discovery of new vulnerabilities in thought-to-be-secure components. The reuse of (vulnerable) components has a high negative impact as it increases many-fold the attack surface and entry-points to production and home networks. Most of the times, it is hard/impossible to know what is running inside an IoT device/firmware and whether (vulnerable) components are reused, as most IoT firmware comes in binary packages and vendors almost never publish software composition also known as Software Bill of Materials (SBoM). IoT-SESOD aims to run closed-loop system experiment producing cybersecurity dataset(s), namely generating complete and accurate (I)IoT firmware SBoMs and their always-up-to-date vulnerability (CVE) mappings.
IoT-SESOD aims to run closed-loop system experiment producing cybersecurity dataset(s), namely generating complete and accurate (I)IoT firmware SBoMs and their always-up-to-date vulnerability (CVE) mappings. One of the main end goals of IoT-SESOD is to make the resulting datasets available in subsequent EUHubs4Data calls, as well as available for researchers, practitioners and innovators interested in the field or building new applications and value-added services atop such data.
TECHNICAL MILESTONES
- Binare.io produced a cybersecurity dataset, generating complete and accurate IoT firmware SBoMs and their always up-to-date vulnerability mapping
- More than 14.000 IoT/IIoT firmware files were checked
- 7.9 million vulnerabilities identified in firmware files
- 3652 distinct CVEs identified
- More than 150 device types from 215 different vendors were scanned
- 2733 distinct software components were detected
- Generate original and unique dataset(s) - proposed and envisioned dataset(s) are themselves innovative and very forward-looking
- (I)IoT firmwareSBoM” forinnovative APIs and tech-solutions - structured access to dataset(s), allowing third-parties to use the data most optimally, and build complementary cybersecurity solutions.
- Support forward-looking innovation- expected to attract ever-increasing innovation projects to EUH4D (and its related-initiatives); Enable exploration of novel research directions and innovative applications for (IoT) cybersecurity
- IoT-SESOD indirectly brings strong social and economic impact via its cybersecurity aims and resulting footprint. Most (if not all) modern societies are mostly digitalized, or are on the path to full digitalization. This means that cybersecurity, as a horizontal cross-cutting foundation to anything digital, is and will become increasingly important, indispensable, and increasingly mandatory (e.g., regulations, certifications, legal).
- The KERs we plan will allow knowing (I)IoT device software/firmware composition thus vulnerability exposure of ever increasing number of (I)IoT edge devices.