Experimental Security Analysis Research: Case Studies with Medical Devices, Robots, and Cars

Yoshi Kohno
University of Washington
Wednesday, May 11, 2011

Co-sponsored by ISTS and the Computer Science Department

Abstract

Yoshi Kohno University of Washington

Computer security is the art and science of building computer systems robust against the actions of adversaries. One subfield of computer security -- experimental security analysis research -- focuses on experimentally analyzing (aka "attacking", "hacking") real artifacts in order to learn from their weaknesses and failure modes and thereby develop strategies for improving the security of similar artifacts in the future. Although important, this subfield of computer security is often opaque to outsiders. What makes a good experimental security analysis project? How does one pick which artifacts to study? What should one do after obtaining (possibly serious) results?

The primary goal of this talk is to answer these questions and present examples of how to plan, conduct, and follow-through with experimental security analysis research projects. This talk will leverage three case studies. First, we will discuss the experimental security analysis of a modern, short-range wireless implantable cardiac defibrillator. Second, we will discuss the experimental security analysis of modern, household, wireless robots. And third, we will discuss the experimental security analysis of a pervasively computerized modern automobile.

Bio

Tadayoshi Kohno is an Assistant Professor in the University of Washington's Department of Computer Science and Engineering, where his research focuses on helping protect the security, privacy, and safety of users of current and future generation technologies. Kohno is the recipient of an Alfred P. Sloan Research Fellowship, a U.S. National Science Foundation CAREER Award, and a Technology Review TR-35 Young Innovator Award. Kohno received his Ph.D. from the University of California at San Diego.