SIoT: Securing the Internet of Things through distributed system analysis

IPSN 2015 - Proceedings of the 14th International Symposium on Information Processing in Sensor Networks (Part of CPS Week)

Volumn , Issue , 2015, Pages 310-321

  Teixeira, Fernando A ^a   Machado, Gustavo V ^a   Pereira, Fernando M Q ^a   Wong, Hao Chi ^b   Nogueira, José M S ^a   Oliveira, Leonardo B ^a   Fonseca, Pablo M ^a  

^a UFMG   (Brazil)

^b INTEL CORPORATION   (United States)

Author keywords

Buffer overflow; Distributed system analysis; Internet of Things; Software security

Indexed keywords

ALGORITHMS; BUFFER STORAGE; ENERGY EFFICIENCY; INFORMATION SCIENCE; INTERNET; INTERNET OF THINGS; NETWORK SECURITY; SEMANTICS; SENSOR NETWORKS; SYSTEMS ANALYSIS;

BUFFER OVERFLOW ATTACKS; BUFFER OVERFLOWS; DISTRIBUTED SYSTEMS; ENERGY EFFICIENT; INTERNET OF THING (IOT); NETWORKED SYSTEMS; SOFTWARE SECURITY; TRADITIONAL APPROACHES;

STATIC ANALYSIS;

EID: 84954134251     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2737095.2737097     Document Type: Conference Paper

References (39)

1. F. E. Allen. Control flow analysis. ACM Sigplan Notices, 5:1-19, 1970.
2. K. Ashton. That 'Internet of Things' Thing. RFiD Journal, 22:97-114, 2009.
3. L. Atzori, A. Iera, and G. Morabito. The Internet of Things: A survey. Computer Networks, 54(15):2787-2805, 2010.
4. S. Babar, P. Mahalle, A. Stango, N. Prasad, and R. Prasad. Proposed security model and threat taxonomy for the Internet of Things (IoT). In Recent Trends in Network Security and Applications. Springer, 2010.
5. D. Balzarotti, M. Cova, V. Felmetsger, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna. Saner: Composing static and dynamic analysis to validate sanitization in web applications. In Symposium on Security and Privacy (S&P). IEEE, 2008.
6. G. Bronevetsky. Communication-sensitive static dataflow for parallel message passing applications. In International Symposium on Code Generation and Optimization (CGO). IEEE, 2009.
7. H. Chen, W. Chen, J. Huang, B. Robert, and H. Kuhn. MPIPP: An automatic profile-guided parallel process placement toolset for smp clusters and multiclusters. In International Conference on Supercomputing. ACM, 2006.
8. B. Chess and J. West. Secure Programming with Static Analysis. Addison-Wesley Professional, first edition, 2007.
9. N. Cooprider, W. Archer, E. Eide, D. Gay, and J. Regehr. Efficient memory safety for tinyos. In Conference on Embedded Networked Sensor Systems (SenSys). ACM, 2007.
10. C. Cowan, F. Wagle, C. Pu, S. Beattie, and J. Walpole. Buffer overflows: attacks and defenses for the vulnerability of the decade. In DARPA Information Survivability Conference and Exposition, (DISCEX). DARPA, 2000.
11. R. Cytron, J. Ferrante, B. K. Rosen, M. N. Wegman, and F. K. Zadeck. Efficiently computing static single assignment form and the control dependence graph. Transactions on Programming Languages and Systems, (TOPLAS), 13(4):451-490, 1991.
12. J. Devietti, C. Blundell, M. M. Martin, and S. Zdancewic. Hardbound: architectural support for spatial safety of the c programming language. ACM SIGOPS Operating Systems Review, 42(2):103-114, 2008.
13. D. Dhurjati, S. Kowshik, and V. Adve. SAFECode: enforcing alias analysis for weakly typed languages. In Conference on Programming Language Design and Implementation, (PLDI). ACM, 1996.
14. A. Dunkels, B. Gronvall, and T. Voigt. Contiki - a lightweight and flexible operating system for tiny networked sensors. In International Conference on Local Computer Networks (LCN). IEEE, 2004.
15. P. Feautrier. Automatic parallelization in the polytope model. In The Data Parallel Programming Model. Springer, 1996.
16. S. Ghose, L. Gilgeous, P. Dudnik, A. Aggarwal, and C. Waxman. Architectural support for low overhead detection of memory violations. In Design, Automation & Test in Europe (DATE). IEEE, 2009.
17. T. Heer, O. Garcia-Morchon, R. Hummen, S. L. Keoh, S. S. Kumar, and K. Wehrle. Security challenges in the IP-based Internet of Things. Springer Wireless Personal Communications, 61(3):527-542, 2011.
18. S. L. Kinney. Trusted platform module basics: using TPM in embedded systems. Newnes, 2006.
19. T. Kothmayr, W. Hu, C. Schmitt, M. Bruenig, and G. Carle. Poster: Securing the internet of things with DTLS. In Conference on Embedded Networked Sensor Systems, (SenSys). ACM, 2011.
20. C. Lattner and V. S. Adve. LLVM: A compilation framework for lifelong program analysis & transformation. In International Symposium on Code Generation and Optimization (CGO). IEEE, 2004.
21. P. Li and J. Regehr. T-check: bug finding for sensor networks. In International Conference on Information Processing in Sensor Networks (IPSN). ACM, 2010.
22. S. Nagarakatte, M. M. Martin, and S. Zdancewic. Watchdog: Hardware for safe and secure manual memory management and full memory safety. Computer Architecture News, 40(3):189-200, 2012.
23. S. Nagarakatte, M. M. Martin, and S. Zdancewic. Watchdoglite: Hardware-accelerated compiler-based pointer checking. In International Symposium on Code Generation and Optimization (CGO). IEEE, 2014.
24. N. Nethercote and J. Seward. Valgrind: a framework for heavyweight dynamic binary instrumentation. In Conference on Programming language design and implementation, (PLDI). ACM, 2007.
25. F. Nielson, H. R. Nielson, and C. Hankin. Principles of program analysis. Springer Science & Business Media, 1999.
26. L. Oliveira, M. Scott, J. Lopez, and R. Dahab. Tinypbc: Pairings for authenticated identity-based non-interactive key distribution in sensor networks. In International Conference on Networked Sensing Systems, (INSS)., pages 173-180. IEEE, 2008.
27. K. J. Ottenstein, R. A. Ballance, and A. B. MacCabe. The program dependence web: a representation supporting control-, data-, and demand-driven interpretation of imperative languages. In Conference on Programming Language Design and Implementation, (PLDI). ACM, 1990.
28. V. Pascual and L. Hascoët. Native handling of Message-Passing communication in Data-Flow analysis. In Springer Recent Advances in Algorithmic Differentiation. Springer, 2012.
29. S. Pellegrini. On Simplifying and Optimizing Message Passing Programs: A Compiler and Runtime-Based Approach. PhD thesis, University of Innsbruck, 2011.
30. A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar. SPINS: Security protocols for sensor networks. Wireless Networks, 8(5):521-534, 2002. Also in MobiCom'01.
31. R. Preissl, T. Köckerbauer, M. Schulz, D. Kranzlmüller, B. R. d. Supinski, and D. J. Quinlan. Detecting patterns in mpi communication traces. In International Conference on Parallel Processing (ICPP). ICPP, 2008.
32. R. E. Rodrigues, V. H. S. Campos, and F. M. Q. Pereira. A fast and low overhead technique to secure programs against integer overflows. In International Symposium on Code Generation and Optimization (CGO). IEEE, 2013.
33. R. Sasnauskas, O. Landsiedel, M. H. Alizai, C. Weise, S. Kowalewski, and K. Wehrle. Kleenet: discovering insidious interaction bugs in wireless sensor networks before deployment. In International Conference on Information Processing in Sensor Networks (IPSN). ACM, 2010.
34. E. J. Schwartz, T. Avgerinos, and D. Brumley. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In Symposium on Security and Privacy (S&P). IEEE, 2010.
35. K. Serebryany, D. Bruening, A. Potapenko, and D. Vyukov. AddressSanitizer: a fast address sanity checker. In Annual Technical Conference (ATA). USENIX, 2012.
36. D. Singh and W. J. Kaiser. The atom LEAP platform for energy-efficient embedded computing. Technical Report 88b146bk, UCLA, 2010.
37. M. Sridharan, S. Artzi, M. Pistoia, S. Guarnieri, O. Tripp, and R. Berg. F4F: taint analysis of framework-based web applications. In Conference on Object-Oriented Programming (OOPSLA). ACM, 2011.
38. O. Tripp, M. Pistoia, S. J. Fink, M. Sridharan, and O. Weisman. TAJ: Effective taint analysis of web applications. In Conference on Programming Language Design and Implementation (PLDI). ACM, 2009.
39. X. Wu and F. Mueller. Scalaextrap: Trace-based communication extrapolation for spmd programs. In Symposium on Principles and Practice of Parallel Programming (PPoPP). ACM, 2011.