Mohan Krishna Kagita , Giridhar Reddy Bojja , Mohammed Kaosar
{"title":"A framework for intelligent IoT firmware compliance testing","authors":"Mohan Krishna Kagita , Giridhar Reddy Bojja , Mohammed Kaosar","doi":"10.1016/j.iotcps.2021.07.001","DOIUrl":null,"url":null,"abstract":"<div><p>The recent mass production and usage of the Internet of Things (IoT) have posed serious concerns due to the unavoidable security complications. The firmware of IoT systems is a critical component of IoT security. Although multiple organizations have released security guidelines, few IoT vendors are following these guidelines properly, either due to a lack of accountability or the availability of appropriate resources. Some tools for this purpose can use static, dynamic, or fuzzing techniques to test the security of IoT firmware, which may result in false positives or failure to discover vulnerabilities. Furthermore, the vast majority of resources are devoted to a single subject, such as networking protocols, web interfaces, or Internet of Things computer applications. This paper aims to present a novel method for conducting compliance testing and vulnerability evaluation on IoT system firmware, communication interfaces, and networking services using static and dynamic analysis. The proposed system detects a broad range of security bugs across a wide range of platforms and hardware architectures. To test and validate our prototype, we ran tests on 4300 firmware images and discovered 13,000+ compliance issues. This work, we believe, will be the first step toward developing a reliable automated compliance testing framework for the IoT manufacturing industry and other stakeholders.</p></div>","PeriodicalId":100724,"journal":{"name":"Internet of Things and Cyber-Physical Systems","volume":"1 ","pages":"Pages 1-7"},"PeriodicalIF":0.0000,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.iotcps.2021.07.001","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet of Things and Cyber-Physical Systems","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2667345221000018","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 8
Abstract
The recent mass production and usage of the Internet of Things (IoT) have posed serious concerns due to the unavoidable security complications. The firmware of IoT systems is a critical component of IoT security. Although multiple organizations have released security guidelines, few IoT vendors are following these guidelines properly, either due to a lack of accountability or the availability of appropriate resources. Some tools for this purpose can use static, dynamic, or fuzzing techniques to test the security of IoT firmware, which may result in false positives or failure to discover vulnerabilities. Furthermore, the vast majority of resources are devoted to a single subject, such as networking protocols, web interfaces, or Internet of Things computer applications. This paper aims to present a novel method for conducting compliance testing and vulnerability evaluation on IoT system firmware, communication interfaces, and networking services using static and dynamic analysis. The proposed system detects a broad range of security bugs across a wide range of platforms and hardware architectures. To test and validate our prototype, we ran tests on 4300 firmware images and discovered 13,000+ compliance issues. This work, we believe, will be the first step toward developing a reliable automated compliance testing framework for the IoT manufacturing industry and other stakeholders.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
