Securing energy metering software with automatic source code correction

Ibéria Medeiros, N. Neves, M. Correia
{"title":"Securing energy metering software with automatic source code correction","authors":"Ibéria Medeiros, N. Neves, M. Correia","doi":"10.1109/INDIN.2013.6622969","DOIUrl":null,"url":null,"abstract":"Industry is using power meters to monitor the consumption of energy and achieving cost savings. This monitoring often involves energy metering software with a web interface. However, web applications often have vulnerabilities that can be exploited by cyber-attacks. We present an approach and a tool to solve this problem by analyzing the application source code and automatically inserting fixes to remove the discovered vulnerabilities. We demonstrate the use of the tool with two open source energy metering applications in which it found and corrected 17 vulnerabilities. By looking in more detail into some of these vulnerabilities, we argue that they are very serious, leading to the following impacts: violation of user privacy, counter the benefits of energy metering, and serve as entering points for attacks on other user software.","PeriodicalId":6312,"journal":{"name":"2013 11th IEEE International Conference on Industrial Informatics (INDIN)","volume":"50 1","pages":"701-706"},"PeriodicalIF":0.0000,"publicationDate":"2013-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 11th IEEE International Conference on Industrial Informatics (INDIN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INDIN.2013.6622969","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 8

Abstract

Industry is using power meters to monitor the consumption of energy and achieving cost savings. This monitoring often involves energy metering software with a web interface. However, web applications often have vulnerabilities that can be exploited by cyber-attacks. We present an approach and a tool to solve this problem by analyzing the application source code and automatically inserting fixes to remove the discovered vulnerabilities. We demonstrate the use of the tool with two open source energy metering applications in which it found and corrected 17 vulnerabilities. By looking in more detail into some of these vulnerabilities, we argue that they are very serious, leading to the following impacts: violation of user privacy, counter the benefits of energy metering, and serve as entering points for attacks on other user software.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
安全能源计量软件与自动源代码更正
工业正在使用电表来监控能源消耗并实现成本节约。这种监测通常涉及带有网络界面的能源计量软件。然而,web应用程序通常具有可被网络攻击利用的漏洞。我们提供了一种方法和工具来解决这个问题,通过分析应用程序源代码并自动插入修复程序来删除发现的漏洞。我们通过两个开源能源计量应用程序演示了该工具的使用,其中它发现并纠正了17个漏洞。通过更详细地研究其中一些漏洞,我们认为它们非常严重,会导致以下影响:侵犯用户隐私,抵消能源计量的好处,并成为攻击其他用户软件的切入点。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Assessment of IEC-61499 and CDL for Function Block composition in factory-wide system integration Roll stabilization: A higher order sliding mode approach Analysis and prediction of jitter of internet one-way time-delay for teleoperation systems Remote rendering of industrial HMI applications An intelligent SA-adaptive interface to aid supervisory control of a UAV swarm
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1