{"title":"安全能源计量软件与自动源代码更正","authors":"Ibéria Medeiros, N. Neves, M. Correia","doi":"10.1109/INDIN.2013.6622969","DOIUrl":null,"url":null,"abstract":"Industry is using power meters to monitor the consumption of energy and achieving cost savings. This monitoring often involves energy metering software with a web interface. However, web applications often have vulnerabilities that can be exploited by cyber-attacks. We present an approach and a tool to solve this problem by analyzing the application source code and automatically inserting fixes to remove the discovered vulnerabilities. We demonstrate the use of the tool with two open source energy metering applications in which it found and corrected 17 vulnerabilities. By looking in more detail into some of these vulnerabilities, we argue that they are very serious, leading to the following impacts: violation of user privacy, counter the benefits of energy metering, and serve as entering points for attacks on other user software.","PeriodicalId":6312,"journal":{"name":"2013 11th IEEE International Conference on Industrial Informatics (INDIN)","volume":"50 1","pages":"701-706"},"PeriodicalIF":0.0000,"publicationDate":"2013-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"Securing energy metering software with automatic source code correction\",\"authors\":\"Ibéria Medeiros, N. Neves, M. Correia\",\"doi\":\"10.1109/INDIN.2013.6622969\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Industry is using power meters to monitor the consumption of energy and achieving cost savings. This monitoring often involves energy metering software with a web interface. However, web applications often have vulnerabilities that can be exploited by cyber-attacks. We present an approach and a tool to solve this problem by analyzing the application source code and automatically inserting fixes to remove the discovered vulnerabilities. We demonstrate the use of the tool with two open source energy metering applications in which it found and corrected 17 vulnerabilities. By looking in more detail into some of these vulnerabilities, we argue that they are very serious, leading to the following impacts: violation of user privacy, counter the benefits of energy metering, and serve as entering points for attacks on other user software.\",\"PeriodicalId\":6312,\"journal\":{\"name\":\"2013 11th IEEE International Conference on Industrial Informatics (INDIN)\",\"volume\":\"50 1\",\"pages\":\"701-706\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-07-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 11th IEEE International Conference on Industrial Informatics (INDIN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/INDIN.2013.6622969\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 11th IEEE International Conference on Industrial Informatics (INDIN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INDIN.2013.6622969","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Securing energy metering software with automatic source code correction
Industry is using power meters to monitor the consumption of energy and achieving cost savings. This monitoring often involves energy metering software with a web interface. However, web applications often have vulnerabilities that can be exploited by cyber-attacks. We present an approach and a tool to solve this problem by analyzing the application source code and automatically inserting fixes to remove the discovered vulnerabilities. We demonstrate the use of the tool with two open source energy metering applications in which it found and corrected 17 vulnerabilities. By looking in more detail into some of these vulnerabilities, we argue that they are very serious, leading to the following impacts: violation of user privacy, counter the benefits of energy metering, and serve as entering points for attacks on other user software.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
