Static analysis for discovering IoT vulnerabilities-Reference-Cited by-同舟云学术

Static analysis for discovering IoT vulnerabilities

Published:2020-11-24 Issue:1 Volume:23 Page:71-88
ISSN:1433-2779
Container-title:International Journal on Software Tools for Technology Transfer
language:en
Short-container-title:Int J Softw Tools Technol Transfer

Author:

Ferrara Pietro,Mandal Amit Kr,Cortesi Agostino,Spoto Fausto

Abstract

AbstractThe Open Web Application Security Project (OWASP), released the “OWASP Top 10 Internet of Things 2018” list of the high-priority security vulnerabilities for IoT systems. The diversity of these vulnerabilities poses a great challenge toward development of a robust solution for their detection and mitigation. In this paper, we discuss the relationship between these vulnerabilities and the ones listed by OWASP Top 10 (focused on Web applications rather than IoT systems), how these vulnerabilities can actually be exploited, and in which cases static analysis can help in preventing them. Then, we present an extension of an industrial analyzer (Julia) that already covers five out of the top seven vulnerabilities of OWASP Top 10, and we discuss which IoT Top 10 vulnerabilities might be detected by the existing analyses or their extension. The experimental results present the application of some existing Julia’s analyses and their extension to IoT systems, showing its effectiveness of the analysis of some representative case studies.

Funder

Università Ca’ Foscari Venezia

Publisher

Springer Science and Business Media LLC

Subject

Information Systems,Software

Link

http://link.springer.com/content/pdf/10.1007/s10009-020-00592-x.pdf

Reference73 articles.

1. Analyzing with sonarqube scanner. https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner. Accessed 05 Nov 2018

2. Akami: Akamai warns of upnp devices used in ddos attacks. https://www.akamai.com/us/en/about/news/press/2014-press/akamai-warns-of-upnp-devices-used-in-ddos-attacks.jsp. Accessed 05 Nov 2018

3. Alizai, Z.A., Tareen, N.F., Jadoon, I.: Improved iot device authentication scheme using device capability and digital signatures. In: 2018 International Conference on Applied and Engineering Mathematics (ICAEM), pp. 1–5 (2018). https://doi.org/10.1109/ICAEM.2018.8536261

4. Assiri, A., Almagwashi, H.: Iot security and privacy issues. In: 2018 1st International Conference on Computer Applications Information Security (ICCAIS), pp. 1–5 (2018). https://doi.org/10.1109/CAIS.2018.8442002

5. Bhawiyuga, A., Data, M., Warda, A.: Architectural design of token based authentication of mqtt protocol in constrained iot device. In: 2017 11th International Conference on Telecommunication Systems Services and Applications (TSSA), pp. 1–4 (2017). https://doi.org/10.1109/TSSA.2017.8272933

Cited by 41 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Securing Real-Time 3D Video Streaming in Digital Pathology - Challenges and Recommendations;2024 IEEE 28th International Conference on Intelligent Engineering Systems (INES);2024-07-17

2. Using machine learning algorithms to enhance IoT system security;Scientific Reports;2024-05-27

3. Patchy Performance? Uncovering the Vulnerability Management Practices of IoT-Centric Vendors;2024 IEEE Symposium on Security and Privacy (SP);2024-05-19

4. Exploring security threats and solutions Techniques for Internet of Things (IoT): from vulnerabilities to vigilance;Frontiers in Artificial Intelligence;2024-05-15

5. Key Vulnerable Nodes Discovery Based on Bayesian Attack Subgraphs and Improved Fuzzy C-Means Clustering;Mathematics;2024-05-08