Static analysis for discovering IoT vulnerabilities
| Autor: | Pietro Ferrara, Agostino Cortesi, Amit Kr Mandal, Fausto Spoto |
|---|---|
| Jazyk: | angličtina |
| Rok vydání: | 2021 |
| Předmět: |
IoT
Computer science Internet of Things IoT security IoT Internet of Things static analysis 02 engineering and technology Computer security computer.software_genre OWASP IoT Top 10 0202 electrical engineering electronic engineering information engineering Web application Insecure IoT ecosystem interface Settore INF/01 - Informatica business.industry 05 social sciences 050301 education 020206 networking & telecommunications Static analysis Web application security IoT privacy business 0503 education computer Software Information Systems |
| Popis: | The Open Web Application Security Project (OWASP), released the “OWASP Top 10 Internet of Things 2018” list of the high-priority security vulnerabilities for IoT systems. The diversity of these vulnerabilities poses a great challenge toward development of a robust solution for their detection and mitigation. In this paper, we discuss the relationship between these vulnerabilities and the ones listed by OWASP Top 10 (focused on Web applications rather than IoT systems), how these vulnerabilities can actually be exploited, and in which cases static analysis can help in preventing them. Then, we present an extension of an industrial analyzer (Julia) that already covers five out of the top seven vulnerabilities of OWASP Top 10, and we discuss which IoT Top 10 vulnerabilities might be detected by the existing analyses or their extension. The experimental results present the application of some existing Julia’s analyses and their extension to IoT systems, showing its effectiveness of the analysis of some representative case studies. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|