research-article

SIoT: securing the internet of things through distributed system analysis

Authors:

Fernando A. Teixeira,

Gustavo V. Machado,

Fernando M. Q. Pereira,

José M. S. Nogueira,

Leonardo B. OliveiraAuthors Info & Claims

IPSN '15: Proceedings of the 14th International Conference on Information Processing in Sensor Networks

Pages 310 - 321

https://doi.org/10.1145/2737095.2737097

Published: 13 April 2015 Publication History

Abstract

The Internet of Things (IoT) is increasingly more relevant. This growing importance calls for tools able to provide users with correct, reliable and secure systems. In this paper, we claim that traditional approaches to analyze distributed systems are not expressive enough to address this challenge. As a solution to this problem, we present SIoT, a framework to analyze networked systems. SIoT's key insight is to look at a distributed system as a single body, and not as separate programs that exchange messages. By doing so, we can crosscheck information inferred from different nodes. This crosschecking increases the precision of traditional static analyses. To construct this global view of a distributed system we introduce a novel algorithm that discovers inter-program links efficiently. Such links lets us build a holistic view of the entire network, a knowledge that we can thus forward to a traditional tool. We prove that our algorithm always terminates and that it correctly models the semantics of a distributed system. To validate our solution, we have implemented SIoT on top of the LLVM compiler, and have used one instance of it to secure 6 ContikiOS applications against buffer overflow attacks. This instance of SIoT produces code that is as safe as code secured by more traditional analyses; however, our binaries are on average 18% more energy-efficient.

References

[1]

F. E. Allen. Control flow analysis. ACM Sigplan Notices, 5: 1--19, 1970.

Digital Library

[2]

K. Ashton. That 'Internet of Things' Thing. RFiD Journal, 22: 97--114, 2009.

[3]

L. Atzori, A. Iera, and G. Morabito. The Internet of Things: A survey. Computer Networks, 54(15): 2787--2805, 2010.

Digital Library

[4]

S. Babar, P. Mahalle, A. Stango, N. Prasad, and R. Prasad. Proposed security model and threat taxonomy for the Internet of Things (IoT). In Recent Trends in Network Security and Applications. Springer, 2010.

[5]

D. Balzarotti, M. Cova, V. Felmetsger, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna. Saner: Composing static and dynamic analysis to validate sanitization in web applications. In Symposium on Security and Privacy (S&P). IEEE, 2008.

Digital Library

[6]

G. Bronevetsky. Communication-sensitive static dataflow for parallel message passing applications. In International Symposium on Code Generation and Optimization (CGO). IEEE, 2009.

Digital Library

[7]

H. Chen, W. Chen, J. Huang, B. Robert, and H. Kuhn. MPIPP: An automatic profile-guided parallel process placement toolset for smp clusters and multiclusters. In International Conference on Supercomputing. ACM, 2006.

Digital Library

[8]

B. Chess and J. West. Secure Programming with Static Analysis. Addison-Wesley Professional, first edition, 2007.

Digital Library

[9]

N. Cooprider, W. Archer, E. Eide, D. Gay, and J. Regehr. Efficient memory safety for tinyos. In Conference on Embedded Networked Sensor Systems (SenSys). ACM, 2007.

Digital Library

[10]

C. Cowan, F. Wagle, C. Pu, S. Beattie, and J. Walpole. Buffer overflows: attacks and defenses for the vulnerability of the decade. In DARPA Information Survivability Conference and Exposition, (DISCEX). DARPA, 2000.

[11]

R. Cytron, J. Ferrante, B. K. Rosen, M. N. Wegman, and F. K. Zadeck. Efficiently computing static single assignment form and the control dependence graph. Transactions on Programming Languages and Systems, (TOPLAS), 13(4): 451--490, 1991.

Digital Library

[12]

J. Devietti, C. Blundell, M. M. Martin, and S. Zdancewic. Hardbound: architectural support for spatial safety of the c programming language. ACM SIGOPS Operating Systems Review, 42(2): 103--114, 2008.

Digital Library

[13]

D. Dhurjati, S. Kowshik, and V. Adve. SAFECode: enforcing alias analysis for weakly typed languages. In Conference on Programming Language Design and Implementation, (PLDI). ACM, 1996.

Digital Library

[14]

A. Dunkels, B. Gronvall, and T. Voigt. Contiki - a lightweight and flexible operating system for tiny networked sensors. In International Conference on Local Computer Networks (LCN). IEEE, 2004.

Digital Library

[15]

P. Feautrier. Automatic parallelization in the polytope model. In The Data Parallel Programming Model. Springer, 1996.

Digital Library

[16]

S. Ghose, L. Gilgeous, P. Dudnik, A. Aggarwal, and C. Waxman. Architectural support for low overhead detection of memory violations. In Design, Automation & Test in Europe (DATE). IEEE, 2009.

Digital Library

[17]

T. Heer, O. Garcia-Morchon, R. Hummen, S. L. Keoh, S. S. Kumar, and K. Wehrle. Security challenges in the IP-based Internet of Things. Springer Wireless Personal Communications, 61(3): 527--542, 2011.

Digital Library

[18]

S. L. Kinney. Trusted platform module basics: using TPM in embedded systems. Newnes, 2006.

Digital Library

[19]

T. Kothmayr, W. Hu, C. Schmitt, M. Bruenig, and G. Carle. Poster: Securing the internet of things with DTLS. In Conference on Embedded Networked Sensor Systems, (SenSys). ACM, 2011.

Digital Library

[20]

C. Lattner and V. S. Adve. LLVM: A compilation framework for lifelong program analysis & transformation. In International Symposium on Code Generation and Optimization (CGO). IEEE, 2004.

Digital Library

[21]

P. Li and J. Regehr. T-check: bug finding for sensor networks. In International Conference on Information Processing in Sensor Networks (IPSN). ACM, 2010.

Digital Library

[22]

S. Nagarakatte, M. M. Martin, and S. Zdancewic. Watchdog: Hardware for safe and secure manual memory management and full memory safety. Computer Architecture News, 40(3): 189--200, 2012.

Digital Library

[23]

S. Nagarakatte, M. M. Martin, and S. Zdancewic. Watchdoglite: Hardware-accelerated compiler-based pointer checking. In International Symposium on Code Generation and Optimization (CGO). IEEE, 2014.

Digital Library

[24]

N. Nethercote and J. Seward. Valgrind: a framework for heavyweight dynamic binary instrumentation. In Conference on Programming language design and implementation, (PLDI). ACM, 2007.

Digital Library

[25]

F. Nielson, H. R. Nielson, and C. Hankin. Principles of program analysis. Springer Science & Business Media, 1999.

Digital Library

[26]

L. Oliveira, M. Scott, J. Lopez, and R. Dahab. Tinypbc: Pairings for authenticated identity-based non-interactive key distribution in sensor networks. In International Conference on Networked Sensing Systems,(INSS)., pages 173--180. IEEE, 2008.

[27]

K. J. Ottenstein, R. A. Ballance, and A. B. MacCabe. The program dependence web: a representation supporting control-, data-, and demand-driven interpretation of imperative languages. In Conference on Programming Language Design and Implementation, (PLDI). ACM, 1990.

Digital Library

[28]

V. Pascual and L. Hascoët. Native handling of Message-Passing communication in Data-Flow analysis. In Springer Recent Advances in Algorithmic Differentiation. Springer, 2012.

[29]

S. Pellegrini. On Simplifying and Optimizing Message Passing Programs: A Compiler and Runtime-Based Approach. PhD thesis, University of Innsbruck, 2011.

[30]

A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar. SPINS: Security protocols for sensor networks. Wireless Networks, 8(5): 521--534, 2002. Also in MobiCom'01.

Digital Library

[31]

R. Preissl, T. Köckerbauer, M. Schulz, D. Kranzlmüller, B. R. d. Supinski, and D. J. Quinlan. Detecting patterns in mpi communication traces. In International Conference on Parallel Processing (ICPP). ICPP, 2008.

Digital Library

[32]

R. E. Rodrigues, V. H. S. Campos, and F. M. Q. Pereira. A fast and low overhead technique to secure programs against integer overflows. In International Symposium on Code Generation and Optimization (CGO). IEEE, 2013.

Digital Library

[33]

R. Sasnauskas, O. Landsiedel, M. H. Alizai, C. Weise, S. Kowalewski, and K. Wehrle. Kleenet: discovering insidious interaction bugs in wireless sensor networks before deployment. In International Conference on Information Processing in Sensor Networks (IPSN). ACM, 2010.

Digital Library

[34]

E. J. Schwartz, T. Avgerinos, and D. Brumley. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In Symposium on Security and Privacy (S&P). IEEE, 2010.

Digital Library

[35]

K. Serebryany, D. Bruening, A. Potapenko, and D. Vyukov. AddressSanitizer: a fast address sanity checker. In Annual Technical Conference (ATA). USENIX, 2012.

Digital Library

[36]

D. Singh and W. J. Kaiser. The atom LEAP platform for energy-efficient embedded computing. Technical Report 88b146bk, UCLA, 2010.

[37]

M. Sridharan, S. Artzi, M. Pistoia, S. Guarnieri, O. Tripp, and R. Berg. F4F: taint analysis of framework-based web applications. In Conference on Object-Oriented Programming (OOPSLA). ACM, 2011.

Digital Library

[38]

O. Tripp, M. Pistoia, S. J. Fink, M. Sridharan, and O. Weisman. TAJ: Effective taint analysis of web applications. In Conference on Programming Language Design and Implementation (PLDI). ACM, 2009.

Digital Library

[39]

X. Wu and F. Mueller. Scalaextrap: Trace-based communication extrapolation for spmd programs. In Symposium on Principles and Practice of Parallel Programming (PPoPP). ACM, 2011.

Digital Library

Cited By

Zhou NLiao XLi FFeng YLiu L(2021)List Scheduling Algorithm Based on Virtual Scheduling Length Table in Heterogeneous Computing SystemWireless Communications and Mobile Computing10.1155/2021/95290222021(1-16)Online publication date: 11-Dec-2021
https://doi.org/10.1155/2021/9529022
Jung WZhao HSun MZhou G(2020)IoT botnet detection via power consumption modelingSmart Health10.1016/j.smhl.2019.10010315(100103)Online publication date: Mar-2020
https://doi.org/10.1016/j.smhl.2019.100103
Chaim MSantos DCruzes D(2018)What Do We Know About Buffer Overflow Detection?International Journal of Systems and Software Security and Protection10.4018/IJSSSP.20180701019:3(1-33)Online publication date: 1-Jul-2018
https://doi.org/10.4018/IJSSSP.2018070101
Show More Cited By

Index Terms

SIoT: securing the internet of things through distributed system analysis
1. Security and privacy
  1. Systems security
    1. Operating systems security
2. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging
  2. Software organization and properties
    1. Software system structures
      1. Distributed systems organizing principles
        Organizing principles for web applications

Recommendations

Tainting is not pointless

Pointer tainting is a form of Dynamic Information Flow Tracking used primarily to prevent software security attacks such as buffer overflows. Researchers have also applied pointer tainting to malware and virus analysis.

A recent paper by Slowinska and ...
Tracking pointers with path and context sensitivity for bug detection in C programs

This paper proposes a pointer alias analysis for automatic error detection. State-of-the-art pointer alias analyses are either too slow or too imprecise for finding errors in real-life programs. We propose a hybrid pointer analysis that tracks actively ...
SIoT: Securing Internet of Things through distributed systems analysis
Abstract
The Internet of Things (IoT) is increasingly more relevant. This growing importance calls for tools able to provide users with correct, reliable and secure systems. In this paper, we claim that traditional approaches to analyze ...
Highlights
- A Buffer Overflow prevention mechanism tailor-made for Internet of Things.
- An ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

IPSN '15: Proceedings of the 14th International Conference on Information Processing in Sensor Networks

April 2015

430 pages

ISBN:9781450334754

DOI:10.1145/2737095

General Chair:
Suman Nath
Microsoft Research
,
Program Chairs:
Bhaskar Krishnamachari
University of Southern California
,
Anthony Rowe
Carnegie Mellon University

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

IEEE-SPS: Signal Processing Society
IEEE
IEEE-CSS: Control Systems Society
ACM: Association for Computing Machinery
SIGBED: ACM Special Interest Group on Embedded Systems
IEEE-CS IRTS: IEEE CS Internet, Real Time Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 April 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

IPSN '15

Sponsor:

IEEE-SPS
IEEE-CSS
ACM
SIGBED
IEEE-CS IRTS

IPSN '15: The 14th International Conference on Information Processing in Sensor Networks

April 13 - 16, 2015

Washington, Seattle

Acceptance Rates

Overall Acceptance Rate 143 of 593 submissions, 24%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
870
Total Downloads

Downloads (Last 12 months)16
Downloads (Last 6 weeks)1

Reflects downloads up to 10 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zhou NLiao XLi FFeng YLiu L(2021)List Scheduling Algorithm Based on Virtual Scheduling Length Table in Heterogeneous Computing SystemWireless Communications and Mobile Computing10.1155/2021/95290222021(1-16)Online publication date: 11-Dec-2021
https://doi.org/10.1155/2021/9529022
Jung WZhao HSun MZhou G(2020)IoT botnet detection via power consumption modelingSmart Health10.1016/j.smhl.2019.10010315(100103)Online publication date: Mar-2020
https://doi.org/10.1016/j.smhl.2019.100103
Chaim MSantos DCruzes D(2018)What Do We Know About Buffer Overflow Detection?International Journal of Systems and Software Security and Protection10.4018/IJSSSP.20180701019:3(1-33)Online publication date: 1-Jul-2018
https://doi.org/10.4018/IJSSSP.2018070101
Taveras P(2018)A Systematic Exploration on Challenges and Limitations in Middleware Programming for IoT TechnologyInternational Journal of Hyperconnectivity and the Internet of Things10.4018/IJHIoT.20180701012:2(1-20)Online publication date: 1-Jul-2018
https://doi.org/10.4018/IJHIoT.2018070101
Liu JShen HNarman HChung WLin Z(2018)A Survey of Mobile Crowdsensing TechniquesACM Transactions on Cyber-Physical Systems10.1145/31855042:3(1-26)Online publication date: 13-Jun-2018
https://dl.acm.org/doi/10.1145/3185504
Hussain SMehnaz SNirjon SBertino E(2018)Secure Seamless Bluetooth Low Energy Connection Migration for Unmodified IoT DevicesIEEE Transactions on Mobile Computing10.1109/TMC.2017.273974217:4(927-944)Online publication date: 1-Apr-2018
https://doi.org/10.1109/TMC.2017.2739742
Hussain SMehnaz SNirjon SBertino EGunningberg PVoigt TMottola LLu C(2017)SeamBlue: Seamless Bluetooth Low Energy Connection Migration for Unmodified IoT DevicesProceedings of the 2017 International Conference on Embedded Wireless Systems and Networks10.5555/3108009.3108027(132-143)Online publication date: 20-Feb-2017
https://dl.acm.org/doi/10.5555/3108009.3108027
Teixeira FNogueira JOliveira L(2017)Securing networked embedded systems code through distributed systems analysis2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM)10.23919/INM.2017.7987383(847-851)Online publication date: May-2017
https://doi.org/10.23919/INM.2017.7987383
Oliveira LQuintao Pereira FMisoczki RAranha DBorges FLiu J(2017)The Computer for the 21st Century: Security & Privacy Challenges after 25 Years2017 26th International Conference on Computer Communication and Networks (ICCCN)10.1109/ICCCN.2017.8038394(1-10)Online publication date: Jul-2017
https://doi.org/10.1109/ICCCN.2017.8038394
Neto ASouza ACunha INogueira MNunes ICotta LGentille NLoureiro AAranha DPatil HOliveira L(2016)AoTProceedings of the 14th ACM Conference on Embedded Network Sensor Systems CD-ROM10.1145/2994551.2994555(1-15)Online publication date: 14-Nov-2016
https://dl.acm.org/doi/10.1145/2994551.2994555
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents