Abstract
IoT devices often operate unsupervised in ever-changing environments for several years. Therefore, they need to be updated on a regular basis. Current approaches for software updates on IoT, like the recent SUIT proposal, focus on granting integrity and confidentiality but do not analyze the content of the software update, especially the IoT application which is deployed to IoT devices. To this aim, in this paper, we present IoTAV, an automated software analysis framework for systematically verifying the security of the applications contained in software updates w.r.t. a given security policy. Our proposal can be adopted transparently by current IoT software updates workflows. We prove the viability of IoTAV by testing our methodology on a set of actual RIOT OS applications. Experimental results indicate that the approach is viable in terms of both reliability and performance, leading to the identification of 26 security policy violations in 31 real-world RIOT applications.
Author supplied keywords
Cite
CITATION STYLE
Dejon, N., Caputo, D., Verderame, L., Armando, A., & Merlo, A. (2020). Automated Security Analysis of IoT Software Updates. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 12024 LNCS, pp. 223–239). Springer. https://doi.org/10.1007/978-3-030-41702-4_14
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
