Skip to Main content Skip to Navigation
Conference papers

Automated Security Analysis of IoT Software Updates

Abstract : IoT devices often operate unsupervised in ever-changing environments for several years. Therefore, they need to be updated on a regular basis. Current approaches for software updates on IoT, like the recent SUIT proposal, focus on granting integrity and confidentiality but do not analyze the content of the software update, especially the IoT application which is deployed to IoT devices. To this aim, in this paper, we present IoTAV, an automated software analysis framework for systematically verifying the security of the applications contained in software updates w.r.t. a given security policy. Our proposal can be adopted transparently by current IoT software updates workflows. We prove the viability of IoTAV by testing our methodology on a set of actual RIOT OS applications. Experimental results indicate that the approach is viable in terms of both reliability and performance, leading to the identification of 26 security policy violations in 31 real-world RIOT applications.
Document type :
Conference papers
Complete list of metadata

https://hal.inria.fr/hal-03173903
Contributor : Hal Ifip <>
Submitted on : Thursday, March 18, 2021 - 5:38:38 PM
Last modification on : Friday, March 19, 2021 - 3:00:29 AM

File

 Restricted access
To satisfy the distribution rights of the publisher, the document is embargoed until : 2023-01-01

Please log in to resquest access to the document

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Nicolas Dejon, Davide Caputo, Luca Verderame, Alessandro Armando, Alessio Merlo. Automated Security Analysis of IoT Software Updates. 13th IFIP International Conference on Information Security Theory and Practice (WISTP), Dec 2019, Paris, France. pp.223-239, ⟨10.1007/978-3-030-41702-4_14⟩. ⟨hal-03173903⟩

Share

Metrics

Record views

41