UPSI Digital Repository (UDRep)
Start | FAQ | About
Menu Icon
QR Code Link :

Type :article
Subject :T Technology
ISBN :9781665414418
Main Author :Li, Hongrui
Additional Authors :Hafsah Taha
Title :Vulnerability detection algorithm of lightweight linux internet of things application with symbolic execution method
Place of Production :Tanjung Malim
Publisher :Fakulti Sains dan Matematik
Year of Publication :2021
Notes :Proceedings - 2021 International Symposium on Computer Technology and Information Science, ISCTIS 2021
Corporate Name :Universiti Pendidikan Sultan Idris
HTTP Link :Click to view web link

Abstract : Universiti Pendidikan Sultan Idris
The security of Internet of Things (IoT) devices has become a matter of great concern in recent years. The existence of security holes in the executable programs in the IoT devices has resulted in difficult to estimate security risks. For a long time, vulnerability detection is mainly completed by manual debugging and analysis, and the detection efficiency is low and the accuracy is difficult to guarantee. In this paper, the mainstream automated vulnerability analysis methods in recent years are studied, and a vulnerability detection algorithm based on symbol execution is presented. The detection algorithm is suitable for lightweight applications in small and medium-sized IoT devices. It realizes three functions: buffer overflow vulnerability detection, encryption reliability detection and protection state detection. The robustness of the detection algorithm was tested in the experiment, and the detection of overflow vulnerability program was completed within 2.75 seconds, and the detection of encryption reliability was completed within 1.79 seconds. Repeating the test with multiple sets of data showed a small difference of less than 6.4 milliseconds. The results show that the symbol execution detection algorithm presented in this paper has high detection efficiency and more robust accuracy and robustness. ? 2021 IEEE.

References

Al‐boghdady, A., Wassif, K., & El‐ramly, M. (2021). The presence, trends, and causes of security vulnerabilities in operating systems of iot’s low‐end devices. Sensors, 21(7) doi:10.3390/s21072329

Cadar, C., & Sen, K. (2013). Symbolic execution for software testing: Three decades later. Communications of the ACM, 56(2), 82-90. doi:10.1145/2408776.2408795

Cui, H., Hu, G., Wu, J., & Yang, J. (2013). Verifying systems rules using rule-directed symbolic execution. ACM SIGPLAN Notices, 48(4), 329-341. doi:10.1145/2499368.2451152

He, D., Gu, H., & Li, T. (2020). Toward hybrid static-dynamic detection of vulnerabilities in IoT firmware. IEEE Network., PP, 99, 1-6. Retrieved from www.scopus.com

Li, J., Zhao, B., & Zhang, C. (2018). Fuzzing: A survey. Cybersecurity, 1(1) doi:10.1186/s42400-018-0002-y

Miller, B. P., Cooksey, G., & Moore, F. (2006). An empirical study of the robustness of MacOS applications using random testing. Paper presented at the Proceedings of the 1st International Workshop on Random Testing, RT'06, , 2006 46-54. doi:10.1145/1145735.1145743 Retrieved from www.scopus.com

Miller, B. P., Fredriksen, L., & So, B. (1990). An empirical study of the reliability of UNIX utilities. Communications of the ACM, 33(12), 32-44. doi:10.1145/96267.96279

Moure, D., Torres, P., Casas, B., Toma, D., Blanco, M. J., Río, J. D., & Manuel, A. (2015). Use of low-cost acquisition systems with an embedded linux device for volcanic monitoring. Sensors (Switzerland), 15(8), 20436-20462. doi:10.3390/s150820436

Pereira, R. I. S., Dupont, I. M., Carvalho, P. C. M., & Jucá, S. C. S. (2018). IoT embedded linux system based on raspberry pi applied to real-time cloud monitoring of a decentralized photovoltaic plant. Measurement: Journal of the International Measurement Confederation, 114, 286-297. doi:10.1016/j.measurement.2017.09.033

Qiang, W., Liao, Y., Sun, G., Yang, L. T., & Hai, J. (2017). Patch-related vulnerability detection based on symbolic execution. IEEE Access, , 1. Retrieved from www.scopus.com

Ramos, D. A., & Engler, D. R. (2011). Practical, low-effort equivalence verification of real code doi:10.1007/978-3-642-22110-1_55 Retrieved from www.scopus.com

Wang, S., Zhang, H., Tan, H. -., & Jiang, L. -. (2011). Implementation of step motor control under embedded linux based on S3C2440. Paper presented at the Energy Procedia, , 16(PART C) 1541-1546. doi:10.1016/j.egypro.2012.01.241 Retrieved from www.scopus.com

Zhang, Y., Chen, Z., Wang, J., Dong, W., & Liu, Z. (2015). Regular property guided dynamic symbolic execution. Paper presented at the Proceedings - International Conference on Software Engineering, , 1 643-653. doi:10.1109/ICSE.2015.80 Retrieved from www.scopus.com


This material may be protected under Copyright Act which governs the making of photocopies or reproductions of copyrighted materials.
You may use the digitized material for private study, scholarship, or research.

Back to previous page
Installed and configured by Bahagian Automasi, Perpustakaan Tuanku Bainun, Universiti Pendidikan Sultan Idris
If you have enquiries, kindly contact us at pustakasys@upsi.edu.my or 016-3630263. Office hours only.