short-paper

Interface diversification in IoT operating systems

Authors:

Shohreh Hosseinzadeh,

Lauri Koivunen,

Ville LeppänenAuthors Info & Claims

UCC '16: Proceedings of the 9th International Conference on Utility and Cloud Computing

Pages 304 - 309

https://doi.org/10.1145/2996890.3007877

Published: 06 December 2016 Publication History

Abstract

With the advancement of Internet in Things (IoT) more and more "things" are connected to each other through the Internet. Due to the fact that the collected information may contain personal information of the users, it is very important to ensure the security of the devices in IoT.

Diversification is a promising technique that protects the software and devices from harmful attacks and malware by making interfaces unique in each separate system. In this paper we apply diversification on the interfaces of IoT operating systems. To this aim, we introduce the diversification in post-compilation and linking phase of the software life-cycle, by shuffling the order of the linked objects while preserving the semantics of the code. This approach successfully prevents malicious exploits from producing adverse effects in the system. Besides shuffling, we also apply library symbol diversification method, and construct needed support for it e.g. into the dynamic loading phase.

Besides studying and discussing memory layout shuffling and symbol diversification as a security measures for IoT operating systems, we provide practical implementations for these schemes for Thingsee OS and Raspbian operating systems and test these solutions to show the feasibility of diversification in IoT environments.

References

[1]

NuttX Real-Time Operating System. http://nuttx.org/. Accessed 17 August 2016.

[2]

Raspbian. https://www.raspbian.org/.

[3]

ThingSee One. https://thingsee.com/. Accessed 17 August 2016.

[4]

Internet of things research study: 2015 report. http://www8.hp.com/h20195/V2/GetPDF.aspx/4AA5-4759ENW.pdf, 2015.

[5]

Procedure Call Standard for the ARM® Architecture. http://infocenter.arm.com/help/topic/com.arm.doc.ihi0042f/IHI0042F_aapcs.pdf, 2015.

[6]

M. Abadi and G. D. Plotkin. On protection by layout randomization. ACM Trans. Inf. Syst. Secur., 15(2):8:1--8:29, July 2012.

Digital Library

[7]

E. Bhatkar, D.C. Duvarney, and R. Sekar. Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In In Proceedings of the 12th USENIX Security Symposium, pages 105--120, 2003.

Digital Library

[8]

F.B. Cohen. Operating system protection through program evolution. Computers & Security, 12(6):565--584, 1993.

Digital Library

[9]

C. Collberg, C. Thomborson, and D. Low. A Taxonomy of Obfuscation Transformations. Technical Report 148, The University of Auckland, 1997.

[10]

M. Franz. E unibus pluram: Massive-scale software diversity as a defense mechanism. In Proceedings of the 2010 Workshop on New Security Paradigms, NSPW '10, pages 7-16, New York, NY, USA, 2010. ACM.

Digital Library

[11]

Gartner. Gartner Says 6.4 Billion Connected things Will Be in Use in 2016, Up 30 Percent From 2015. http://www.vxdev.com/docs/vx55man/vxworks/guide/c-vm.html. Accessed: 2016-06-23.

[12]

S. Hosseinzadeh, S. Hyrynsalmi, and V. Leppänen. Obfuscation and diversification for securing the Internet of Things (IoT). In Rajkumar Buyya and Amir Vahid Dastjerdi, editors, Internet of Things Principles and Paradigms, chapter 14, pages 259--274. Morgan Kaufmann is an imprint of Elsevier, Cambridge, MA 02139, USA, 2016.

[13]

S. Hosseinzadeh, S. Rauti, S. Hyrynsalmi, and V. Leppänen. Security in the internet of things through obfuscation and diversification. In Computing, Communication and Security (ICCCS), 2015 International Conference on, pages 1-5, Dec 2015.

[14]

S. Hosseinzadeh, S. Rauti, S. Laurén, J.-M. Mäkelä, J. Holvitie, S. Hyrynsalmi, and V. Leppänen. A survey on aims and environments of diversification and obfuscationin software security. In International Conference on Computer Systems and Technologies - CompSysTech'16, page 8 pages, 2016. accepted-to be published in 2016.

Digital Library

[15]

F.-H. Hsu, C.-H. Huang, C.-H. Hsu, C.-W. Ou, L.-H. Chen, and P.-C. Chiu. Hsp: A solution against heap sprays. Journal of Systems and Software, 83(11):2227 -- 2236, 2010. Interplay between Usability Evaluation and Software Development.

Digital Library

[16]

C. Kil, J. Jun, C. Bookholt, J. Xu, and P. Ning. Address space layout permutation (aslp): Towards fine-grained randomization of commodity software. In Computer Security Applications Conference, 2006. ACSAC '06. 22nd Annual, pages 339--348, Dec 2006.

Digital Library

[17]

P. Larsen, A. Homescu, S. Brunthaler, and M. Franz. SoK: Automated software diversity. In Security and Privacy (SP), 2014 IEEE Symposium on, pages 276--291, May 2014.

Digital Library

[18]

S. Lauren, S. Rauti, and V. Leppänen. Diversification of system calls in linux kernel. In Boris Rachev and Angel Smrikarov, editors, Proceedings of the 16th International Conference on Computer Systems and Technologies, volume 1008 of ACM ICPS, page 284--291. ACM Press, 2015.

Digital Library

[19]

S. Laurén, P. Mäki, S. Rauti, S. Hosseinzadeh, S. Hyrynsalmi, and V. Leppänen. Symbol diversification of linux binaries. In C.A. Shonigun and G.A. Akmayeva, editors, Proceedings of World Congress on Internet Security (WorldCIS-2014), page 75--80. Infonomics Society, 2014.

[20]

Y. Le and H. Huo-Jiao. Research on java bytecode parse and obfuscate tool. In International Conference on Computer Science Service System (CSSS), pages 50--53, Aug 2012.

Digital Library

[21]

A. R. Pop et al. DEP/ASLR implementation progress in popular third-party windows applications. 2010.

[22]

S. Rauti, S. Laurén, S. Hosseinzadeh, J.-M. Mäkelä, S. Hyrynsalmi, and V. Leppänen. Diversification of system calls in linux binaries. In Moti Yung, Liehuang Zhu, and Yanjiang Yang, editors, Trusted Systems --- 6th International Conference, INTRUST 2014, Lecture Notes in Computer Science, page 15--35. Beijing Institute of Technology, 2014.

Digital Library

[23]

H. Shacham. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS '07, pages 552--561, New York, NY, USA, 2007. ACM.

Digital Library

Cited By

Frotan NYazıcı R(2024)ARAYÜZ ÇEŞİTLENDİRMESİNİN KÖTÜ AMAÇLI YAZILIMLARDA KULLANIM DURUMUİstanbul Ticaret Üniversitesi Teknoloji ve Uygulamalı Bilimler Dergisi10.56809/icujtas.1410198Online publication date: 9-May-2024
https://doi.org/10.56809/icujtas.1410198
Rauti SLaato S(2024)Enhancing resilience in IoT cybersecurity: the roles of obfuscation and diversification techniques for improving the multilayered cybersecurity of IoT systemsData & Policy10.1017/dap.2024.846Online publication date: 13-Dec-2024
https://doi.org/10.1017/dap.2024.84
Rai NGrover J(2024)Analysis of crypto module in RIOT OS using Frama-CThe Journal of Supercomputing10.1007/s11227-024-06171-080:13(18521-18543)Online publication date: 18-May-2024
https://doi.org/10.1007/s11227-024-06171-0
Show More Cited By

Index Terms

Interface diversification in IoT operating systems
1. Security and privacy
  1. Software and application security
    1. Software security engineering

Recommendations

A survey on security issues in IoT operating systems
Abstract
The security issues of the core (operating systems) of the Internet of Things (IoT) are becoming increasingly urgent and prominent, this article conducts a systematic research and summary of the security of the current mainstream IoT operating ...
Operating Systems for IoT Devices: A Critical Survey
TENSYMP '15: Proceedings of the 2015 IEEE Region 10 Symposium

The future of communication resides in Internet of Things, which is certainly the most sought after technology today. The applications of IoT are diverse, and range from ordinary voice recognition to critical space programmes. Recently, a lot of efforts ...
Security challenges in IoT development: a software engineering perspective
XP '17: Proceedings of the XP2017 Scientific Workshops

The rapid growth of Internet-of-things (IoT) software applications has driven both practitioners and researchers' attention to methodological approaches for secure IoT development. Security issues for IoT is special in the way that they include not only ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

UCC '16: Proceedings of the 9th International Conference on Utility and Cloud Computing

December 2016

549 pages

ISBN:9781450346160

DOI:10.1145/2996890

General Chairs:
Changjun Jiang
Tongji University, China
,
Omer Rana
Cardiff University, UK
,
Nick Antonopoulos
University of Derby, UK

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 December 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Conference

UCC '16

UCC '16: 9th International Conference on Utility and Cloud Computing

December 6 - 9, 2016

Shanghai, China

Acceptance Rates

Overall Acceptance Rate 38 of 125 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
514
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Frotan NYazıcı R(2024)ARAYÜZ ÇEŞİTLENDİRMESİNİN KÖTÜ AMAÇLI YAZILIMLARDA KULLANIM DURUMUİstanbul Ticaret Üniversitesi Teknoloji ve Uygulamalı Bilimler Dergisi10.56809/icujtas.1410198Online publication date: 9-May-2024
https://doi.org/10.56809/icujtas.1410198
Rauti SLaato S(2024)Enhancing resilience in IoT cybersecurity: the roles of obfuscation and diversification techniques for improving the multilayered cybersecurity of IoT systemsData & Policy10.1017/dap.2024.846Online publication date: 13-Dec-2024
https://doi.org/10.1017/dap.2024.84
Rai NGrover J(2024)Analysis of crypto module in RIOT OS using Frama-CThe Journal of Supercomputing10.1007/s11227-024-06171-080:13(18521-18543)Online publication date: 18-May-2024
https://doi.org/10.1007/s11227-024-06171-0
Le CGrande ACarmine AThompson JKhan Mohd T(2022)Analysis of Various Vulnerabilities in the Raspbian Operating System and Solutions2022 IEEE World AI IoT Congress (AIIoT)10.1109/AIIoT54504.2022.9817202(01-06)Online publication date: 6-Jun-2022
https://doi.org/10.1109/AIIoT54504.2022.9817202
Navas RToutain LPapadopoulos G(2022)Moving Target Defense Techniques for the IoTIntelligent Security Management and Control in the IoT10.1002/9781394156030.ch11(267-292)Online publication date: Jul-2022
https://doi.org/10.1002/9781394156030.ch11
Navas RCuppens FBoulahia Cuppens NToutain LPapadopoulos G(2021)MTD, Where Art Thou? A Systematic Review of Moving Target Defense Techniques for IoTIEEE Internet of Things Journal10.1109/JIOT.2020.30403588:10(7818-7832)Online publication date: 15-May-2021
https://doi.org/10.1109/JIOT.2020.3040358
Zhou JQiao D(2020)Alternate Distributed Beamforming for Decode-and-Forward Multi-Relay Systems Using Buffers2020 International Conference on Computing, Networking and Communications (ICNC)10.1109/ICNC47757.2020.9049754(878-884)Online publication date: Feb-2020
https://doi.org/10.1109/ICNC47757.2020.9049754
Paz RSehovic ACook DArmstrong L(2019)A Novel Approach to Resource Starvation Attacks on Message Queuing Telemetry Transport Brokers2019 4th International Conference on Information Technology, Information Systems and Electrical Engineering (ICITISEE)10.1109/ICITISEE48480.2019.9003770(150-154)Online publication date: Nov-2019
https://doi.org/10.1109/ICITISEE48480.2019.9003770
Rauti SKoivunen LMäki PHosseinzadeh SLaurén SHolvitie JLeppänen V(2018)Internal Interface Diversification as a Security Measure in Sensor NetworksJournal of Sensor and Actuator Networks10.3390/jsan70100127:1(12)Online publication date: 6-Mar-2018
https://doi.org/10.3390/jsan7010012
Liang X(2018)Internet of Things and its applications in libraries: a literature reviewLibrary Hi Tech10.1108/LHT-01-2018-0014Online publication date: 20-Aug-2018
https://doi.org/10.1108/LHT-01-2018-0014

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten