“…Gerbil [144] is a binary analysis framework to identify privilege separation vulnerabilities. First, it extracts the loading information from IoT firmware to know which MCU model is used in this firmware.…”
Cyber-physical systems (CPSs) are next-generation intelligent systems that integrate computing, communication, and control. Malicious attacks on CPSs can lead to both property damage and casualties. Therefore, it is worth surveying CPS security by reviewing and analyzing the latest high-quality related works. In this paper, we provide an overview of the CPS security studies from the last five years and select 142 related works from A- or B-level conferences/journals recommended by the China Computer Federation (CCF). First, we review the main contents of the selected papers and classify them into 24 topics. Then, we analyze hotspots and trends of CPS security technologies in three dimensions: (1) architecture layers (perception, network, and application); (2) application scenarios (smart grids, health care, smart transportation, smart homes, and general grids); and (3) MADC (Measure, Attack, Defense, and Control) types. Finally, we also perform a statistical analysis in terms of paper publication times, author institutes, countries, and sponsors to show the current worldwide CPS security research situation.
“…Gerbil [144] is a binary analysis framework to identify privilege separation vulnerabilities. First, it extracts the loading information from IoT firmware to know which MCU model is used in this firmware.…”
Cyber-physical systems (CPSs) are next-generation intelligent systems that integrate computing, communication, and control. Malicious attacks on CPSs can lead to both property damage and casualties. Therefore, it is worth surveying CPS security by reviewing and analyzing the latest high-quality related works. In this paper, we provide an overview of the CPS security studies from the last five years and select 142 related works from A- or B-level conferences/journals recommended by the China Computer Federation (CCF). First, we review the main contents of the selected papers and classify them into 24 topics. Then, we analyze hotspots and trends of CPS security technologies in three dimensions: (1) architecture layers (perception, network, and application); (2) application scenarios (smart grids, health care, smart transportation, smart homes, and general grids); and (3) MADC (Measure, Attack, Defense, and Control) types. Finally, we also perform a statistical analysis in terms of paper publication times, author institutes, countries, and sponsors to show the current worldwide CPS security research situation.
“…Fig. 1 shows a typical IoT communication system based on our experiments and previous researches [13], [14], [16], [17]. The system consists of three components, an IoT device, a controller and a cloud server.…”
Section: A Architecture Of An Iot Systemmentioning
IoT security and privacy has raised grave concerns. Efforts have been made to design tools to identify and understand vulnerabilities of IoT systems. Most of the existing protocol security analysis techniques rely on a well understanding of the underlying communication protocols. In this paper, we systematically present the first manual reverse engineering framework for discovering communication protocols of embedded Linux based IoT systems. We have successfully applied our framework to reverse engineer a number of IoT systems. As an example, we present a detailed use of the framework reverse-engineering the WeMo smart plug communication protocol by extracting the firmware from the flash, performing static and dynamic analysis of the firmware and analyzing network traffic. The discovered protocol exposes severe design flaws that allow attackers to control or deny the service of victim plugs. Our manual reverse engineering framework is generic and can be applied to both read-only and writable Embedded Linux filesystems.
“…As shown in Figure 5, a legitimate user is the ownership of a smart lock with the device ID A, and an attacker owns another IoT device with the device ID B. At this point, if the attacker has access to the same local network with the user's device, he is able to send a set_device_id command to the smart lock, changing the device ID of the smart lock from A to B which has been bound with the attacker's account as revealed in recent research [24].…”
Section: Bug 6: Privilege Separation Logic Bugs In Iot Firmwarementioning
confidence: 99%
“…Thus, the local attackers are able to perform some remote sensitive command C (e.g., setting device ID or unbinding the devices) which should only be sent by cloud. Such unexpected execution paths are called privilege separation vulnerabilities in paper [24]. D. Identifying Method.…”
Section: Bug 6: Privilege Separation Logic Bugs In Iot Firmwarementioning
confidence: 99%
“…Based on the root cause of the attack, the key to identify privilege separation vulnerabilities is to identify the over-privileged common functions which will be used for performing one command but could be invoked by different interactive entities. Yao et al [24] developed a useful tool to identify the over-privileged common function according to the path constraints generated by symbolic execution.…”
Section: Bug 6: Privilege Separation Logic Bugs In Iot Firmwarementioning
In recent years, IoT platforms and systems have been rapidly emerging. Although IoT is a new technology, new does not mean simpler (than existing networked systems). Contrarily, the complexity (of IoT platforms and systems) is actually being increased in terms of the interactions between the physical world and cyberspace. The increased complexity indeed results in new vulnerabilities. This paper seeks to provide a review of the recently discovered logic bugs that are specific to IoT platforms and systems. In particular, 17 logic bugs and one weakness falling into seven categories of vulnerabilities are reviewed in this survey.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.