Quantifying IoT Security Parameters: An Assessment Framework

Ebad, Shouki A.

doi:10.1109/access.2023.3313975

Cited by 1 publication

(1 citation statement)

References 51 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although such transformation contains subcategories (as shown in Table 1), it still focuses on a single mythology, i.e., removing lines or words from the source code. This can be insufficient for securing new applications working under the IoT paradigm because the source code of these applications-at least in the current simple IoT architecture-is vulnerable to tampering due to various factors, including the heterogeneous nature of the IoT devices and their limited resources, which are rapidly increasing [19]. Some tools use the 'other transformations' category (number 4 in Table 1), which includes splitting, merging, and encryption.…”

Section: The Most Widely Used Obfuscation Transformations In Obfuscat...mentioning

confidence: 99%

Exploring Android Obfuscators and Deobfuscators: An Empirical Investigation

Ebad,

Darem

2024

Electronics

Self Cite

View full text Add to dashboard Cite

Researchers have proposed different obfuscation transformations supported by numerous smartphone protection tools (obfuscators and deobfuscators). However, there is a need for a comprehensive study to empirically characterize these tools that belong to different categories of transformations. We propose a property-based framework to systematically classify twenty cutting-edge tools according to their features, analysis type, programming language support, licensing, applied obfuscation transformations, and general technical drawbacks. Our analysis predominantly reveals that very few tools work at the dynamic level, and most tools (which are static-based) work for Java or Java-based ecosystems (e.g., Android). The findings also show that the widespread adoption of renaming transformations is followed by formatting and code injection. In addition, this paper pinpoints the technical shortcomings of each tool; some of these drawbacks are common in static-based analyzers (e.g., resource consumption), and other drawbacks have negative effects on the experiment conducted by students (e.g., a third-party library involved). According to these critical limitations, we provide some timely recommendations for further research. This study can assist not only Android developers and researchers to improve the overall health of their apps but also the managers of computer science and cybersecurity academic programs to embed suitable obfuscation tools in their curricula.

show abstract

Section: The Most Widely Used Obfuscation Transformations In Obfuscat...mentioning

confidence: 99%