Parth
Doshi
SURF Finding Cybersecurity vulnerabilities in Embedded/IoT systems
Abstract profile. Full document pending author claim.
Authors:
Parth Doshi
Date Created:
Not specified
Course Title:
Professor:
Not specified
About Paper:
Embedded Network Stacks (ENS) enable interaction between software and physical devices. They enable seamless communication and ensure reliable data transmission. Several flaws found in ENS can pose high- severity cybersecurity risks. These are remotely triggerable and can impact the physical world, highlighting the significance of testing ENS to detect and address these vulnerabilities. Although previous research has provided insights into the characteristics of defects in various types of software systems, there is a gap in the literature regarding the properties of known defects specifically in ENS, and an easy method of integrating more ENS to be tested. This paper highlights a systematic testing framework and a portability layer that facilitates an easier integration of other ENS - Zephyr, Linux, to be tested and analyzed. The development of a portability layer facilitates testing of a larger number of ENS enabling identification of vulnerabilities across diverse ENS systems. Most of these defects, primarily concentrated in two specific layers of the network stack, can be triggered by modifying just one or two fields within a single packet to produce testing scripts. To verify the effectiveness of the scripts we generated, a unit testing approach was developed that evaluated each functionality individually. Our results concluded 90% line coverage evaluating the effectiveness of the unit testing approach. Additionally, the portability layer was examined by integrating two additional Network Stacks and verifying the correctness of its functionality. Implementation of this layer reduced source code for the system call functions by 150 lines on an average per ENS.
Source:
Purdue University / 2023
Topics:
No topics listed
Co-authors:
Parth Doshi