Published: May 18, 2020
Author(s)
Kayla Ibrahim (University at Albany, SUNY), Suryadipta Majumdar (University at Albany, SUNY), Daniel Bastos (British Telecom Research Lab), Anoop Singhal (NIST)
Conference
Name: 41st IEEE Symposium on Security and Privacy
Dates: 05/18/2020 - 05/20/2020
Location: Virtual Conference
Internet of Things (IoT) is being widely adopted in recent years. Security, however, has lagged behind, as evidenced by the increasing number of attacks that use IoT devices (e.g., an arson that uses a smart oven, burglary via a smart lock). Therefore, the transparency and accountability of those devices very often become questionable. To that end, formally verifying the system state of those devices against desirable security rules might be a promising solution. However, there is a significant gap between the high-level security recommendations (e.g., NISTIR 8228, NISTIR 8259, OWASP IoT guidance, UK code of practice, and ENISA good practices) for IoT, and the low-level system data (e.g., sensor data, logs, configurations) in IoT devices. This poster aims to bridge this gap and design a technique to automatically define actionable security rules based on those high-level recommendations and to enable the verification of those low-level implementations of IoT devices.
Internet of Things (IoT) is being widely adopted in recent years. Security, however, has lagged behind, as evidenced by the increasing number of attacks that use IoT devices (e.g., an arson that uses a smart oven, burglary via a smart lock). Therefore, the transparency and accountability of those...
See full abstract
Internet of Things (IoT) is being widely adopted in recent years. Security, however, has lagged behind, as evidenced by the increasing number of attacks that use IoT devices (e.g., an arson that uses a smart oven, burglary via a smart lock). Therefore, the transparency and accountability of those devices very often become questionable. To that end, formally verifying the system state of those devices against desirable security rules might be a promising solution. However, there is a significant gap between the high-level security recommendations (e.g., NISTIR 8228, NISTIR 8259, OWASP IoT guidance, UK code of practice, and ENISA good practices) for IoT, and the low-level system data (e.g., sensor data, logs, configurations) in IoT devices. This poster aims to bridge this gap and design a technique to automatically define actionable security rules based on those high-level recommendations and to enable the verification of those low-level implementations of IoT devices.
Hide full abstract
Keywords
IoT; security rules; verification
Control Families
None selected