Abstract
Current computing paradigm like Mobile, Fog, and Cloud Computing are becoming far more interconnected, thereby moving from single, isolated, paradigms to complex ecosystems built on a fruitful integration among several computing paradigms. From a security standpoint, this leads to a novel and unprecedented attack surface. To deal with such threats, applying state-of-the-art security analysis techniques on each paradigm can be insufficient. We claim that novel analysis methodologies able to systematically analyze the ecosystem as a whole must be put forward. To this aim, in this paper, we introduce the idea of AppIoTTE, a novel approach to the security testing of Mobile-IoT hybrid ecosystems, as well as some notes on its implementation working on Android (Mobile) and Android Things (IoT) applications.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Asus smarthome vulnerability. https://infosec.cert-pa.it/cve-2019-11063.html
ilnkp2p flaws expose over 2 million iot devices to remote attacks. https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/ilnkp2p-flaws-expose-over-2-million-iot-devices-to-remote-attacks
Iot edge computing challenges and functions. https://tools.ietf.org/html/draft-hong-t2trg-iot-edge-computing-01
The mirai botnet explained: How teen scammers and CCTV cameras almost brought down the internet. https://www.csoonline.com/article/3258748/the-mirai-botnet-explained-how-teen-scammers-and-cctv-cameras-almost-brought-down-the-internet.html. Accessed 24 Feb 2020
Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., Ayyash, M.: Internet of things: a survey on enabling technologies, protocols, and applications. IEEE Commun. Surv. Tutor. (2015)
Almorsy, M., Grundy, J., Müller, I.: An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107
Armando, A., Costa, G., Merlo, A., Verderame, L.: Enabling BYOD through secure meta-market, pp. 219–230 (2014)
Baccelli, E., Hahm, O., Gunes, M., Wahlisch, M., Schmidt, T.C.: Riot OS: towards an OS for the internet of things. In: 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). IEEE (2013)
Caputo, D., Verderame, L., Aonzo, S., Merlo, A.: Droids in disarray: detecting frame confusion in hybrid android apps. In: IFIP Annual Conference on Data and Applications Security and Privacy. Springer (2019)
Celik, Z.B., McDaniel, P., Tan, G.: Soteria: automated iot safety and security analysis. In: 2018 USENIX Annual Technical Conference (USENIX ATC 18). USENIX Association, July 2018
Celik, Z.B., Tan, G., McDaniel, P.D.: IoTGuard: dynamic enforcement of security and safety policy in commodity IoT. In: NDSS (2019)
Chen, D.D., Woo, M., Brumley, D., Egele, M.: Towards automated dynamic analysis for Linux-based embedded firmware. In: NDSS (2016)
Gobbo, N., Merlo, A., Migliardi, M.: A denial of service attack to GSM networks via attach procedure. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). LNCS, vol. 8128, pp. 361–376 (2013)
Gonzalez, N., et al.: A quantitative analysis of current security concerns and solutions for cloud computing. J. Cloud Comput.: Adv. Syst. Appl. (2012)
Zhao, Q., Zuo, C., Lin, Z., Wang, X., Lau, W., Sun, M., Yang, R., Zhang, K., Chen, J., Diao, W.: Iotfuzzer: discovering memory corruptions in IoT through app-based fuzzing. In: NDSS (2018)
Johari, R., Sharma, P.: A survey on web application vulnerabilities (SQLIA, XSS) exploitation and security engine for SQL injection. In: 2012 International Conference on Communication Systems and Network Technologies. IEEE (2012)
Lee, I., Lee, K.: The Internet of Things (IoT): Applications, Investments, and Challenges for Enterprises. Business Horizons (2015)
Somorovsky, J., Heiderich, M., Jensen, M., Schwenk, J., Gruschka, N., Iacono, L.L.: All your clouds are belong to us: security analysis of cloud management interfaces. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop. Association for Computing Machinery, New York (2011)
Teixeira, F.A., et al.: SIoT: securing internet of things through distributed systems analysis. Future Gener. Comput. Syst. 92 (2019)
Tripp, O., Pistoia, M., Cousot, P., Cousot, R., Guarnieri, S.: Andromeda: accurate and scalable security analysis of web applications. In: International Conference on Fundamental Approaches to Software Engineering. Springer (2013)
Wang, X., Sun, Y., Nanda, S., Wang, X.: Looking from the mirror: evaluating IoT device security through mobile companion apps. In: 28th USENIX Security Symposium (USENIX Security 19). USENIX Association (2019)
Wei, F., Roy, S., Ou, X.: Amandroid: a precise and general inter-component data flow analysis framework for security vetting of android apps. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (2014)
Zhu, L., Fu, X., Yao, Y., Zhang, Y., Wang, H.: FIoT: detecting the memory corruption in lightweight IoT device firmware. In: 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Verderame, L., Caputo, D., Migliardi, M., Merlo, A. (2020). AppIoTTE: An Architecture for the Security Assessment of Mobile-IoT Ecosystems. In: Barolli, L., Amato, F., Moscato, F., Enokido, T., Takizawa, M. (eds) Web, Artificial Intelligence and Network Applications. WAINA 2020. Advances in Intelligent Systems and Computing, vol 1150. Springer, Cham. https://doi.org/10.1007/978-3-030-44038-1_79
Download citation
DOI: https://doi.org/10.1007/978-3-030-44038-1_79
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-44037-4
Online ISBN: 978-3-030-44038-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)