Identifying Channel Related Vulnerabilities in Zephyr Firmware

Devansh Rajgarhia, Peng Liu, Shamik Sural

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In recent years, IoT devices and systems have helped make our lifestyle smarter. Operating systems running on IoT devices form a critical component for connectivity, security, networking, storage, remote device management and other system needs. As a result, applications deployed on top of such an operating system can exploit its vulnerabilities and potentially leak confidential data to the attacker. IoT devices typically have sensors that allow them to measure one or more channel values. They constitute one such example of confidential data for the user which can get leaked or manipulated by a malicious application exploiting the privileges provided by the operating system. In this work, we propose a methodology for finding security vulnerabilities using the concept of taint analysis on the LLVM IR of a part of the kernel of the Zephyr OS, a lightweight real-time operating system for connected, resource-constrained and embedded devices. Several vulnerabilities were detected as reported in the Results section.

Original languageEnglish (US)
Title of host publicationProceedings - IEEE Congress on Cybermatics
Subtitle of host publication2022 IEEE International Conferences on Internet of Things, iThings 2022, IEEE Green Computing and Communications, GreenCom 2022, IEEE Cyber, Physical and Social Computing, CPSCom 2022 and IEEE Smart Data, SmartData 2022
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages113-118
Number of pages6
ISBN (Electronic)9781665454179
DOIs
StatePublished - 2022
Event2022 IEEE Congress on Cybermatics: 15th IEEE International Conferences on Internet of Things, iThings 2022, 18th IEEE International Conferences on Green Computing and Communications, GreenCom 2022, 2022 IEEE International Conference on Cyber, Physical and Social Computing, CPSCom 2022 and 8th IEEE International Conference on Smart Data, SmartData 2022 - Espoo, Finland
Duration: Aug 22 2022Aug 25 2022

Publication series

NameProceedings - IEEE Congress on Cybermatics: 2022 IEEE International Conferences on Internet of Things, iThings 2022, IEEE Green Computing and Communications, GreenCom 2022, IEEE Cyber, Physical and Social Computing, CPSCom 2022 and IEEE Smart Data, SmartData 2022

Conference

Conference2022 IEEE Congress on Cybermatics: 15th IEEE International Conferences on Internet of Things, iThings 2022, 18th IEEE International Conferences on Green Computing and Communications, GreenCom 2022, 2022 IEEE International Conference on Cyber, Physical and Social Computing, CPSCom 2022 and 8th IEEE International Conference on Smart Data, SmartData 2022
Country/TerritoryFinland
CityEspoo
Period8/22/228/25/22

All Science Journal Classification (ASJC) codes

  • Artificial Intelligence
  • Computer Networks and Communications
  • Renewable Energy, Sustainability and the Environment
  • Control and Optimization
  • Communication
  • Computer Science Applications

Fingerprint

Dive into the research topics of 'Identifying Channel Related Vulnerabilities in Zephyr Firmware'. Together they form a unique fingerprint.

Cite this