TY - GEN
T1 - Identifying Channel Related Vulnerabilities in Zephyr Firmware
AU - Rajgarhia, Devansh
AU - Liu, Peng
AU - Sural, Shamik
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - In recent years, IoT devices and systems have helped make our lifestyle smarter. Operating systems running on IoT devices form a critical component for connectivity, security, networking, storage, remote device management and other system needs. As a result, applications deployed on top of such an operating system can exploit its vulnerabilities and potentially leak confidential data to the attacker. IoT devices typically have sensors that allow them to measure one or more channel values. They constitute one such example of confidential data for the user which can get leaked or manipulated by a malicious application exploiting the privileges provided by the operating system. In this work, we propose a methodology for finding security vulnerabilities using the concept of taint analysis on the LLVM IR of a part of the kernel of the Zephyr OS, a lightweight real-time operating system for connected, resource-constrained and embedded devices. Several vulnerabilities were detected as reported in the Results section.
AB - In recent years, IoT devices and systems have helped make our lifestyle smarter. Operating systems running on IoT devices form a critical component for connectivity, security, networking, storage, remote device management and other system needs. As a result, applications deployed on top of such an operating system can exploit its vulnerabilities and potentially leak confidential data to the attacker. IoT devices typically have sensors that allow them to measure one or more channel values. They constitute one such example of confidential data for the user which can get leaked or manipulated by a malicious application exploiting the privileges provided by the operating system. In this work, we propose a methodology for finding security vulnerabilities using the concept of taint analysis on the LLVM IR of a part of the kernel of the Zephyr OS, a lightweight real-time operating system for connected, resource-constrained and embedded devices. Several vulnerabilities were detected as reported in the Results section.
UR - http://www.scopus.com/inward/record.url?scp=85142085413&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85142085413&partnerID=8YFLogxK
U2 - 10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics55523.2022.00055
DO - 10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics55523.2022.00055
M3 - Conference contribution
AN - SCOPUS:85142085413
T3 - Proceedings - IEEE Congress on Cybermatics: 2022 IEEE International Conferences on Internet of Things, iThings 2022, IEEE Green Computing and Communications, GreenCom 2022, IEEE Cyber, Physical and Social Computing, CPSCom 2022 and IEEE Smart Data, SmartData 2022
SP - 113
EP - 118
BT - Proceedings - IEEE Congress on Cybermatics
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2022 IEEE Congress on Cybermatics: 15th IEEE International Conferences on Internet of Things, iThings 2022, 18th IEEE International Conferences on Green Computing and Communications, GreenCom 2022, 2022 IEEE International Conference on Cyber, Physical and Social Computing, CPSCom 2022 and 8th IEEE International Conference on Smart Data, SmartData 2022
Y2 - 22 August 2022 through 25 August 2022
ER -