Peter Aufner scite author profile

Peter Aufner

2Publications

18Citation Statements Received

50Citation Statements Given

How they've been cited

How they cite others

Affiliations

SBA Research

Publications

Order By: Most citations

The IoT security gap: a look down into the valley between threat models and their implementation

Aufner¹

2019

Int. J. Inf. Secur.

View full text Add to dashboard Cite

We claim to have identified gaps between threat modeling frameworks, threat model use in IoT security research and attacks that may be missed by current research. While security research includes sections known as 'threat models', these models are not supported by the categorization and standardization that threat modeling frameworks would have to offer. Then again, if existing threat modeling frameworks were used, they would still allow many vulnerabilities to pass through undetected, since they are meant for software-only projects. This work will explain the origins of IoT research, enumerate common threat modeling frameworks and give an insight into the state of IoT security research. In the course of this, it will become clear how these gaps came to be and what research directions would help to close them.

show abstract

Plugin in the Middle - Minimising Security Risks in Mobile Middleware Implementations

Aufner

Merzdovnik

Huber

et al. 2014

View full text Add to dashboard Cite

Mobile computing platforms, like smartphones and tablet computers, are becoming a commodity nowadays. The diversity and fast changing nature of these systems often makes it hard for developers to adapt their applications to the user's context. To simplify development a number of approaches have been suggested, which offer a context-middleware solution such that common functionality can be pooled into plugins and provided to applications. These extensions are then automatically installed if needed, thus enabling easier and faster development of complex applications. Furthermore, if the device changes, it often suffices to exchange the plugins for the applications to function correctly. However, mobile platforms like Android never expected integration in the sense that one application would dynamically host pieces of code from different vendors and allow access to other applications, since doing so basically circumvents many built-in security measures of the operating system. In this paper we analyze Ambient Dynamix, an advanced context-middleware solution, in detail. Hereby, we propose and evaluate security mechanisms to increase the security of Ambient Dynamix. We outline a system to verify the permissions an application requests against the actual Ambient Dynamix plugins it uses. In the following, we evaluate the use of static code analysis to ensure requested and used permissions by a novel method for lightweight on-device analysis. Finally, we propose a secure infrastructure to host, download and install third-party plugins. Our proposed security extensions significantly improve the user's security regarding third-party applications and considerably advance the area of secure mobile middleware.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Peter Aufner

The IoT security gap: a look down into the valley between threat models and their implementation

Plugin in the Middle - Minimising Security Risks in Mobile Middleware Implementations

Contact Info

Product

Resources

About