A Step Towards Checking Security in IoT

From Lambda Calculus to Cybersecurity Through Program Analysis

Ferrari

et al. 2020

Self Cite

The Internet of Things (IoT) is deeply changing our society. Daily we use smart devices that automatically collect, aggregate and exchange data about our lives. These data are often pivotal when they are used e.g. to train learning algorithms, to control cyber-physical systems, and to guide administrators to take crucial decisions. As a consequence, security attacks on devices can cause severe damages on IoT systems that take care of essential services, such as delivering power, water, transport, and so on. The difficulty of preventing intrusions or attacks is magnified by the big amount of devices and components IoT systems are composed of. Therefore, it is crucial to identify the most critical components in a network of devices and to understand their level of vulnerability, so as to detect where it is better to intervene for improving security. In this paper, we start from the modelling language IoT-LySa and from the results of Control Flow Analysis that statically predict the manipulation of data and their possible trajectories. On this basis, we aim at deriving possible graphs of how data move and which are their dependencies. These graphs can be analysed, by exploiting some security metrics -among which those introduced by Barrere, Hankin et al. -offering system administrators different estimates of the security level of their systems. Partially supported by Università di Pisa PRA_2018_66 DECLWARE: Metodologie dichiarative per la progettazione e il deployment di applicazioni and by MIUR project PRIN 2017FTXR7S IT MATTERS (Methods and Tools for Trustworthy Smart Systems). := (x c ch I check I ≥ cr I thI ). alarmI c al I , 1CR, ring .h ACR = µh.(1CR, {Ring}).τ.h

Section: Discussionmentioning

confidence: 99%

Section: Overview Of Iot-lysamentioning

confidence: 99%

See 1 more Smart Citation

Security Metrics at Work on the Things in IoT Systems

From Lambda Calculus to Cybersecurity Through Program Analysis

Ferrari

et al. 2020

Self Cite

“…More precisely, the first branch is executed when the node receives a message with guard temp (line 7). The node checks if the temperature x is below or above a given threshold, instructs the actuator, and sends an acknowledgement accordingly (lines [8][9][10][11][12][13][14]. The second case is when the node receives the message with guard quit (line 17): the process sends an acknowledgement and terminates.…”

Section: An Overview Of Iot-lysamentioning

confidence: 99%

“…Otherwise, the r-tuple is not accepted. The present variant of IoT-LySa has external choices not originally included in [9,8] 5 that is rendered by two branches guarded by two different input actions. Note that input and output actions may contain tags c ∈ C .…”

Section: A Iot-lysa Syntaxmentioning

confidence: 99%

Tool Supported Analysis of IoT

Electron. Proc. Theor. Comput. Sci.

Galletta

et al. 2017

Self Cite

The design of IoT systems could benefit from the combination of two different analyses. We perform a first analysis to approximate how data flow across the system components, while the second analysis checks their communication soundness. We show how the combination of these two analyses yields further benefits hardly achievable by separately using each of them. We exploit two independently developed tools for the analyses.Firstly, we specify IoT systems in IoT-LySa, a simple specification language featuring asynchronous multicast communication of tuples. The values carried by the tuples are drawn from a term-algebra obtained by a parametric signature. The analysis of communication soundness is supported by ChorGram, a tool developed to verify the compatibility of communicating finite-state machines. In order to combine the analyses we implement an encoding of IoT-LySa processes into communicating machines. This encoding is not completely straightforward because IoT-LySa has multicast communications with data, while communication machines are based on point-to-point communications where only finitely many symbols can be exchanged. To highlight the benefits of our approach we appeal to a simple yet illustrative example.

Revealing the Trajectories of KLAIM Tuples, Statically

Models, Languages, and Tools for Concurrent and Distributed Programming

Ferrari

et al. 2019

Self Cite

KLAIM (Kernel Language for Agents Interaction and Mobility) has been devised to design distributed applications composed by many components deployed over the nodes of a distributed infrastructure and to offer programmers primitive constructs for communicating, distributing and retrieving data. Data could be sensitive and some nodes could not be secure. As a consequence it is important to track data in their traversal of the network. To this aim, we propose a Control Flow Analysis that over-approximates the behaviour of KLAIM processes and tracks how tuple data can move in the network.