Formal verification of IoT applications using rewriting logic: An MDE-based approach

Fortas, Abdelouahab; Kerkouche, Elhillali; Chaoui, Allaoua

doi:10.1016/j.scico.2022.102859

Cited by 8 publications

(2 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Formal Methods: Using formal methods can help improve the accuracy, completeness, scalability, and applicability of the system [44,45]. Integrating formal methods with the IoTFuzzBench may be approached from several aspects, for example, modeling part of IoTFuzzBench precisely, using modularity and compositionality to divide the whole system into smaller subsystems, and considering data independence in the fuzzing process.…”

Section: Discussion and Future Workmentioning

confidence: 99%

IoTFuzzBench: A Pragmatic Benchmarking Framework for Evaluating IoT Black-Box Protocol Fuzzers

et al. 2023

View full text Add to dashboard Cite

High scalability and low operating cost make black-box protocol fuzzing a vital tool for discovering vulnerabilities in the firmware of IoT smart devices. However, it is still challenging to compare black-box protocol fuzzers due to the lack of unified benchmark firmware images, complete fuzzing mutation seeds, comprehensive performance metrics, and a standardized evaluation framework. In this paper, we design and implement IoTFuzzBench, a scalable, modular, metric-driven automation framework for evaluating black-box protocol fuzzers for IoT smart devices comprehensively and quantitatively. Specifically, IoTFuzzBench has so far included 14 real-world benchmark firmware images, 30 verified real-world benchmark vulnerabilities, complete fuzzing seeds for each vulnerability, 7 popular fuzzers, and 5 categories of complementary performance metrics. We deployed IoTFuzzBench and evaluated 7 popular black-box protocol fuzzers on all benchmark firmware images and benchmark vulnerabilities. The experimental results show that IoTFuzzBench can not only provide fast, reliable, and reproducible experiments, but also effectively evaluate the ability of each fuzzer to find vulnerabilities and the differential performance on different performance metrics. The fuzzers found a total of 13 vulnerabilities out of 30. None of these fuzzers can outperform the others on all metrics. This result demonstrates the importance of comprehensive metrics. We hope our findings ease the burden of fuzzing evaluation in IoT scenarios, advancing more pragmatic and reproducible fuzzer benchmarking efforts.

show abstract

Section: Discussion and Future Workmentioning

confidence: 99%

IoTFuzzBench: A Pragmatic Benchmarking Framework for Evaluating IoT Black-Box Protocol Fuzzers

et al. 2023

View full text Add to dashboard Cite

show abstract

“…The paper [36] proposed an MDE-based formal approach to define ThingML's formal semantics for modeling Internet of Things (IoT) applications. The variability of IoT components and communication protocols makes designing and developing them difficult.…”

Section: Related Workmentioning

confidence: 99%

A Survey on Formal Verification and Validation Techniques for Internet of Things

Krichen

2023

Applied Sciences

View full text Add to dashboard Cite

The Internet of Things (IoT) has brought about a new era of connected devices and systems, with applications ranging from healthcare to transportation. However, the reliability and security of these systems are critical concerns that must be addressed to ensure their safe and effective operation. This paper presents a survey of formal verification and validation (FV&V) techniques for IoT systems, with a focus on the challenges and open issues in this field. We provide an overview of formal methods and testing techniques for the IoT and discuss the state explosion problem and techniques to address it. We also examined the use of AI in software testing and describe examples of tools that use AI in this context. Finally, we discuss the challenges and open issues in FV&V for the IoT and present possible future directions for research. This survey paper aimed to provide a comprehensive understanding of the current state of FV&V techniques for IoT systems and to highlight areas for further research and development.

show abstract

Towards Formal Verification of Node RED-Based IoT Applications

Garfatta,

Souid,

Klai

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Formal verification of IoT applications using rewriting logic: An MDE-based approach

Cited by 8 publications

References 33 publications

IoTFuzzBench: A Pragmatic Benchmarking Framework for Evaluating IoT Black-Box Protocol Fuzzers

IoTFuzzBench: A Pragmatic Benchmarking Framework for Evaluating IoT Black-Box Protocol Fuzzers

A Survey on Formal Verification and Validation Techniques for Internet of Things

Towards Formal Verification of Node RED-Based IoT Applications

Contact Info

Product

Resources

About