Advertisement

Security Filters for IoT Domain Isolation

  • Dominique BolignanoEmail author
  • Florence Plateau
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11247)

Abstract

Network segregation is key to the security of the Internet of Things but also to the security of more traditional critical infrastructures or SCADA systems that need to be more and more connected and allow for remote operations. We believe traditional firewalls or data diodes are not sufficient considering the new issues at stake and that a new generation of filters is needed to replace or complement existing protections in these fields.

Keywords

Internet of Things Firewalls Filters Data diodes Security Formal methods Embedded devices Connected car 

Notes

Acknowledgments

The authors would like to thank Érika Baëna and Horace Blanc for their valuable contribution to the work presented in Sect. 4.1.

References

  1. 1.
    Bolignano, D.: Proven security for the internet of things. In: Proceedings of the Embedded World Conference 2016, February 2016Google Scholar
  2. 2.
    National Vulnerability Database. In: NIST. https://web.nvd.nist.gov/view/vuln/search. Accessed 15 Jan 2016
  3. 3.
    Seaborn, M., Dulien, T.: Project zero: exploiting the DRAM rowhammer bug to gain kernel privileges (2015). http://googleprojectzero.blogspot.fr/2015/03/exploiting-dram-rowhammer-bug-to-gain.html. Accessed 15 Jan 2016
  4. 4.
    Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle. Technical report, IOActive, Seattle, WA (2015). http://www.ioactive.com/pdfs/IOActive_Remote_Car_Hacking.pdf. Accessed 15 Jan 2016
  5. 5.
    Lipp, M., et al.: Meltdown. https://arxiv.org/abs/1801.01207. Accessed 11 Jan 2018
  6. 6.
    Kocher, P., et al.: Spectre attacks: exploiting speculative execution. https://arxiv.org/abs/1801.01203. Accessed 11 Jan 2018
  7. 7.
    Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006).  https://doi.org/10.1007/11605805_1CrossRefGoogle Scholar
  8. 8.
    Lipp, M., Gruss, D., Spreitzer, R., Maurice, C., Mangard, S.: ARMageddon: cache attacks on mobile devices. In: 25th USENIX Security Symposium (USENIX Security 2016). USENIX Association, Austin, August 2016Google Scholar
  9. 9.
    Cohen, C.: AMD-PSP: fTPM Remote Code Execution via Crafted EK Certificate. http://seclists.org/fulldisclosure/2018/Jan/12. Accessed 11 Jan 2018
  10. 10.
  11. 11.
    TLS/SSL Explained – Examples of a TLS Vulnerability and Attack, Final Part. https://www.acunetix.com/blog/articles/tls-vulnerabilities-attacks-final-part/. Accessed 11 Jan 2018
  12. 12.
    When The Lights Went Out - A Comprehensive Review of the 2015 Attacks On Ukrainian Critical Infrastructure. https://www.boozallen.com/content/dam/boozallen/documents/2016/09/ukraine-report-when-the-lights-went-out.pdf. Accessed 11 Jan 2018
  13. 13.
    Beniamini, G.: Extracting Qualcomm’s KeyMaster Keys - Breaking Android Full Disk Encryption. http://bits-please.blogspot.fr/2016/06/extracting-qualcomms-keymaster-keys.html. Accessed 15 Jan 2018
  14. 14.
    Ford, B.: Parsing expression grammars: a recognition based syntactic foundation. In: Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (2004).  https://doi.org/10.1145/964001.964011
  15. 15.
    Lescuyer, S.: ProvenCore: towards a verified isolation micro-kernel. In: MILS-Workshop (2015). http://www.provenrun.com/wp-content/uploads/2015/01/Prove-Run-ProvenCore-Towards-a-Verified-Isolation-Micro-Kernel.pdf. Accessed 03 Aug 2018

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Prove & RunParisFrance

Personalised recommendations