Abstract
Many embedded systems today are no longer isolated control units, but are fully fledged miniature desktops with their own kernel and sometimes operating system networked with the outside world. This opens up a whole new set of security issues previously not known to embedded systems. One example is potentially malicious input that exploits source code weaknesses leading to critical mission failures. In this paper we propose a new automated malicious input detection approach that works on a staged application of traditional tainted dataflow analysis and syntactic software model checking. The advantages of this approach are that tainted data can be tracked from its source to its application point, a precise path through the source code can be computed, speed and precision can be custom-tuned by automated refinement, and the approach is flexible to deal with real-life security threats. We illustrate our approach with a number of analysis examples taken from existing open source C/C++ projects.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the Workshop on Embedded Systems Security, WESS '11 |
| Place of Publication | New York, NY |
| Publisher | Association for Computing Machinery (ACM) |
| Pages | 1-10 |
| Number of pages | 10 |
| ISBN (Print) | 9781450308199 |
| DOIs | |
| Publication status | Published - 2011 |
| Externally published | Yes |
| Event | 6th Workshop on Embedded Systems Security, WESS 2011 - Taipei, Taiwan Duration: 9 Oct 2011 → 14 Oct 2011 |
Conference
| Conference | 6th Workshop on Embedded Systems Security, WESS 2011 |
|---|---|
| Country/Territory | Taiwan |
| City | Taipei |
| Period | 9/10/11 → 14/10/11 |
Keywords
- Command injection
- Model checking
- Security
- Static analysis