최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기情報保護學會論文誌 = Journal of the Korea Institute of Information Security and Cryptology, v.31 no.1, 2021년, pp.31 - 49
김예준 (고려대학교 정보보호대학원) , 김정현 (고려대학교 정보보호대학원) , 김승주 (고려대학교 정보보호대학원)
IoT devices refer to embedded devices that can communicate with networks. Since there are various types of IoT devices and they are widely used around us, in the event of an attack, damages such as personal information leakage can occur depending on the type of device. While the security team analyz...
Security Today, "The IoT Rundown For 2020: Stats, Risks, and Solutions." Security Today, 13 Jan 2020. https://securitytoday.com/Articles/2020/01/13/The-IoT-Rundown-for-2020.aspx-Page2
PALOALTO, [online] Available: https://unit42.paloaltonetworks.com/iot-threat-report-2020/
Alshamrani, Adel, and Abdullah Bahattab. "A comparison between three SDLC models waterfall model, spiral model, and Incremental/Iterative model." International Journal of Computer Science Issues (IJCSI) 12.1 (2015): 106.
Okoli, Chitu, and Kira Schabram. "A guide to conducting a systematic literature review of information systems research." (2010).
IEEE. https://ieeexplore.ieee.org/
NDSS. https://dblp.org/db/conf/ndss/index
Usenix. https://www.usenix.org/
ACM. https://dl.acm.org/
NDSS. https://www.sciencedirect.com/
Springer, https://www.springer.com/
Zaddach, Jonas, and Andrei Costin. "Embedded devices security and firmware reverse engineering." Black-Hat USA (2013).
Shwartz, Omer, et al. "Reverse engineering IoT devices: Effective techniques and methods." IEEE Internet of Things Journal 5.6 (2018): 4965-4976.
Hernandez, Grant, et al. "Toward Automated Firmware Analysis in the IoT Era." IEEE Security & Privacy 17.5 (2019): 38-46.
Schulz, Matthias, Daniel Wegemer, and Matthias Hollick. "The Nexmon firmware analysis and modification framework: Empowering researchers to enhance Wi-Fi devices." Computer Communications 129 (2018): 269-285.
Fowze, Farhaan, et al. "ProXray: Protocol Model Learning and Guided Firmware Analysis." IEEE Transactions on Software Engineering (2019).
Basnight, Zachry, et al. "Firmware modification attacks on programmable logic controllers." International Journal of Critical Infrastructure Protection 6.2 (2013): 76-84.
Lee, Seoksu, and Eun-Sun Cho. "Toward Firmware-Type Analysis Using machine Learning Techniques." 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC). Vol. 1. IEEE, 2018.
Costin, Andrei, et al. "A large-scale analysis of the security of embedded firmwares." 23rd {USENIX} Security Symposium ({USENIX} Security 14). 2014.
Xu, Yifei, et al. "A Search-based Firmware Code Analysis Method for IoT Devices." 2018 IEEE Conference on Communications and Network Security (CNS). IEEE, 2018.
English, K. Virgil, Islam Obaidat, and Meera Sridhar. "Exploiting Memory Corruption Vulnerabilities in Connman for IoT Devices." 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 2019.
Cam, Nguyen Tan, et al. "Detect malware in android firmware based on distributed network environment." 2019 IEEE 19th International Conference on Communication Technology (ICCT). IEEE, 2019.
Cheng, Kai, et al. "DTaint: detecting the taint-style vulnerability in embedded device firmware." 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 2018.
Liu, Muqing, et al. "Security analysis of vendor customized code in firmware of embedded device." International Conference on Security and Privacy in Communication Systems. Springer, Cham, 2016.
Classen, Jiska, et al. "Anatomy of a vulnerable fitness tracking system: Dissecting the fitbit cloud, app, and firmware." Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 2.1 (2018): 1-24.
Xie, Wei, et al. "Vulnerability detection in iot firmware: A survey." 2017 IEEE 23rd International Conference on Parallel and Distributed Systems (ICPADS). IEEE, 2017.
Yao, Yao, et al. "Identifying Privilege Separation Vulnerabilities in IoT Firmware with Symbolic Execution." European Symposium on Research in Computer Security. Springer, Cham, 2019.
Al-Alami, Haneen, Ali Hadi, and Hussein Al-Bahadili. "Vulnerability scanning of IoT devices in Jordan using Shodan." 2017 2nd International Conference on the Applications of Information Technology in Developing Renewable Energy Processes & Systems (IT-DREPS). IEEE, 2017.
Krishnankutty, Deepak, et al. "Fiscal: Firmware identification using side-channel power analysis." 2017 IEEE 35th VLSI Test Symposium (VTS). IEEE, 2017.
Hou, Jin-bing, Tong Li, and Cheng Chang. "Research for vulnerability detection of embedded system firmware." Procedia Computer Science 107 (2017): 814-818.
Shirani, Paria, et al. "Binarm: Scalable and efficient detection of vulnerabilities in firmware images of intelligent electronic devices." International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, Cham, 2018.
Cui, Ang, Michael Costello, and Salvatore Stolfo. "When firmware modifications attack: A case study of embedded exploitation." (2013).
Mulliner, Collin, and Benjamin Michele. "Read It Twice! A Mass-Storage-Based TOCTTOU Attack." WOOT. 2012.
Miller, Charlie. "Battery firmware hacking." Black Hat USA (2011): 3-4.
Hudson, Trammell, and Larry Rudolph. "Thunderstrike: EFI firmware bootkits for Apple MacBooks." Proceedings of the 8th ACM International Systems and Storage Conference. 2015.
Papp, Dorottya, Zhendong Ma, and Levente Buttyan. "Embedded systems security: Threats, vulnerabilities, and attack taxonomy." 2015 13th Annual Conference on Privacy, Security and Trust (PST). IEEE, 2015.
Choi, Byung-Chul, et al. "Secure firmware validation and update for consumer devices in home networking." IEEE Transactions on Consumer Electronics 62.1 (2016): 39-44.
Konstantinou, Charalambos, and Michail Maniatakos. "Impact of firmware modification attacks on power systems field devices." 2015 IEEE International Conference on Smart Grid Communications (SmartGridComm). IEEE, 2015.
Liu, Jiajia, and Wen Sun. "Smart attacks against intelligent wearables in people-centric internet of things." IEEE Communications Magazine 54.12 (2016): 44-49.
Ling, Zhen, et al. "Security vulnerabilities of internet of things: A case study of the smart plug system." IEEE Internet of Things Journal 4.6 (2017): 1899-1909.
Shudrak, Maxim, and Vyacheslav Zolotarev. "The technique of dynamic binary analysis and its application in the information security sphere." Eurocon 2013. IEEE, 2013.
Chen, Jiongyi, et al. "IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing." NDSS. 2018.
Manes, Valentin Jean Marie, et al. "The art, science, and engineering of fuzzing: A survey." IEEE Transactions on Software Engineering (2019).
Zheng, Yaowen, et al. "FIRM-AFL: high-throughput greybox fuzzing of iot firmware via augmented process emulation." 28th {USENIX} Security Symposium ({USENIX} Security 19). 2019.
Kim, Taegyu, et al. "RVFUZZER: finding input validation bugs in robotic vehicles through control-guided testing." 28th {USENIX} Security Symposium ({USENIX} Security 19). 2019.
Gui, Zhijie, et al. "FIRMCORN: Vulnerability-Oriented Fuzzing of IoT Firmware via Optimized Virtual Execution." IEEE Access 8 (2020): 29826-29841.
Yu, Bo, et al. "Poster: Fuzzing iot firmware via multi-stage message generation." Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 2019.
Srivastava, Prashast, et al. "FirmFuzz: automated IoT firmware introspection and analysis." Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-Things. 2019.
Shila, Devu Manikantan, Penghe Geng, and Teems Lovett. "I can detect you: Using intrusion checkers to resist malicious firmware attacks." 2016 IEEE Symposium on Technologies for Homeland Security (HST). IEEE, 2016.
Li, Yanlin, Jonathan M. McCune, and Adrian Perrig. "VIPER: verifying the integrity of PERipherals' firmware." Proceedings of the 18th ACM conference on Computer and communications security. 2011.
Eriksson, Jakob, Srikanth V. Krishnamurthy, and Michalis Faloutsos. "Truelink: A practical countermeasure to the wormhole attack in wireless networks." Proceedings of the 2006 IEEE International Conference on Network Protocols. IEEE, 2006.
Cao, Fei, Qingbao Li, and Zhifeng Chen. "Vulnerability Model and Evaluation of the UEFI Platform Firmware Based on Improved Attack Graphs." 2018 IEEE 9th International Conference on Software Engineering and Service Science (ICSESS). IEEE, 2018.
Sun, Pengfei, et al. "Hybrid Firmware Analysis for Known Mobile and IoT Security Vulnerabilities." 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 2020.
Shoshitaishvili, Yan, et al. "Firmalice-automatic detection of authentication bypass vulnerabilities in binary firmware." NDSS. 2015.
Maskiewicz, Jacob, et al. "Mouse Trap: Exploiting Firmware Updates in {USB} Peripherals." 8th {USENIX} Workshop on Offensive Technologies ({WOOT} 14). 2014.
David, Yaniv, Nimrod Partush, and Eran Yahav. "Firmup: Precise static detection of common vulnerabilities in firmware." ACM SIGPLAN Notices 53.2 (2018): 392-404.
Costin, Andrei, Apostolis Zarras, and Aurelien Francillon. "Automated dynamic firmware analysis at scale: a case study on embedded web interfaces." Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. 2016.
Visoottiviseth, Vasaka, et al. "Firmaster: Analysis Tool for Home Router Firmware." 2018 15th International Joint Conference on Computer Science and Software Engineering (JCSSE). IEEE, 2018.
Hernandez, Grant, et al. "Firmusb: Vetting USB device firmware using domain informed symbolic execution." Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 2017.
Davidson, Drew, et al. "{FIE} on firmware: Finding vulnerabilities in embedded systems using symbolic execution." 22nd {USENIX} Security Symposium ({USENIX} Security 13). 2013.
Zaddach, Jonas, et al. "AVATAR: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares." NDSS. Vol. 14. 2014.
Thomas, Sam L., Flavio D. Garcia, and Tom Chothia. "HumIDIFy: a tool for hidden functionality detection in firmware." International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, Cham, 2017.
Chen, Daming D., et al. "Towards Automated Dynamic Analysis for Linux-based Embedded Firmware." NDSS. Vol. 16. 2016.
Okmianski, Anton, Mickael Graham, and Joshua B. Littlefield. "Method of identifying a home gateway using network traffic sniffing and apparatus employing the same." U.S. Patent No. 7,505,464. 17 Mar. 2009.
Chong, Hon Fong, and Danny Wee Kiat Ng. "Development of IoT device for traffic management system." 2016 IEEE Student Conference on Research and Development (SCOReD). IEEE, 2016
Lu, Chung-Ming. "Communication system for devices with UART interfaces." U.S. Patent No. 7,650,449. 19 Jan. 2010.
Zadigian, Timothy, Jonathan Stroud, and Michael Moriarty. "JTAG-based programming and debug." U.S. Patent No. 8,856,600. 7 Oct. 2014.
Rosenfeld, Kurt, and Ramesh Karri. "Attacks and Defenses for JTAG." IEEE Design & Test of Computers 27.1 (2010): 36-47.
Hwang, Joo-Young, et al. "Xen on ARM: System virtualization using Xen hypervisor for ARM-based secure mobile phones." 2008 5th IEEE Consumer Communications and Networking Conference. IEEE, 2008.
Ito, Masayuki, et al. "An 8640 MIPS SoC with independent power-off control of 8 CPUs and 8 RAMs by an automatic parallelizing compiler." 2008 IEEE International Solid-State Circuits Conference-Digest of Technical Papers. IEEE, 2008.
Pastrnak, Milan, et al. "Data-flow timing models of dynamic multimedia applications for multiprocessor systems." 4th IEEE International Workshop on System-on-chip for Real-time Applications. IEEE, 2004.
Avgerinos, Thanassis, et al. "AEG: Automatic exploit generation." (2011).
Firmware Mod Kit, [online] Available: https://github.com/rampageX/firmware-mod-kit/wiki
Binwalk, https://github.com/ReFirmLabs/Binwalk.
Pa, Yin Minn Pa, et al. "IoTPOT: analysing the rise of IoT compromises." 9th {USENIX} Workshop on Offensive Technologies ({WOOT} 15). 2015.
Bellard, Fabrice. "QEMU, a fast and portable dynamic translator." USENIX Annual Technical Conference, FREENIX Track. Vol. 41. 2005.
Zheng, Yaowen, et al. "FIRM-AFL: high-throughput greybox fuzzing of iot firmware via augmented process emulation." 28th {USENIX} Security Symposium ({USENIX} Security 19). 2019.
Microsoft, "Security Development Lifecycle - SDL Process Guidance Version 5.2", 2012
*원문 PDF 파일 및 링크정보가 존재하지 않을 경우 KISTI DDS 시스템에서 제공하는 원문복사서비스를 사용할 수 있습니다.
Free Access. 출판사/학술단체 등이 허락한 무료 공개 사이트를 통해 자유로운 이용이 가능한 논문
※ AI-Helper는 부적절한 답변을 할 수 있습니다.