| Title | An Auditing Framework for Vulnerability Analysis of IoT System |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Nadir, Ibrahim, Ahmad, Zafeer, Mahmood, Haroon, Asadullah Shah, Ghalib, Shahzad, Farrukh, Umair, Muhammad, Khan, Hassam, Gulzar, Usman |
| Conference Name | 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS PW) |
| Keywords | auditing, auditing framework, communication vulnerabilities, firmware, Framework, Human Behavior, Internet of Things, Internet-of-Things, IoT, IoT device, IoT system, open-source framework, open-source tools, physical world, pubcrawl, public domain software, Resiliency, resource constraint nature, Scalability, security, Security Audits, security frameworks, security of data, virtual world, vulnerability analysis |
| Abstract | Introduction of IoT is a big step towards the convergence of physical and virtual world as everyday objects are connected to the internet nowadays. But due to its diversity and resource constraint nature, the security of these devices in the real world has become a major challenge. Although a number of security frameworks have been suggested to ensure the security of IoT devices, frameworks for auditing this security are rare. We propose an open-source framework to audit the security of IoT devices covering hardware, firmware and communication vulnerabilities. Using existing open-source tools, we formulate a modular approach towards the implementation of the proposed framework. Standout features in the suggested framework are its modular design, extensibility, scalability, tools integration and primarily autonomous nature. The principal focus of the framework is to automate the process of auditing. The paper further mentions some tools that can be incorporated in different modules of the framework. Finally, we validate the feasibility of our framework by auditing an IoT device using proposed toolchain. |
| DOI | 10.1109/EuroSPW.2019.00011 |
| Citation Key | nadir_auditing_2019 |
An Auditing Framework for Vulnerability Analysis of IoT System