We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.SE

Change to browse by:

References & Citations

DBLP - CS Bibliography

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Software Engineering

Title: A Model-Driven-Engineering Approach for Detecting Privilege Escalation in IoT Systems

Abstract: Software vulnerabilities in access control models can represent a serious threat in a system. In fact, OWASP lists broken access control as number 5 in severity among the top 10 vulnerabilities. In this paper, we study the permission model of an emerging Smart-Home platform, SmartThings, and explore an approach that detects privilege escalation in its permission model. Our approach is based on Model Driven Engineering (MDE) in addition to static analysis. This approach allows for better coverage of privilege escalation detection than static analysis alone, and takes advantage of analyzing free-form text that carries extra permissions details. Our experimental results demonstrate a very high accuracy for detecting over-privilege vulnerabilities in IoT applications
Subjects: Software Engineering (cs.SE); Cryptography and Security (cs.CR)
Cite as: arXiv:2205.11406 [cs.SE]
  (or arXiv:2205.11406v1 [cs.SE] for this version)

Submission history

From: Manar Alalfi [view email]
[v1] Mon, 23 May 2022 15:49:31 GMT (1630kb,D)

Link back to: arXiv, form interface, contact.