Design and implementation of the secure compiler and virtual machine for developing secure IoT services |
| |
| Affiliation: | 1. Department of Computer Engineering, Seokyeong University, 16-1 Jungneung-Dong, Sungbuk-Ku, Seoul 136-704, Republic of Korea;2. Department of Computer Engineering, Dongguk University, 26 3-Ga Phil-Dong, Jung-Gu, Seoul 100-715, Republic of Korea;3. Department of Brain and Cognitive Engineering, Korea University, 145 Anam-ro, Seongbuk-ku, Seoul 136-713, Republic of Korea;1. University of Alabama at Birmingham, United States;2. Matlab, United States;3. North Carolina State University, United States;4. Lawrence Livermore National Laboratory, United States;1. Instituto de Computación, Universidad de la República, Montevideo, Uruguay;2. Department of Computer Science, Utrecht University, Utrecht, The Netherlands;1. Programa de Pós-Graduação em Informática, Universidade Federal do Rio de Janeiro, 21941-901, Rio de Janeiro, RJ, Brazil;2. Instituto Nacional de Metrologia, Normalização e Qualidade Industrial Duque de Caxias, RJ, Brazil;3. Colégio Pedro II, 20921-440, Rio de Janeiro, RJ, Brazil;4. Unidade Acadêmica Especializada em Ciências Agrárias, Universidade Federal do Rio Grande do Norte, 59280-000, Macaíba, RN, Brazil;5. Departamento de Informática e Matemática Aplicada, Universidade Federal do Rio Grande do Norte, 59078-970, Natal, RN, Brazil |
| |
| Abstract: | Recent years have seen the development of computing environments for IoT (Internet of Things) services, which exchange large amounts of information using various heterogeneous devices that are always connected to networks. Since the data communication and services occur on a variety of devices, which not only include traditional computing environments and mobile devices such as smartphones, but also household appliances, embedded devices, and sensor nodes, the security requirements are becoming increasingly important at this point in time. Already, in the case of mobile applications, security has emerged as a new issue, as the dissemination and use of mobile applications have been rapidly expanding. This software, including IoT services and mobile applications, is continuously exposed to malicious attacks by hackers, because it exchanges data in the open Internet environment. The security weaknesses of this software are the direct cause of software breaches causing serious economic loss. In recent years, the awareness that developing secure software is intrinsically the most effective way to eliminate the software vulnerability, rather than strengthening the security system of the external environment, has increased. Therefore, methodology based on the use of secure coding rules and checking tools is attracting attention to prevent software breaches in the coding stage to eliminate the above vulnerabilities. This paper proposes a compiler and a virtual machine with secure software concepts for developing secure and trustworthy services for IoT environments. By using a compiler and virtual machine, we approach the problem in two stages: a prevention stage, in which the secure compiler removes the security weaknesses from the source code during the application development phase, and a monitoring stage, in which the secure virtual machine monitors abnormal behavior such as buffer overflow attacks or untrusted input data handling while applications are running. |
| |
| Keywords: | Secure software IoT services S/W weakness Program analysis Compiler construction Virtual machine |
| 本文献已被 ScienceDirect 等数据库收录! |
|
