The majority of Internet of Things (IoT) devices available on the market nowadays present heterogeneity problems and security problems. These devices adopt different protocols to communicate among each other, hence the definition of a series of standards has been necessary to make their interaction possible. Moreover, certification processes have been proposed to analyze manufacturer’s products in search of every vulnerability and security threat which might affect firmware and final devices. However, none of these methodologies fully considers the effects which might occur when executing an IoT firmware. Therefore, to fill in this gap, we propose the behaviors assessment as a technique which allows a certifier to evaluate whether the effects of firmware operations are in accordance with some established policies. Starting from this model, we have created a library which performs the behaviors assessment using a safe and secure programming language called Rust. We have named this library manifest-producer. This library provides APIs to analyze ELF binaries, extract their functions, disassemble machine code, and build call trees to support behavior evaluation using reverse engineering techniques in an automated way. To demonstrate its potential as an additional tool for IoT certification, we present a proof of concept showing how it helps to assess behaviors in a mock IoT firmware.
A Rust Library for Behaviors Assessment in Software Certification
Aldini, Alessandro
;Bianco, Giuseppe Marco;
2025
Abstract
The majority of Internet of Things (IoT) devices available on the market nowadays present heterogeneity problems and security problems. These devices adopt different protocols to communicate among each other, hence the definition of a series of standards has been necessary to make their interaction possible. Moreover, certification processes have been proposed to analyze manufacturer’s products in search of every vulnerability and security threat which might affect firmware and final devices. However, none of these methodologies fully considers the effects which might occur when executing an IoT firmware. Therefore, to fill in this gap, we propose the behaviors assessment as a technique which allows a certifier to evaluate whether the effects of firmware operations are in accordance with some established policies. Starting from this model, we have created a library which performs the behaviors assessment using a safe and secure programming language called Rust. We have named this library manifest-producer. This library provides APIs to analyze ELF binaries, extract their functions, disassemble machine code, and build call trees to support behavior evaluation using reverse engineering techniques in an automated way. To demonstrate its potential as an additional tool for IoT certification, we present a proof of concept showing how it helps to assess behaviors in a mock IoT firmware.| File | Dimensione | Formato | |
|---|---|---|---|
|
A_Rust_Library_for_Behaviors_Assessment_in_Software_Certification.pdf
solo utenti autorizzati
Tipologia:
Versione editoriale
Licenza:
Copyright (tutti i diritti riservati)
Dimensione
481.56 kB
Formato
Adobe PDF
|
481.56 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
