Efficient memory safety for TinyOS

ManuscriptReliable sensor network software is difficult to create: applications are concurrent and distributed, hardware-based memory protection is unavailable, and severe resource constraints necessitate the use of unsafe, low-level languages. Our work improves this situation by providing efficient memory and type safety for TinyOS 2 applications running on the Mica2, MicaZ, and TelosB platforms. Safe execution ensures that array and pointer errors are caught before they can corrupt RAM. Our contributions include showing that aggressive optimizations can make safe execution practical in terms of resource usage; developing a technique for efficiently enforcing safety under interrupt-driven concurrency; extending the nesC language and compiler to support safety annotations; finding previously unknown bugs in TinyOS; and, finally, showing that safety can be exploited to increase the availability of sensor networks applications even when memory errors are left unfixed

Intelligent intrusion detection in low power IoTs

Security and privacy of data are one of the prime concerns in today’s Internet of Things (IoT). Conventional security techniques like signature-based detection of malware and regular updates of a signature database are not feasible solutions as they cannot secure such systems effectively, having limited resources. Programming languages permitting immediate memory accesses through pointers often result in applications having memory-related errors, which may lead to unpredictable failures and security vulnerabilities. Furthermore, energy efficient IoT devices running on batteries cannot afford the implementation of cryptography algorithms as such techniques have significant impact on the system power consumption. Therefore, in order to operate IoT in a secure manner, the system must be able to detect and prevent any kind of intrusions before the network (i.e., sensor nodes and base station) is destabilised by the attackers. In this article, we have presented an intrusion detection and prevention mechanism by implementing an intelligent security architecture using random neural networks (RNNs). The application’s source code is also instrumented at compile time in order to detect out-of-bound memory accesses. It is based on creating tags, to be coupled with each memory allocation and then placing additional tag checking instructions for each access made to the memory. To validate the feasibility of the proposed security solution, it is implemented for an existing IoT system and its functionality is practically demonstrated by successfully detecting the presence of any suspicious sensor node within the system operating range and anomalous activity in the base station with an accuracy of 97.23%. Overall, the proposed security solution has presented a minimal performance overhead.</jats:p

A State-Machine Model for Reliability Eliciting over Wireless Sensor and Actuator Networks

AbstractAdvances in communications and embedded systems have led to the proliferation of wireless sensor and actuator networks (WSANs) in a wide variety of application domains. One important key of many such WSAN applications is the needed to meet non-functional requirements (e.g., lifetime, reliability, time guarantees) as well as functional ones (e.g. monitoring, actuation). Some application domains even require that sensor nodes be deployed in harsh environments (e.g., refineries), where they can fail due to communication interference, power problems or other issues. Unfortunately, the node failures can be catastrophic for critical or safety related systems. State machines can offer a promising approach to separate the two concerns – functional and non-functional – bringing forth reliability exception conditions handling, by means of fault handling states. We develop an approach that allows users to define and program typical applications using their platform language, but also adds state machine logic to design, view and handle explicitly other concerns such as reliability. The experimental section shows a working deployment of this concept in an industrial refinery settin

C-FLAT: Control-FLow ATtestation for Embedded Systems Software

Remote attestation is a crucial security service particularly relevant to increasingly popular IoT (and other embedded) devices. It allows a trusted party (verifier) to learn the state of a remote, and potentially malware-infected, device (prover). Most existing approaches are static in nature and only check whether benign software is initially loaded on the prover. However, they are vulnerable to run-time attacks that hijack the application's control or data flow, e.g., via return-oriented programming or data-oriented exploits. As a concrete step towards more comprehensive run-time remote attestation, we present the design and implementation of Control- FLow ATtestation (C-FLAT) that enables remote attestation of an application's control-flow path, without requiring the source code. We describe a full prototype implementation of C-FLAT on Raspberry Pi using its ARM TrustZone hardware security extensions. We evaluate C-FLAT's performance using a real-world embedded (cyber-physical) application, and demonstrate its efficacy against control-flow hijacking attacks.Comment: Extended version of article to appear in CCS '16 Proceedings of the 23rd ACM Conference on Computer and Communications Securit

Hardware support for memory protection in sensor nodes

With reference to the typical hardware configuration of a sensor node, we present the architecture of a memory protection unit (MPU) designed as a low-complexity addition to the microcontroller. The MPU is aimed at supporting memory protection and the privileged execution mode. It is connected to the system buses, and is seen by the processor as a memory-mapped input/output device. The contents of the internal MPU registers specify the composition of the protection contexts of the running program in terms of access rights for the memory pages. The MPU generates a hardware interrupt to the processor when it detects a protection violation. The proposed MPU architecture is evaluated from a number of salient viewpoints, which include the distribution, review and revocation of access permissions, and the support for important memory protection paradigms, including hierarchical contexts and protection rings

A Survey on Wireless Sensor Network Security

Wireless sensor networks (WSNs) have recently attracted a lot of interest in the research community due their wide range of applications. Due to distributed nature of these networks and their deployment in remote areas, these networks are vulnerable to numerous security threats that can adversely affect their proper functioning. This problem is more critical if the network is deployed for some mission-critical applications such as in a tactical battlefield. Random failure of nodes is also very likely in real-life deployment scenarios. Due to resource constraints in the sensor nodes, traditional security mechanisms with large overhead of computation and communication are infeasible in WSNs. Security in sensor networks is, therefore, a particularly challenging task. This paper discusses the current state of the art in security mechanisms for WSNs. Various types of attacks are discussed and their countermeasures presented. A brief discussion on the future direction of research in WSN security is also included.Comment: 24 pages, 4 figures, 2 table

A Systematic Approach to Constructing Incremental Topology Control Algorithms Using Graph Transformation

Communication networks form the backbone of our society. Topology control algorithms optimize the topology of such communication networks. Due to the importance of communication networks, a topology control algorithm should guarantee certain required consistency properties (e.g., connectivity of the topology), while achieving desired optimization properties (e.g., a bounded number of neighbors). Real-world topologies are dynamic (e.g., because nodes join, leave, or move within the network), which requires topology control algorithms to operate in an incremental way, i.e., based on the recently introduced modifications of a topology. Visual programming and specification languages are a proven means for specifying the structure as well as consistency and optimization properties of topologies. In this paper, we present a novel methodology, based on a visual graph transformation and graph constraint language, for developing incremental topology control algorithms that are guaranteed to fulfill a set of specified consistency and optimization constraints. More specifically, we model the possible modifications of a topology control algorithm and the environment using graph transformation rules, and we describe consistency and optimization properties using graph constraints. On this basis, we apply and extend a well-known constructive approach to derive refined graph transformation rules that preserve these graph constraints. We apply our methodology to re-engineer an established topology control algorithm, kTC, and evaluate it in a network simulation study to show the practical applicability of our approachComment: This document corresponds to the accepted manuscript of the referenced journal articl

A Robot Operating System (ROS) based humanoid robot control

This thesis presents adapting techniques required to enhance the capability of a commercially available robot, namely, Robotis Bioloid Premium Humanoid Robot (BPHR). BeagleBone Black (BBB), the decision-making and implementing (intelligence providing) component, with multifunctional capabilities is used in this research. Robot operating System (ROS) and its libraries, as well as Python Script and its libraries have been developed and incorporated into the BBB. This fortified BBB intelligence providing component is then transplanted into the structure of the Robotis Bioloid humanoid robot, after removing the latter’s original decision-making and implementing component (controller). Thus, this study revitalizes the Bioloid humanoid robot by converting it into a humanoid robot with multiple features that can be inherited using ROS. This is a first of its kind approach wherein ROS is used as the development framework in conjunction with the main BBB controller and the software impregnated with Python libraries is used to integrate robotic functions. A full ROS computation is developed and a high level Application Programming Interface (API) usable by software utilizing ROS services is also developed. In this revised two-legged-humanoid robot, USB2Dynamixel connector is used to operate the Dynamixel AX-12A actuators through the Wi-Fi interface of the fortified BBB. An accelerometer sensor supports balancing of the robot, and updates data to the BBB periodically. An Infrared (IR) sensor is used to detect obstacles. This dynamic model is used to actuate the motors mounted on the robot leg thereby resulting in a swing-stance period of the legs for a stable forward movement of the robot. The maximum walking speed of the robot is 0.5 feet/second, beyond this limit the robot becomes unstable. The angle at which the robot leans is governed by the feedback from the accelerometer sensor, which is 20 degrees. If the robot tilts beyond a specific degree, then it would come back to its standstill position and stop further movement. When the robot moves forward, the IR sensors sense obstacles in front of the robot. If an obstacle is detected within 35 cm, then the robot stops moving further. Implementation of ROS on top of the BBB (by replacing CM530 controller with the BBB) and using feedback controls from the accelerometer and IR sensor to control the two-legged robotic movement are the novelties of this work