Guided Feature Identification and Removal for Resource-constrained Firmware

2022 ◽  
Vol 31 (2) ◽  
pp. 1-25
Ryan Williams ◽  
Tongwei Ren ◽  
Lorenzo De Carli ◽  
Long Lu ◽  
Gillian Smith

IoT firmware oftentimes incorporates third-party components, such as network-oriented middleware and media encoders/decoders. These components consist of large and mature codebases, shipping with a variety of non-critical features. Feature bloat increases code size, complicates auditing/debugging, and reduces stability. This is problematic for IoT devices, which are severely resource-constrained and must remain operational in the field for years. Unfortunately, identification and complete removal of code related to unwanted features requires familiarity with codebases of interest, cumbersome manual effort, and may introduce bugs. We address these difficulties by introducing PRAT, a system that takes as input the codebase of software of interest, identifies and maps features to code, presents this information to a human analyst, and removes all code belonging to unwanted features. PRAT solves the challenge of identifying feature-related code through a novel form of differential dynamic analysis and visualizes results as user-friendly feature graphs . Evaluation on diverse codebases shows superior code removal compared to both manual feature deactivation and state-of-art debloating tools, and generality across programming languages. Furthermore, a user study comparing PRAT to manual code analysis shows that it can significantly simplify the feature identification workflow.

Simar Preet Singh ◽  
Rajesh Kumar ◽  
Anju Sharma ◽  
S. Raji Reddy ◽  
Priyanka Vashisht

Background: Fog computing paradigm has recently emerged and gained higher attention in present era of Internet of Things. The growth of large number of devices all around, leads to the situation of flow of packets everywhere on the Internet. To overcome this situation and to provide computations at network edge, fog computing is the need of present time that enhances traffic management and avoids critical situations of jam, congestion etc. Methods: For research purposes, there are many methods to implement the scenarios of fog computing i.e. real-time implementation, implementation using emulators, implementation using simulators etc. The present study aims to describe the various simulation and emulation tools for implementing fog computing scenarios. Results: Review shows that iFogSim is the simulator that most of the researchers use in their research work. Among emulators, EmuFog is being used at higher pace than other available emulators. This might be due to ease of implementation and user-friendly nature of these tools and language these tools are based upon. The use of such tools enhance better research experience and leads to improved quality of service parameters (like bandwidth, network, security etc.). Conclusion: There are many fog computing simulators/emulators based on many different platforms that uses different programming languages. The paper concludes that the two main simulation and emulation tools in the area of fog computing are iFogSim and EmuFog. Accessibility of these simulation/emulation tools enhance better research experience and leads to improved quality of service parameters along with the ease of their usage.

Sensors ◽  
2021 ◽  
Vol 21 (10) ◽  
pp. 3515
Sung-Ho Sim ◽  
Yoon-Su Jeong

As the development of IoT technologies has progressed rapidly recently, most IoT data are focused on monitoring and control to process IoT data, but the cost of collecting and linking various IoT data increases, requiring the ability to proactively integrate and analyze collected IoT data so that cloud servers (data centers) can process smartly. In this paper, we propose a blockchain-based IoT big data integrity verification technique to ensure the safety of the Third Party Auditor (TPA), which has a role in auditing the integrity of AIoT data. The proposed technique aims to minimize IoT information loss by multiple blockchain groupings of information and signature keys from IoT devices. The proposed technique allows IoT information to be effectively guaranteed the integrity of AIoT data by linking hash values designated as arbitrary, constant-size blocks with previous blocks in hierarchical chains. The proposed technique performs synchronization using location information between the central server and IoT devices to manage the cost of the integrity of IoT information at low cost. In order to easily control a large number of locations of IoT devices, we perform cross-distributed and blockchain linkage processing under constant rules to improve the load and throughput generated by IoT devices.

Prateek Chhikara ◽  
Rajkumar Tekchandani ◽  
Neeraj Kumar ◽  
Mohammad S. Obaidat

Sensors ◽  
2021 ◽  
Vol 21 (5) ◽  
pp. 1598
Sigurd Frej Joel Jørgensen Ankergård ◽  
Edlira Dushku ◽  
Nicola Dragoni

The Internet of Things (IoT) ecosystem comprises billions of heterogeneous Internet-connected devices which are revolutionizing many domains, such as healthcare, transportation, smart cities, to mention only a few. Along with the unprecedented new opportunities, the IoT revolution is creating an enormous attack surface for potential sophisticated cyber attacks. In this context, Remote Attestation (RA) has gained wide interest as an important security technique to remotely detect adversarial presence and assure the legitimate state of an IoT device. While many RA approaches proposed in the literature make different assumptions regarding the architecture of IoT devices and adversary capabilities, most typical RA schemes rely on minimal Root of Trust by leveraging hardware that guarantees code and memory isolation. However, the presence of a specialized hardware is not always a realistic assumption, for instance, in the context of legacy IoT devices and resource-constrained IoT devices. In this paper, we survey and analyze existing software-based RA schemes (i.e., RA schemes not relying on specialized hardware components) through the lens of IoT. In particular, we provide a comprehensive overview of their design characteristics and security capabilities, analyzing their advantages and disadvantages. Finally, we discuss the opportunities that these RA schemes bring in attesting legacy and resource-constrained IoT devices, along with open research issues.

2022 ◽  
Vol 3 (1) ◽  
pp. 1-30
Nisha Panwar ◽  
Shantanu Sharma ◽  
Guoxi Wang ◽  
Sharad Mehrotra ◽  
Nalini Venkatasubramanian ◽  

Contemporary IoT environments, such as smart buildings, require end-users to trust data-capturing rules published by the systems. There are several reasons why such a trust is misplaced—IoT systems may violate the rules deliberately or IoT devices may transfer user data to a malicious third-party due to cyberattacks, leading to the loss of individuals’ privacy or service integrity. To address such concerns, we propose IoT Notary , a framework to ensure trust in IoT systems and applications. IoT Notary provides secure log sealing on live sensor data to produce a verifiable “proof-of-integrity,” based on which a verifier can attest that captured sensor data adhere to the published data-capturing rules. IoT Notary is an integral part of TIPPERS, a smart space system that has been deployed at the University of California, Irvine to provide various real-time location-based services on the campus. We present extensive experiments over real-time WiFi connectivity data to evaluate IoT Notary , and the results show that IoT Notary imposes nominal overheads. The secure logs only take 21% more storage, while users can verify their one day’s data in less than 2 s even using a resource-limited device.

2018 ◽  
D. Kuhner ◽  
L.D.J. Fiederer ◽  
J. Aldinger ◽  
F. Burget ◽  
M. Völker ◽  

AbstractAs autonomous service robots become more affordable and thus available for the general public, there is a growing need for user-friendly interfaces to control these systems. Control interfaces typically get more complicated with increasing complexity of the robotic tasks and the environment. Traditional control modalities as touch, speech or gesture commands are not necessarily suited for all users. While non-expert users can make the effort to familiarize themselves with a robotic system, paralyzed users may not be capable of controlling such systems even though they need robotic assistance most. In this paper, we present a novel framework, that allows these users to interact with a robotic service assistant in a closed-loop fashion, using only thoughts. The system is composed of several interacting components: non-invasive neuronal signal recording and co-adaptive deep learning which form the brain-computer interface (BCI), high-level task planning based on referring expressions, navigation and manipulation planning as well as environmental perception. We extensively evaluate the BCI in various tasks, determine the performance of the goal formulation user interface and investigate its intuitiveness in a user study. Furthermore, we demonstrate the applicability and robustness of the system in real world scenarios, considering fetch-and-carry tasks and tasks involving human-robot interaction. As our results show, the system is capable of adapting to frequent changes in the environment and reliably accomplishes given tasks within a reasonable amount of time. Combined with high-level planning using referring expressions and autonomous robotic systems, interesting new perspectives open up for non-invasive BCI-based human-robot interactions.

MQTT protocol is publishing-subscribing model for IoT communication. In case of Quality of Services analysis, it is important to check the request and responses between publisher and subscriber. Any threat in communication channel is mostly leads to delay in operation. Hence, if we able to identify the delay parameter, we can suggest by means of QoS that there is a immediate need of security check for IoT system. As many IoT devices performed in unchecked, complicated, and often aggressive surroundings, safe-guarding IoT units present many different challenges. The key purpose for support quality degradation of IoT device interaction can be harmful attacks. Plenty of gadgets are often susceptible to port attacks/botnets hits, such as network attack events, which usually assessed by performing QoS Analysis. To start with factors affecting Quality of Services (QoS), in this paper we developed QoS evaluation algorithm “MQoS” for MQTT protocol and considered QoS-0 as an evaluation parameter. This paper refers the threat model which represents the flow of threats for proposed case study and can help to identify QoS by evaluating the possible communication threats. End–to-end device communication requests and responses are needed to be evaluated for large systems to get the actual QoS parameters for that system. For this reason the actual QoS tests will be conducted for third party applications.In this paper we presented results of MQTTv311 simulation for cooling sensor system.

Sensors ◽  
2021 ◽  
Vol 21 (16) ◽  
pp. 5560
Yonni Chen Kuang Piao ◽  
Naser Ezzati-jivan ◽  
Michel R. Dagenais

Integrated development environments (IDEs) provide many useful tools such as a code editor, a compiler, and a debugger for creating software. These tools are highly sophisticated, and their development requires a significant effort. Traditionally, an IDE supports different programming languages via plugins that are not usually reusable in other IDEs. Given the high complexity and constant evolution of popular programming languages, such as C++ and even Java, the effort to update those plugins has become unbearable. Thus, recent work aims to modularize IDEs and reuse the existing parser implementation directly in compilers. However, when IDE debugging tools are insufficient at detecting performance defects in large and multithreaded systems, developers must use tracing and trace visualization tools in their software development process. Those tools are often standalone applications and do not interoperate with the new modular IDEs, thus losing the power and the benefits of many features provided by the IDE. The structure and use cases of tracing tools, with the potentially massive execution traces, significantly differ from the other tools in IDEs. Thus, it is a considerable challenge, one which has not been addressed previously, to integrate them into the new modular IDEs. In this paper, we propose an efficient modular client–server architecture for trace analysis and visualization that solves those problems. The proposed architecture is well suited for performance analysis on Internet of Things (IoT) devices, where resource limitations often prohibit data collection, processing, and visualization all on the same device. The experimental evaluation demonstrated that our proposed flexible and reusable solution is scalable and has a small acceptable performance overhead compared to the standalone approach.

2018 ◽  
Vol 15 (03) ◽  
pp. 1850003
Maria Javaid

This paper describes research towards understanding haptic communication during planar object manipulation. In particular, a classification algorithm that classifies four stages of manipulation of a planar object is described. This research was performed as a part of a broader research project which has the goal of developing a user-friendly communication interface for an elderly-assistive robot. The manipulation of planar object was studied in detail as it happened very frequently during user study involving a caregiver helping an elderly person with the activities of daily living. For observing human haptic interaction, a sensory glove was developed. Further data collection was conducted in the laboratory setting and data was analyzed using various machine learning techniques. Based on this analysis, decision rules were derived that give insight into human-to-human collaborative manipulation of planar objects and successfully identified several classes of manipulative actions. The developed decision tree-based algorithm was then tested on the data of a user study that involved a caregiver assisting an elderly person in the activities of daily living. The developed algorithm also successfully classifies manipulation actions in real-time. This information is particularly interesting as it does not depend on any particular sensor and thus can be used by other researchers to further study haptic communication.

Sign in / Sign up

Export Citation Format

Share Document