Sökning: id:"swepub:oai:DiVA.org:kth-313218" >
Securing Node-RED A...
Securing Node-RED Applications
-
- Ahmadpanah, Seyed Mohammad Mehdi, 1996 (författare)
- Chalmers University of Technology, Gothenburg, Sweden,Chalmers tekniska högskola
-
- Balliu, Musard (författare)
- KTH,Teoretisk datalogi, TCS,KTH Royal Institute of Technology, Stockholm, Sweden,Kungliga Tekniska Högskolan (KTH),Royal Institute of Technology (KTH)
-
- Hedin, Daniel (författare)
- Mälardalens högskola,Inbyggda system,Chalmers University of Technology, Gothenburg, Sweden,Chalmers tekniska högskola
-
visa fler...
-
- Olsson, L. E. (författare)
- Chalmers University of Technology, Gothenburg, Sweden,Chalmers tekniska högskola
-
- Sabelfeld, Andrei, 1974 (författare)
- Chalmers University of Technology, Gothenburg, Sweden,Chalmers tekniska högskola
-
visa färre...
-
(creator_code:org_t)
- 2021-11-19
- 2021
- Engelska.
-
Ingår i: Protocols, Strands, and LogicEssays Dedicated to Joshua Guttman on the Occasion of his 66.66th Birthday. - Cham : Springer Science and Business Media Deutschland GmbH. ; 13066 LNCS, s. 1-21
- Relaterad länk:
-
https://research.cha...
-
visa fler...
-
https://research.cha... (primary) (free)
-
https://urn.kb.se/re...
-
https://doi.org/10.1...
-
https://urn.kb.se/re...
-
https://research.cha...
-
visa färre...
Abstract
Ämnesord
Stäng
- Trigger-Action Platforms (TAPs) play a vital role in fulfilling the promise of the Internet of Things (IoT) by seamlessly connecting otherwise unconnected devices and services. While enabling novel and exciting applications across a variety of services, security and privacy issues must be taken into consideration because TAPs essentially act as persons-in-the-middle between trigger and action services. The issue is further aggravated since the triggers and actions on TAPs are mostly provided by third parties extending the trust beyond the platform providers. Node-RED, an open-source JavaScript-driven TAP, provides the opportunity for users to effortlessly employ and link nodes via a graphical user interface. Being built upon Node.js, third-party developers can extend the platform’s functionality through publishing nodes and their wirings, known as flows. This paper proposes an essential model for Node-RED, suitable to reason about nodes and flows, be they benign, vulnerable, or malicious. We expand on attacks discovered in recent work, ranging from exfiltrating data from unsuspecting users to taking over the entire platform by misusing sensitive APIs within nodes. We present a formalization of a runtime monitoring framework for a core language that soundly and transparently enforces fine-grained allowlist policies at module-, API-, value-, and context-level. We introduce the monitoring framework for Node-RED that isolates nodes while permitting them to communicate via well-defined API calls complying with the policy specified for each node.
Ämnesord
- NATURVETENSKAP -- Data- och informationsvetenskap -- Datavetenskap (hsv//swe)
- NATURAL SCIENCES -- Computer and Information Sciences -- Computer Sciences (hsv//eng)
- NATURVETENSKAP -- Data- och informationsvetenskap -- Programvaruteknik (hsv//swe)
- NATURAL SCIENCES -- Computer and Information Sciences -- Software Engineering (hsv//eng)
- TEKNIK OCH TEKNOLOGIER -- Elektroteknik och elektronik -- Annan elektroteknik och elektronik (hsv//swe)
- ENGINEERING AND TECHNOLOGY -- Electrical Engineering, Electronic Engineering, Information Engineering -- Other Electrical Engineering, Electronic Engineering, Information Engineering (hsv//eng)
- TEKNIK OCH TEKNOLOGIER -- Elektroteknik och elektronik -- Datorsystem (hsv//swe)
- ENGINEERING AND TECHNOLOGY -- Electrical Engineering, Electronic Engineering, Information Engineering -- Computer Systems (hsv//eng)
Nyckelord
- Internet of things
- Fine grained
- Formalisation
- Javascript
- Link nodes
- Monitoring frameworks
- Open-source
- Runtime Monitoring
- Security and privacy issues
- Service security
- Third parties
- Graphical user interfaces
Publikations- och innehållstyp
- ref (ämneskategori)
- kon (ämneskategori)
Hitta via bibliotek
Till lärosätets databas