学术文献库

The proliferation of application specific cyber-physical systems coupled with the emergence of a variety of attacks on such systems (malware such as Mirai and Hajime) underlines the need to secure such networks. Most existing security efforts have focused on only detection of the presence of malware. However given the ability of most attacks to spread through the network once they infect a few devices, it is important to contain the spread of a virus and at the same time systematically cleanse the impacted nodes using the communication capabilities of the network. Toward this end, we present Airmed - a method and system to not just detect corruption of the application software on a IoT node, but to self correct itself using its neighbors. Airmed's decentralized mechanisms prevent the spread of self-propagating malware and can also be used as a technique for updating application code on such IoT devices. Among the novelties of Airmed are a novel bloom-filter technique along with hardware support to identify position of the malware program from the benign application code, an adaptive self-check for computational efficiency, and a uniform random-backoff and stream signatures for secure and bandwidth efficient code exchange to correct corrupted devices. We assess the performance of Airmed, using the embedded systems security architecture of TrustLite in the OMNeT++ simulator. The results show that Airmed scales up to thousands of devices, ensures guaranteed update of the entire network, and can recover 95% of the nodes in 10 minutes in both internal and external propagation models. Moreover, we evaluate memory and communication costs and show that Airmed is efficient and incurs very low overhead.