TY - GEN
T1 - Architectural Support for Securing Sensor Networks Against Remote Attacks
AU - Al-Saleh, Mohammed I.
AU - Bridges, Patrick G.
AU - Crandall, Jedidiah R.
N1 - Funding Information:
We would like to thank the anonymous reviewers for their valuable feedback, and also Wenbo He for reading an early draft of the paper. This work and the publication and presentation of the paper were partially funded by the U.S. Defense Threat Reduction Agency, NSF CAREER #0844880, and NSF Trusted Computing #0905177.
Publisher Copyright:
Copyright © (2009) by the International Society for Computers and Their Applications. All rights reserved.
PY - 2009
Y1 - 2009
N2 - Sensor network devices are no less vulnerable to remote attacks, such as malicious worms, than their general purpose computer counterparts, and are presented with unique threats because of the hostile environments sensors are placed in. It is well known that sensor devices place challenging constraints on any attempt to secure them against these attacks, including small performance and power budgets, infrequent patch updates, and long service lives. However, in this paper we demonstrate that security can be built into sensor devices “from the ground up.” In this paper we apply dynamic information flow tracking (DIFT) to sensor devices, where network data is tagged as untrusted and then these tags propagate throughout the system. Our results demonstrate that minor hardware modifications to sensor devices can provide sufficient security guarantees against remote control data attacks. To make these guarantees we address all five dynamic information flow dependency types (copy, computation, load-address, store-address, and control), whereas DIFT schemes for general purpose computers are empirically only able to address the first two. Rigorous testing of eight applications shows that no modifications to existing operating systems, compilers, applications, or binaries is necessary.
AB - Sensor network devices are no less vulnerable to remote attacks, such as malicious worms, than their general purpose computer counterparts, and are presented with unique threats because of the hostile environments sensors are placed in. It is well known that sensor devices place challenging constraints on any attempt to secure them against these attacks, including small performance and power budgets, infrequent patch updates, and long service lives. However, in this paper we demonstrate that security can be built into sensor devices “from the ground up.” In this paper we apply dynamic information flow tracking (DIFT) to sensor devices, where network data is tagged as untrusted and then these tags propagate throughout the system. Our results demonstrate that minor hardware modifications to sensor devices can provide sufficient security guarantees against remote control data attacks. To make these guarantees we address all five dynamic information flow dependency types (copy, computation, load-address, store-address, and control), whereas DIFT schemes for general purpose computers are empirically only able to address the first two. Rigorous testing of eight applications shows that no modifications to existing operating systems, compilers, applications, or binaries is necessary.
UR - http://www.scopus.com/inward/record.url?scp=85132888790&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85132888790&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85132888790
T3 - 1st International Conference on Sensor Networks and Applications 2009, SNA 2009
SP - 120
EP - 127
BT - 1st International Conference on Sensor Networks and Applications 2009, SNA 2009
A2 - Lee, Gordon K.
PB - International Society for Computers and Their Applications (ISCA)
T2 - 1st International Conference on Sensor Networks and Applications, SNA 2009
Y2 - 4 November 2009 through 6 November 2009
ER -