Song, L.; Garcia-Valls, M. (2022). Improving Security of Web Servers in Critical IoT Systems
through Self-Monitoring of Vulnerabilities. Sensors. 22(13):1-17. https://doi.org/10.3390/s22135004
Por favor, use este identificador para citar o enlazar este ítem: http://hdl.handle.net/10251/198807
Title:
|
Improving Security of Web Servers in Critical IoT Systems
through Self-Monitoring of Vulnerabilities
|
Author:
|
Song, Linxuan
Garcia-Valls, Marisol
|
UPV Unit:
|
Universitat Politècnica de València. Escuela Técnica Superior de Ingenieros de Telecomunicación - Escola Tècnica Superior d'Enginyers de Telecomunicació
|
Issued date:
|
|
Abstract:
|
[EN] IoT (Internet of Things) systems are complex ones that may comprise large numbers of sensing and actuating devices; and servers that store data and further configure the operation of such devices. Usually, these systems ...[+]
[EN] IoT (Internet of Things) systems are complex ones that may comprise large numbers of sensing and actuating devices; and servers that store data and further configure the operation of such devices. Usually, these systems involve real-time operation as they are closely bound to particular physical processes. This real-time operation is often threatened by the security solutions that are put in place to alleviate the ever growing attack surface in IoT. This paper focuses on critical IoT domains where less attention has been paid to the web security aspects. The main reason is that, up to quite recently, web technologies have been considered unreliable and had to be avoided by design in critical systems. In this work, we focus on the server side and on how attacks propagate from server to client as vulnerabilities and from client to unprotected servers; we describe the concerns and vulnerabilities introduced by the intensive usage of web interfaces in IoT from the server templating engines perspective. In this context, we propose an approach to perform self monitoring on the server side, propagating the self monitoring to the IoT system devices; the aim is to provide rapid detection of security vulnerabilities with a low overhead that is transparent to the server normal operation. This approach improves the control over the vulnerability detection. We show a set of experiments that validate the feasibility of our approach.
[-]
|
Subjects:
|
Security
,
Web technology
,
Web servers
,
Web programming
,
Vulnerability detection
,
Self
monitoring
,
IoT
,
IIoT
,
Cyber Physical Sytems
,
Critical systems
|
Copyrigths:
|
Reconocimiento (by)
|
Source:
|
Sensors. (eissn:
1424-8220
)
|
DOI:
|
10.3390/s22135004
|
Publisher:
|
MDPI AG
|
Publisher version:
|
https://doi.org/10.3390/s22135004
|
Coste APC:
|
2122,74 €
|
Project ID:
|
info:eu-repo/grantAgreement/GENERALITAT VALENCIANA//AICO%2F2021%2F138//Diseño de servicios para la ejecución confiable y de tiempo real de aplicaciones de computación social dispersa en entornos ciberfísicos/
|
Thanks:
|
This research was funded by project "Design of services for resilient and real-time execution of social dispersed computing applications in cyber-physical domains", Grant No. AICO/2021/138 funded by Generalitat Valenciana ...[+]
This research was funded by project "Design of services for resilient and real-time execution of social dispersed computing applications in cyber-physical domains", Grant No. AICO/2021/138 funded by Generalitat Valenciana (Conselleria de Innovacion, Universidades, Ciencia y Sociedad Digital), Spain. The APC was funded by AICO/2021/138 (Subvenciones para grupos de investigacion consolidados).
[-]
|
Type:
|
Artículo
|