Securing networked embedded systems through distributed systems analysis

Abstract

New technologies such as the Internet of Things and Cloud Computing are increasing the importance of tools able to provide users with correct, reliable and secure systems. In this work, we claim that traditional static analysis tools are not expressive enough to address this challenge. As a solution, we present a framework to analyze networked systems. Our key insight is to look at a distributed system as a single body, and not as separate programs that exchange messages. By doing so, we can crosschecking information and then increase the precision of traditional static analysis tools. We introduce a novel algorithm that discovers inter-program links efficiently and prove that it always terminates and correctly models the semantics of a distributed system. We have implemented our framework on top of the LLVM compiler, and have used it to secure ContikiOS applications against buffer overflow attacks and to generate network programming slices.