System Call Whitelisting Technique for Reducing Attack Surface in IOT Devices
Abstract - There is a great demand for the design of cyber-physical systems in the application domains such as healthcare, transportation, surveillance, communication, agriculture, smart cities and so on, due to the rapid penetration of the Internet of Things (IoT). However, we have recently witnessed a number of large-scale malware attacks such as Mirai on IoT networks. Designing secure IoT devices is a challenge due to limited computation and storage capabilities. Attackers are usingvulnerabilities in IoT devices for launching attacks and carry out malicious activities. In the literature, various techniqueshave been proposed for detecting malicious behaviour at runtime. However, because of the restricted resources these techniques are not suitable for IoT devices. For detecting malware behaviour at runtime in IoT devices, we proposed a working set based system call whitelisting technique. The proposed system call based whitelisting technique separates whitelists for the initialization and service phases of field-deployed IoT devices, resulting in reduced attack surface. The proposed technique has been tested on IoT devices and results are promising.
Keywords - Cyber-Physical Systems, Communication, Surveillance, Whitelisting