Course Hero Logo

32 cloud based service the frameworks clou d based

Course Hero uses AI to attempt to automatically extract content from documents to surface to you and others so you can study better, e.g., in search results, to enrich docs, and more. This preview shows page 3 - 5 out of 5 pages.

3.2 Cloud-Based Service The framework’s cloud-based service is responsible for the collection and affiliation of CVEs to specific devices, and for the generation and representation of vulnerability mitigation policies. This module is built upon the concept of “the wisdom of the crowds.” Namely, CVEsare collected from the data sources of vulnerabilities as opposed to a single expert. In a similar manner, vulnerability mitigation policies (for each CVE) are generated based on the collective opinion of a group of experts and general world knowledge. The basic assumption is that people will have to generate new vulnerability mitigation policies for every new CVE, which is feasible, considering the way that new CVEs and their mitigations are generated today. This module collects CVEs and associates them with relevant devices. Consequently, the IoT security appliance can be configured with information regarding a vulnerable IoT device and request the relevant vulnerability mitigation policies directly from the cloud service. 3.3 Synchronization and Communication Mechanisms The IoT security appliance starts the communication by subscribing to the cloud service, providing details about the device it is supposed to protect (i.e., device type, vendor, OS, etc.). Based on such information, the cloud service publishes the relevant vulnerability mitigation policies for the appliance. Every new CVE and vulnerability mitigation policy that will be registered by the cloud-based service is next broadcasted to all of the relevant registered appliances. Hence, keeping them updated and synchronized with the cloud service. In addition, when an appliance detects an exploitation attempt from a new IP source, it alerts the cloud service about the exploit. Based on this, the cloud service can learn about the association between an attacker’s source IP and the victim's device. For example, when the same IP source attempts to exploit the same type of device multiple times, the cloud service can utilize this information to fine-tune its vulnerability mitigation policies for this set of devices (e.g., by Session 6: Building Blocks for Next Gen DefenseIoT S&P'17, November 3, 2017, Dallas, TX, USA73
marking the attacker’s IP as suspicious or propagating an alert for the cloud service maintenance team). 4 PROOF OF CONCEPT In this section, we demonstrate our proposed framework operation by preventing a botnet (called Mirai) from infecting an IP camera. Our demonstration focuses on the stage after the appliance obtains the relevant vulnerability mitigation policies from the cloud. Hence, the demonstration does not include a cloud service module, instead, we manually install the policies on the appliance. In order to infect the camera, an attacker should first exploit a specific remote code execution vulnerability on the camera. By exploiting this vulnerability, the attacker can initiate the Telnet service on the camera and then run the botnet scan, which tries to infect vulnerable devices. This section is composed of three phases as

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 5 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Fall
Professor
Farkas
Tags
Information Security, Computer Security, Exploit, IoT devices, Common Vulnerabilities and Exposures, iot security appliance

Other Related Materials

Newly uploaded documents

Dispose of What You Dont Need Again After You Read It One time management expert

0

Dispose of What You Dont Need Again After You Read It One time management expert

document

662

Art paper.docx

0

Art paper.docx

2

Oracle Microsoft SQL Server Page 10 of 60 PostgreSQL For your inserts you can

0

Oracle Microsoft SQL Server Page 10 of 60 PostgreSQL For your inserts you can

document

60

MT- Unit 5 Study Guide.pdf

0

MT- Unit 5 Study Guide.pdf

8

fgffg.docx

0

fgffg.docx

1

The Companys long term objective is to dominate the Manufactured Housing

0

The Companys long term objective is to dominate the Manufactured Housing

document

370

exam questions 12.pdf

0

exam questions 12.pdf

1

The second neuron involved in the process of the reflex arc is called the A

0

The second neuron involved in the process of the reflex arc is called the A

document

18

Market Entry Recommendation for american girl's.docx

0

Market Entry Recommendation for american girl's.docx

3

Poetic Techniques.pdf

0

Poetic Techniques.pdf

3

ADHD.edited.docx

0

ADHD.edited.docx

9

services.docx

0

services.docx

2

DQweek8leadershipwithout fig.docx

0

DQweek8leadershipwithout fig.docx

4

POLS157_Lab_Roy Hilton.docx

0

POLS157_Lab_Roy Hilton.docx

2

Newtons Laws Physics Classroom.pdf

0

Newtons Laws Physics Classroom.pdf

3

Sociologyfinal.pdf

0

Sociologyfinal.pdf

2

01-05_task2.docx

0

01-05_task2.docx

3

P-285485-1 F1H2O.pdf

0

P-285485-1 F1H2O.pdf

10

New Microsoft Word Document (3).docx

0

New Microsoft Word Document (3).docx

1

A_new_species_of_Pristimantis_from_south.pdf

0

A_new_species_of_Pristimantis_from_south.pdf

21

2-BIND.txt

0

2-BIND.txt

2

16D9BF73-23B7-49BF-8407-8224DCE07BC6.jpeg

0

16D9BF73-23B7-49BF-8407-8224DCE07BC6.jpeg

1

Concerning the notion of freedom to learn the learners responsibility for their

0

Concerning the notion of freedom to learn the learners responsibility for their

document

10

See more documents like this
Show More

Newly uploaded documents

Show More

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture