Toronto Metropolitan University
Browse
- No file added yet -

Detection of Privilege Escalation in IoT Systems

Download (8.55 MB)
thesis
posted on 2023-08-28, 16:23 authored by Atheer Abu Zaid

Software vulnerabilities in access control models can represent a serious threat in a system. In face, OWASP lists broken access control as number 5 in severity among the top 10 vulnerabilities. In this thesis, we study the permission model of an emerging Smart-Home platform, SmartThings, and explore two approaches of detecting privilege escalation in its permission model. The first approach applies static analysis to extract vulnerabilities by pattern matching. Our second approach is based on model driven engineering (MDE) in addition to static analysis. The second approach complements the static analysis-based approach which cannot analyse the semantic itself. MDE-based approach allows for better coverage of privilege escalation, by analyzing free-form text that carries extra permissions details. Our experimental results demonstrate a very high accuracy for detecting vulnerabilities in both approaches.

History

Language

English

Degree

  • Master of Science

Program

  • Computer Science

Granting Institution

Ryerson University

LAC Thesis Type

  • Thesis

Thesis Advisor

Dr. Ali Miri & Dr. Manar Alalfi

Year

2021

Usage metrics

    Computer Science (Theses)

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC