@inproceedings{aca63c27be9941639348069c7ca23336,
title = "A lightweight vulnerability mitigation framework for IoT devices",
abstract = "Many of today's Internet of Things (IoT) devices are vulnerable due to the large amount of overhead incurred when their operating systems are patched against emerging vulnerabilities. In addition, legacy IoT devices are no longer supported by their manufacturers, leaving customers with unpatched devices that can be easily exploited by attackers. Thus, there is an urgent need for a solution that provides a lightweight and low-cost mechanism for preventing exploitation of vulnerable IoT devices. In this paper, we propose an innovative cloud-based framework for protecting IoT devices. The proposed framework consists of a cloud service and a designated IoT security appliance. The security appliance controls the network traffic flowing to and from the vulnerable device and verifies that it does not violate a set of rules, represented by a vulnerability mitigation policy, that have been derived and synthesized by the cloud service from public corpora of Common Vulnerabilities and Exposures (CVE). We demonstrate how the proposed solution can be applied as a cost-effective solution capable of preventing exploitation of vulnerable IP cameras as part of a prominent botnet attack called Mirai.",
keywords = "Exploitation, Internet of Things (IoT), Mitigation, Patching, Prevention, Security",
author = "Noy Hadar and Shachar Siboni and Yuval Elovici",
note = "Publisher Copyright: {\textcopyright} 2017 Association for Computing Machinery.; 1st Workshop on Internet of Things Security and Privacy, IoT S and P 201717 ; Conference date: 03-11-2017",
year = "2017",
month = nov,
day = "3",
doi = "10.1145/3139937.3139944",
language = "English",
series = "IoT S and P 2017 - Proceedings of the 2017 Workshop on Internet of Things Security and Privacy, co-located with CCS 2017",
publisher = "Association for Computing Machinery, Inc",
pages = "71--75",
booktitle = "IoT S and P 2017 - Proceedings of the 2017 Workshop on Internet of Things Security and Privacy, co-located with CCS 2017",
}