Paper Info
Title
Using Malware For Software-Defined Networking-Based Smart Home Security Management Through A Taint Checking Approach
Abstract
Numerous security concerns exist in smart home systems in which Internet of Things devices are connected through a home network to enable control using a centralised gateway with a handset device from the Internet. Safeguarding personal information privacy is an increasing concern in smart living services. To guarantee the mobile security of smart living services, security managers use taint checking approaches with dynamic taint propagation analysis operations to examine how a software-defined networking app uses sensitive information and investigate suspicious security vulnerabilities of devices and the effects of the spread of taint propagation over the Internet by identifying taint paths. For solving the dynamic taint propagation analysis problem, most approaches focus on cloud computing applications (apps) with malware threat analysis that involves program vulnerability analyses, rather than on the risk posed by suspicious apps connected to the cloud computing server. Accordingly, this article proposes a taint propagation analysis model incorporating a weighted spanning tree analysis scheme for tracking data with taint marking using several taint checking tools with an open software-defined networking architecture for solving the dynamic taint propagation analysis problem. In the proposed model, Android programs perform dynamic taint propagation to analyse the spread of risks posed by suspicious apps connected to the centralised gateway in a smart home system. In probabilistic risk analysis, risk and defence capability are used for each taint path to assist a defender in recognising the attack results against network threats caused by malware infection and to estimate the losses of associated taint sources. A case of threat analysis of a typical cyber security attack is presented to demonstrate the proposed approach. A new approach was used for verifying the details of an attack sequence for malware infection by incorporating a finite state machine to appropriately represent the real dynamic taint propagation analysis situations at various configuration settings and safeguard deployment. The experimental results proved that the threat analysis model enables a defender to convert the spread of taint propagation to loss and estimate the risk of a specific threat using behavioural analysis associated with 60 families of real malware. Consequently, our scheme was significantly effective in predicting the risk and loss of tainted data propagation for security concerns in smart home systems when the number of taint paths associated with the propagation rules discovered through taint analysis was increased.
Year
DOI
Venue
2016
10.1177/1550147716662947
INTERNATIONAL JOURNAL OF DISTRIBUTED SENSOR NETWORKS
Keywords
Field
DocType
Mobile security, taint checking, software-defined networking, dynamic taint propagation, smart home system
Computer science,Computer security,Computer network,Taint checking,Personally identifiable information,Malware,Software-defined networking,Information sensitivity,Security management,The Internet,Cloud computing
Journal
Volume
Issue
ISSN
12
8
1550-1477
Citations 
PageRank 
References 
1
0.34
4
Authors
6
Name
Order
Citations
PageRank
Ping Wang123515.84
Kuo-Ming Chao21123130.82
Chi-Chun Lo359354.99
Wen-Hui Lin461.41
Hsiao-Chung Lin510.68
Wun Jie Chao611.02