Securing IoT Apps in Node-RED
Publicerad
Författare
Typ
Examensarbete för masterexamen
Program
Modellbyggare
Tidskriftstitel
ISSN
Volymtitel
Utgivare
Sammanfattning
Node-RED, an Internet of Things (IoT) platform, provides the opportunity for users
to connect devices and services in novel and useful ways. This platform gives users a
graphical web interface for easily linking pre-defined pieces of code (nodes) encoding
devices and services. By being built in Node.js, third-party developers are given the
opportunity of easily extending the functionality of the platform through publishing
nodes and configurations of these nodes, otherwise known as flows. In this paper,
we analyze Node-RED from a language-based security perspective, modeling the
application developer as an attacker, and demonstrating attacks misusing sensitive
APIs within nodes. API access control provides a security guarantee around the execution
of these nodes. We collect and survey published nodes and flows to establish
the presence of these security challenges within the Node-RED ecosystem.
Beskrivning
Ämne/nyckelord
Computer security, Internet of Things, Node-RED, Node.js, JavaScript