Securing IoT Apps in Node-RED

Publicerad

Typ

Examensarbete för masterexamen

Program

Modellbyggare

Tidskriftstitel

ISSN

Volymtitel

Utgivare

Sammanfattning

Node-RED, an Internet of Things (IoT) platform, provides the opportunity for users to connect devices and services in novel and useful ways. This platform gives users a graphical web interface for easily linking pre-defined pieces of code (nodes) encoding devices and services. By being built in Node.js, third-party developers are given the opportunity of easily extending the functionality of the platform through publishing nodes and configurations of these nodes, otherwise known as flows. In this paper, we analyze Node-RED from a language-based security perspective, modeling the application developer as an attacker, and demonstrating attacks misusing sensitive APIs within nodes. API access control provides a security guarantee around the execution of these nodes. We collect and survey published nodes and flows to establish the presence of these security challenges within the Node-RED ecosystem.

Beskrivning

Ämne/nyckelord

Computer security, Internet of Things, Node-RED, Node.js, JavaScript

Citation

Arkitekt (konstruktör)

Geografisk plats

Byggnad (typ)

Byggår

Modelltyp

Skala

Teknik / material

Index

item.page.endorsement

item.page.review

item.page.supplemented

item.page.referenced