Securing IoT Apps in Node-RED
| dc.contributor.author | Olsson, Lars Eric | |
| dc.contributor.department | Chalmers tekniska högskola / Institutionen för data och informationsteknik | sv |
| dc.contributor.examiner | Schneider, Gerardo | |
| dc.contributor.supervisor | Sabelfeld, Andrei | |
| dc.date.accessioned | 2020-04-15T13:47:15Z | |
| dc.date.available | 2020-04-15T13:47:15Z | |
| dc.date.issued | 2020 | sv |
| dc.date.submitted | 2019 | |
| dc.description.abstract | Node-RED, an Internet of Things (IoT) platform, provides the opportunity for users to connect devices and services in novel and useful ways. This platform gives users a graphical web interface for easily linking pre-defined pieces of code (nodes) encoding devices and services. By being built in Node.js, third-party developers are given the opportunity of easily extending the functionality of the platform through publishing nodes and configurations of these nodes, otherwise known as flows. In this paper, we analyze Node-RED from a language-based security perspective, modeling the application developer as an attacker, and demonstrating attacks misusing sensitive APIs within nodes. API access control provides a security guarantee around the execution of these nodes. We collect and survey published nodes and flows to establish the presence of these security challenges within the Node-RED ecosystem. | sv |
| dc.identifier.coursecode | DATX05 | sv |
| dc.identifier.uri | https://hdl.handle.net/20.500.12380/300759 | |
| dc.language.iso | eng | sv |
| dc.setspec.uppsok | Technology | |
| dc.subject | Computer security | sv |
| dc.subject | Internet of Things | sv |
| dc.subject | Node-RED | sv |
| dc.subject | Node.js | sv |
| dc.subject | JavaScript | sv |
| dc.title | Securing IoT Apps in Node-RED | sv |
| dc.type.degree | Examensarbete för masterexamen | sv |
| dc.type.uppsok | H |