Presentation | 2024-03-21 Survey of executable files contained in IoT devices using similar file name and binary code comparisons Yo Kanemoto, Reika Arakawa, Mitsuaki Akiyama, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | With the proliferation of IoT devices, there has been an increase in security incidents targeting IoT devices. To actively enhance security measures, users of IoT devices need to understand the software composition of these devices. While information about software composition may be provided by IoT vendors through SBOM, its adoption is not yet widespread. Therefore, it is important for users to analyze the software composition of IoT devices themselves to mitigate security risks. In this study, we utilized methods for identifying executable files based on file names and analyzing dependencies based on binary code similarity comparisons. We conducted a large-scale analysis of executable files contained in IoT device firmware to investigate the software composition of IoT devices. As a result, we were able to visualize software components that are considered unnecessary for the intended use of IoT devices, as well as dependencies of IoT-specific binary files on other software components. This investigation demonstrated that understanding the software composition of IoT devices by users, in addition to SBOM information provided by vendors, contributes to improving security. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | IoT Security / Software Composition Analysis / Software Bill of Materials / Binary Similarity Analysis |
Paper # | ICSS2023-75 |
Date of Issue | 2024-03-14 (ICSS) |
Conference Information | |
Committee | ICSS / IPSJ-SPT |
---|---|
Conference Date | 2024/3/21(2days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | OIST |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | Security, Trust, etc. |
Chair | Daisuke Inoue(NICT) |
Vice Chair | Akira Yamada(Kobe Univ.) / Toshihiro Yamauchi(Okayama Univ.) |
Secretary | Akira Yamada(Mitsubishi Electric) / Toshihiro Yamauchi(Univ. of Electro-Comm.) |
Assistant | Yo Kanemoto(NTT) / Masaya Sato(Okayama Prefectural Univ.) |
Paper Information | |
Registration To | Technical Committee on Information and Communication System Security / Special Interest Group on Security Psychology and Trust |
---|---|
Language | JPN-ONLY |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | Survey of executable files contained in IoT devices using similar file name and binary code comparisons |
Sub Title (in English) | |
Keyword(1) | IoT Security |
Keyword(2) | Software Composition Analysis |
Keyword(3) | Software Bill of Materials |
Keyword(4) | Binary Similarity Analysis |
1st Author's Name | Yo Kanemoto |
1st Author's Affiliation | Nippon Telegraph and Telephone Corporation(NTT) |
2nd Author's Name | Reika Arakawa |
2nd Author's Affiliation | Nippon Telegraph and Telephone Corporation(NTT) |
3rd Author's Name | Mitsuaki Akiyama |
3rd Author's Affiliation | Nippon TNippon Telegraph and Telephone Corporationelegraph and Telephone Corporation(NTT) |
Date | 2024-03-21 |
Paper # | ICSS2023-75 |
Volume (vol) | vol.123 |
Number (no) | ICSS-448 |
Page | pp.pp.43-50(ICSS), |
#Pages | 8 |
Date of Issue | 2024-03-14 (ICSS) |