iplite: a lightweight packet filter for NuttX
Resumo
Esse projeto propõe a implementação de um filtro de pacotes leve para um Real-Time Operating System (RTOS), visando fornecer uma camada adicional de segurança aos sistemas embarcados, permitindo que os usuários criem suas próprias políticas de segurança, através do processo de filtragem de pacotes de ingresso na rede. O iplite foi implementado no NuttX OS, sendo composto por uma aplicação na userspace, homonimamente iplite, que serve para fornecer a CLI ao usuário, e um módulo no kernel space, netfilterlite, responsável por prover as APIs. Esse é um projeto de código aberto, permitindo que outros reproduzam experimentos, bem como repliquem conceitos utilizados desse firewall em diferentes sistemas operacionais.
Palavras-chave:
Computing, Open-source, Security, Firewall, Operating System, RTOS, IoT, NuttX
Referências
Chacos, B. (2016). Major ddos attack on dyn dns knocks spotify, twitter, github, paypal, and more offline. https://www.pcworld.com/article/410774. Published 21 Oct 2016; accessed 08 Aug 2022.
Cui, A., Song, Y., Prabhu, P. V., and Stolfo, S. J. (2009). Brave new world: Pervasive insecurity of embedded network devices. In Kirda, E., Jha, S., and Balzarotti, D., editors, Recent Advances in Intrusion Detection, pages 378–380, Berlin, Heidelberg. Springer Berlin Heidelberg.
Gayle, D. (2016). ’smart’ devices ’too dumb’ to fend off cyber-attacks, say experts. [link]. Published 22 Oct 2016; accessed 08 Aug 2022.
Idzikowski, F., Chiaraviglio, L., Liu, W., and van de Beek, J. (2018). Future internet architectures and sustainability: An overview. In 2018 IEEE International Conference on Environmental Engineering (EE), pages 1–5.
McMillen, D. (2021). Minternet of threats: Iot botnets drive surge in network attacks. [link]. Published 22 Apr 2021; accessed 08 Aug 2022.
Niedermaier, M., Striegel, M., Sauer, F., Merli, D., and Sigl, G. (2019). Efficient intrusion detection on low-performance industrial iot edge node devices.
TheOpenGroup (1997). arpa/inet.h - definitions for internet operations. https://pubs.opengroup.org/onlinepubs/7908799/xns/arpainet.h.html. Accessed 08 Aug 2022.
Wegner, P. (2022). Global iot market size grew 22% in 2021 — these 16 factors affect the growth trajectory to 2027. https://iot-analytics.com/iot-market-size. Published 30 Mar 2022; accessed 08 Aug 2022.
Cui, A., Song, Y., Prabhu, P. V., and Stolfo, S. J. (2009). Brave new world: Pervasive insecurity of embedded network devices. In Kirda, E., Jha, S., and Balzarotti, D., editors, Recent Advances in Intrusion Detection, pages 378–380, Berlin, Heidelberg. Springer Berlin Heidelberg.
Gayle, D. (2016). ’smart’ devices ’too dumb’ to fend off cyber-attacks, say experts. [link]. Published 22 Oct 2016; accessed 08 Aug 2022.
Idzikowski, F., Chiaraviglio, L., Liu, W., and van de Beek, J. (2018). Future internet architectures and sustainability: An overview. In 2018 IEEE International Conference on Environmental Engineering (EE), pages 1–5.
McMillen, D. (2021). Minternet of threats: Iot botnets drive surge in network attacks. [link]. Published 22 Apr 2021; accessed 08 Aug 2022.
Niedermaier, M., Striegel, M., Sauer, F., Merli, D., and Sigl, G. (2019). Efficient intrusion detection on low-performance industrial iot edge node devices.
TheOpenGroup (1997). arpa/inet.h - definitions for internet operations. https://pubs.opengroup.org/onlinepubs/7908799/xns/arpainet.h.html. Accessed 08 Aug 2022.
Wegner, P. (2022). Global iot market size grew 22% in 2021 — these 16 factors affect the growth trajectory to 2027. https://iot-analytics.com/iot-market-size. Published 30 Mar 2022; accessed 08 Aug 2022.
Publicado
12/09/2022
Como Citar
MORAES, Eduardo Menezes; DE SOUZA, Rodrigo Teixeira; DA ROCHA, Rafael Oliveira; PEREIRA JR, Lourenço Alves.
iplite: a lightweight packet filter for NuttX. In: SALÃO DE FERRAMENTAS - SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 22. , 2022, Santa Maria.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2022
.
p. 159-166.
DOI: https://doi.org/10.5753/sbseg_estendido.2022.227059.