iplite: a lightweight packet filter for NuttX
Abstract
The project proposes a lightweight packet filter in a Real-Time Operating System (RTOS), aiming to provide an additional security layer to embedded systems, allowing the users to create their security policies through the filtering process of the ingress network packets. The iplite firewall was implemented on NuttX OS based on the best practices of the Linux Netfilter firewall and consists basically of two parts: an application on user space, homonymously called iplite, which serves to provide the user CLI, besides a module on kernel space, netfilterlite, responsible for providing the APIs. As an open-source project, our solution allows the reproducibility of the experiments and the firewall core adaptation to other operating systems.
Keywords:
Computing, Open-source, Security, Firewall, Operating System, RTOS, IoT, NuttX
References
Chacos, B. (2016). Major ddos attack on dyn dns knocks spotify, twitter, github, paypal, and more offline. https://www.pcworld.com/article/410774. Published 21 Oct 2016; accessed 08 Aug 2022.
Cui, A., Song, Y., Prabhu, P. V., and Stolfo, S. J. (2009). Brave new world: Pervasive insecurity of embedded network devices. In Kirda, E., Jha, S., and Balzarotti, D., editors, Recent Advances in Intrusion Detection, pages 378–380, Berlin, Heidelberg. Springer Berlin Heidelberg.
Gayle, D. (2016). ’smart’ devices ’too dumb’ to fend off cyber-attacks, say experts. [link]. Published 22 Oct 2016; accessed 08 Aug 2022.
Idzikowski, F., Chiaraviglio, L., Liu, W., and van de Beek, J. (2018). Future internet architectures and sustainability: An overview. In 2018 IEEE International Conference on Environmental Engineering (EE), pages 1–5.
McMillen, D. (2021). Minternet of threats: Iot botnets drive surge in network attacks. [link]. Published 22 Apr 2021; accessed 08 Aug 2022.
Niedermaier, M., Striegel, M., Sauer, F., Merli, D., and Sigl, G. (2019). Efficient intrusion detection on low-performance industrial iot edge node devices.
TheOpenGroup (1997). arpa/inet.h - definitions for internet operations. https://pubs.opengroup.org/onlinepubs/7908799/xns/arpainet.h.html. Accessed 08 Aug 2022.
Wegner, P. (2022). Global iot market size grew 22% in 2021 — these 16 factors affect the growth trajectory to 2027. https://iot-analytics.com/iot-market-size. Published 30 Mar 2022; accessed 08 Aug 2022.
Cui, A., Song, Y., Prabhu, P. V., and Stolfo, S. J. (2009). Brave new world: Pervasive insecurity of embedded network devices. In Kirda, E., Jha, S., and Balzarotti, D., editors, Recent Advances in Intrusion Detection, pages 378–380, Berlin, Heidelberg. Springer Berlin Heidelberg.
Gayle, D. (2016). ’smart’ devices ’too dumb’ to fend off cyber-attacks, say experts. [link]. Published 22 Oct 2016; accessed 08 Aug 2022.
Idzikowski, F., Chiaraviglio, L., Liu, W., and van de Beek, J. (2018). Future internet architectures and sustainability: An overview. In 2018 IEEE International Conference on Environmental Engineering (EE), pages 1–5.
McMillen, D. (2021). Minternet of threats: Iot botnets drive surge in network attacks. [link]. Published 22 Apr 2021; accessed 08 Aug 2022.
Niedermaier, M., Striegel, M., Sauer, F., Merli, D., and Sigl, G. (2019). Efficient intrusion detection on low-performance industrial iot edge node devices.
TheOpenGroup (1997). arpa/inet.h - definitions for internet operations. https://pubs.opengroup.org/onlinepubs/7908799/xns/arpainet.h.html. Accessed 08 Aug 2022.
Wegner, P. (2022). Global iot market size grew 22% in 2021 — these 16 factors affect the growth trajectory to 2027. https://iot-analytics.com/iot-market-size. Published 30 Mar 2022; accessed 08 Aug 2022.
Published
2022-09-12
How to Cite
MORAES, Eduardo Menezes; DE SOUZA, Rodrigo Teixeira; DA ROCHA, Rafael Oliveira; PEREIRA JR, Lourenço Alves.
iplite: a lightweight packet filter for NuttX. In: TOOLS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 22. , 2022, Santa Maria.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2022
.
p. 159-166.
DOI: https://doi.org/10.5753/sbseg_estendido.2022.227059.
