Internet-of-things devices are widely deployed and suffer from easy-to-exploit securityissues. Due to code and platform reuse the same vulnerability oftentimes ends up affectinga large installed base. These circumstances—poor-quality code paired with softwarehomogeneity—are similar to those which gave rise to internet worms, such as CodeRed,in the early 2000’s. Indeed, the same circumstances have already enabled the creation ofbotnets such as Mirai; more destructive types of attacks, like ones in which compromiseddevices disrupt the power grid, are likely in the near future.In this thesis, we tackle one of the enabling factors of these attacks: software homo-geneity. We proposeALOJA, a technique to inject syntax mutations in application-levelnetwork protocols used in the IoT space.ALOJAmakes it easy to diversify a protocol intoa myriad of functionally identical—but syntactically different—dialects, at the granularityof individual deployments or even devices. This form of moving-target defense disruptslarge-scale scanning and compromise of IoT devices, by preventing fast-propagating, one-size-fits-all network exploits.ALOJA’s mutations can be static or dynamic (i.e., evolvingwith time), covering different use cases and threat models. Internally,ALOJAidentifiesmessage constructor and parser functions using a novel static analysis algorithm. It thenmodifies these functions by injecting code templates, which cause mutations in the wireformat of the protocol.

Creator

• Ren, Tongwei

Contributors

• DeCarli, Lorenzo

Degree

• MS

Unit

• Computer Science

Publisher

• Worcester Polytechnic Institute

Identifier

• etd-21821

Advisor

• DeCarli, Lorenzo

Defense date

• 2021-04-29

Year

• 2021

Date created

• 2021-05-04

Resource type

• Thesis

Rights statement

• In Copyright