Visible to the public Biblio

Filters: Author is Pastrana, Sergio  [Clear All Filters]
Alberca, Carlos, Pastrana, Sergio, Suarez-Tangil, Guillermo, Palmieri, Paolo.  2016.  Security Analysis and Exploitation of Arduino Devices in the Internet of Things. Proceedings of the ACM International Conference on Computing Frontiers. :437–442.

The pervasive presence of interconnected objects enables new communication paradigms where devices can easily reach each other while interacting within their environment. The so-called Internet of Things (IoT) represents the integration of several computing and communications systems aiming at facilitating the interaction between these devices. Arduino is one of the most popular platforms used to prototype new IoT devices due to its open, flexible and easy-to-use architecture. Ardunio Yun is a dual board microcontroller that supports a Linux distribution and it is currently one of the most versatile and powerful Arduino systems. This feature positions Arduino Yun as a popular platform for developers, but it also introduces unique infection vectors from the security viewpoint. In this work, we present a security analysis of Arduino Yun. We show that Arduino Yun is vulnerable to a number of attacks and we implement a proof of concept capable of exploiting some of them.

Garrido-Pelaz, Roberto, González-Manzano, Lorena, Pastrana, Sergio.  2016.  Shall We Collaborate?: A Model to Analyse the Benefits of Information Sharing Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security. :15–24.

Nowadays, both the amount of cyberattacks and their sophistication have considerably increased, and their prevention concerns many organizations. Cooperation by means of information sharing is a promising strategy to address this problem, but unfortunately it poses many challenges. Indeed, looking for a win-win environment is not straightforward and organizations are not properly motivated to share information. This work presents a model to analyse the benefits and drawbacks of information sharing among organizations that present a certain level of dependency. The proposed model applies functional dependency network analysis to emulate attacks propagation and game theory for information sharing management. We present a simulation framework implementing the model that allows for testing different sharing strategies under several network and attack settings. Experiments using simulated environments show how the proposed model provides insights on which conditions and scenarios are beneficial for information sharing.