The following content has been provided by the University of Erlangen-Nürnberg.

Thank you very much for the introduction.

Looking at the significant increase in the number of interconnected smart devices and

emergence of Internet of Things, that made security one of the major design concerns

in today's application.

Looking at examples here, in this diagram we will see different types of applications

where these smart devices are used, for example, intelligent medical devices or automated car

system, smart city, smart hospital.

Looking at different cases, the level of criticality in these different areas of application are

not the same.

Some areas like medical devices or automated car system have higher level of criticality,

while, for example, controlling the energy or home energy management may be considered

less critical.

And if we add the connection of these devices, smart devices, through the cloud to each other,

that again raises other concerns from security point of view.

So in this presentation, first I explain briefly about the security vulnerability that we are

concerned, followed by explaining of our proposed approach, starting from a motivating scenario,

looking at threat and security models and our architectural support, and then overview

of some related work, and finally conclusion and discussion about some possible future

works.

The security issues that we are concerned here are related to, first, confidentiality.

We don't want the information to be leaked or to be accessed by unauthorized parties.

The other issue to be concerned is integrity.

We don't want the information in our system to be tampered with by adversaries or attackers

outside the authority of getting access to the system.

And the other concern is authentication.

We want only to provide information to be accessed by identified and authorized parties

and whenever they need.

Usually in some system, they use some form of cryptographic algorithm to cope with these

security issues.

But depending on the application, using cryptographic techniques might have significant performance

overhead, might not be useful in some especially embedded application.

And the other point is the level of security support are not the same in different levels

of applications.

So it is not the case that always we need to have the highest security support for our

application.

So we look at other things, other approaches, rather than using cryptographic to minimize

the impact of the compromised task when we have the security vulnerability.

So examples of security threat, we can look at them from software point of view, software

related attack.

One of the most common attack is code injection.

And this usually happens due to some bugs in the software.

For example, buffer overflow, which provides opportunity for attacker to take control of

the system.

In this case, the code integrity of the system would be affected and attacker inject and

execute malicious code to have control on the system.

One example here, for example, due to software buffer overflow problem, this stack area,

the stack frame area can be extended and then the attacker may put its own or his own return

address instead of the code to return to the caller function, the proper location.

It may transfer or jump to the beginning of the malicious code and in this case, the system