This course aims to teach learners how to build secure input-handling functionality for application-layer IoT protocols using the Language-theoretic Security (LangSec) philosophy. The course covers topics such as understanding the problem, language protocols like MQTT and XMPP, methodology, limitations, results, and performance. The teaching method involves presenting a methodology and demonstrating working implementations for the XMPP and MQTT protocols. This course is intended for individuals interested in enhancing the security of Internet-of-Things clients through language-theoretic security principles.
Building Hardened Internet-of-Things Clients with Language-Theoretic Security
Overview
Syllabus
Introduction
Outline
Problem
Language
Protocols
MQTT
MQTT Protocol
MQTT State Machine
XMPP
XMPP Messages
Contributions
Passing in the IoT
Approach
Methodology
State Machine Gem
Writing Individual Passes
Limitations
Results
Performance
MQTT Performance
Simple Phaser
Parse Tree
Fuzzing Limitations
Lessons Learned
Next Steps
Taught by
IEEE Symposium on Security and Privacy
