Evaluation Of Cyber Security Based On Niagara Framework

Niagara framework as an open Internet of Things platform,the framework uses the Java Virtual Machine as a common operating environment across operating systems and hardware platforms.The framework is designed to be compatible with all network integration protocols and for embedded systems that running Java virtual machines.The framework implements the modular development and packaging several functions in the bottom-up development approach,and also it is able to use Java library for third-party developers.However,this also creates new security conditions for the emergence of security vulnerabilities and hidden dangers.And the application system based on the Niagara framework will also face many security risks and threats.At present,the development and application of the Niagara framework is still in its infancy,and the framework itself has some potential security vulnerabilities that require further repair and improvement.By released new version in June 2018,Tridium has repaired the security vulnerabilities in Niagara AX and Niagara 4.One of the higher threat levels is the Path Traversal Vulnerability,which was existed in the versions issued before Niagara Framework 4.4.The vulnerability stems from the program not adequately filtering user-submitted input.A remote attacker can exploit the vulnerability to obtain sensitive information with legitimate platform administrator credentials.Tridium has released an update patch to fix this vulnerability,with the version upgrade of the Niagara IoT framework and application deployment in the monitoring systems,various types of security vulnerabilities will occur,requiring continuous inspection and repair work by R&D personnel.It is also a significative work to study the security of the framework.This study analyses and investigates the typical security threats and attacks face the Niagara IoT framework,including the typical threats and attack vectors leading to unauthorized access to industrial networks via the corporate information systems.Thus,this study first describes the basic structure of the Niagara framework,and discusses the threats are connected to a typical Niagara environment to draw what is needed to secure the Niagara environment.Moreover,this study proposes its own solutions for several security threats,focuses on three security threats and solutions.The first is cookie and session ID attacks.To avoid cookie and session ID attacks,we need to avoid session hijacking and ensure that authenticated cookies are involved in the login page.The second is a CSRF attack that occurs when a servlet page is used.To avoid this attack,we need to add an authentication token to the servlet page.The third type of attack is a network attack,this could happen when a requests is made,in order to avoid such an attack,the request permission on the Niagara framework module needs to be double checked.This study makes a security assessment of the above three security threats,analyses the potential security vulnerabilities of the existing Niagara framework,and studies the possible attack factors for the Niagara IoT framework.A solution was proposed for three different security vulnerabilities,and a security verification experiments were performed,and the testing experiments show that the proposed solution is effective,can eliminate potential security vulnerabilities,and can improve the security performance of Niagara framework.