Title :
Securing energy metering software with automatic source code correction
Author :
Medeiros, Iberia ; Neves, Nuno F. ; Correia, Miguel
Author_Institution :
Fac. of Sci., Univ. of Lisboa, Lisbon, Portugal
Abstract :
Industry is using power meters to monitor the consumption of energy and achieving cost savings. This monitoring often involves energy metering software with a web interface. However, web applications often have vulnerabilities that can be exploited by cyber-attacks. We present an approach and a tool to solve this problem by analyzing the application source code and automatically inserting fixes to remove the discovered vulnerabilities. We demonstrate the use of the tool with two open source energy metering applications in which it found and corrected 17 vulnerabilities. By looking in more detail into some of these vulnerabilities, we argue that they are very serious, leading to the following impacts: violation of user privacy, counter the benefits of energy metering, and serve as entering points for attacks on other user software.
Keywords :
Internet; computerised monitoring; data privacy; power consumption; power meters; power system measurement; program compilers; program diagnostics; public domain software; source coding; Web applications; Web interface; application source code; automatic source code correction; cost savings; cyber-attacks; energy consumption monitoring; energy metering software security; open source energy metering applications; power meters; user privacy violation; vulnerability removal; Browsers; Databases; Energy measurement; Monitoring; Software; Temperature measurement; Wireless application protocol;
Conference_Titel :
Industrial Informatics (INDIN), 2013 11th IEEE International Conference on
Conference_Location :
Bochum
DOI :
10.1109/INDIN.2013.6622969
