Communications - August 2010

exercise greater care in selecting Web server implementations and demand better security from external embedded Web server developers and their own engineering staff. Second, complex embedded application logic and state need to be more visible, which would enable vulnerability scans either from the same host (in the case of LOM) or over the network (for appliances not running a general-purpose OS). Third, the Web community needs to recognize that embedded Web sites can have fundamentally different use models from those usually seen on the Internet: we have to enable these two paradigms to coexist securely.

7. concLuSion

Networked appliances are not as secure and harmless as they are often assumed to be. The advent of browser-centric Web 2.0 computing has amplified the scope of attacks possible via embedded devices, giving rise to XCS. There is much work to be done before hardware vendors start to routinely design and test for security, Web browsers are capable of dealing securely with different classes of Web applications, and users are enabled to make and execute decisions about managing their networked private data. We hope that we have at least made the first step toward that goal.

1. balzarotti, d., Cova, M., Felmetsger,
V., Jovanovic, n., Kirda, e., Kruegel,
C., Vigna, G. saner: Composing static
and dynamic analysis to validate
sanitization in Web applications. In
IEEE Symposium on Security and
Privacy (2008).

hristo Bojinov ( hristo@cs.stanford.edu), stanford university, stanford, Ca. Elie Bursztein ( elie@cs.stanford.edu), stanford university, stanford, Ca.