Abstract

IoT devices and networks for military operations face special security challenges not faced by commercial IoT. During military operations it is not possible to guarantee the physical security of all IoT nodes. Hostile agents will attempt to attack, disable, deceive, co‐opt, and capture military IoT systems. An IoT network consists of layers of hardware, firmware and software logic produced and programmed by many different organizations residing in multiple nations. Certifying the integrity and vulnerability‐free state of all elements and levels of IoT nodes increasingly becomes an intractable challenge for defense use of IoT. Today, if an enemy captures a rifle, one weapon has been lost. However, if an IoT network connects that rifle to all other rifles as well as to an entire logistics train, then the loss of one weapon may allow malware to alter the course of an entire battle. One approach to prevent the compromise of one IoT node from spreading through the network via malware is to ensure that the interface software of all IoT elements contains no exploitable software vulnerabilities. To eliminate software vulnerabilities, interface code can be automatically generated starting from high‐level specifications using an automatic code generator that has been verified by formal methods ...