This repository contains the code and data used in the paper "Zeus-IoT: Comprehensive Code Signing to Prevent IoT Device Weaponization." It is organized around two standalone evaluation claims (Effectiveness and Routing Impact), each with its own README, HOWTO, and EXPECTED outputs,use the links below to jump directly to the relevant materials.
- 📘 README: claims/claim1/README.md
- 🛠️ HOWTO: claims/claim1/HOWTO.md
- ✅ EXPECTED Outputs: claims/claim1/expected/EXPECTED.md
- 🧾 Claim Text: claims/claim1/claim.txt
Covers enforcement against statically/dynamically linked binaries, shared objects (
LD_PRELOAD) manipluation, kernel modules, Lua (inline/interactive/scripts), and shell scripts.
- 📘 README: claims/claim2/README.md
- 🛠️ HOWTO: claims/claim2/HOWTO.md
- ✅ EXPECTED Summary (iperf3): claims/claim2/expected/EXPECTED.md
- 🧾 Claim Text: claims/claim2/claim.txt
- 📂 Example iperf3 outputs:
claims/claim2/iperf3-expected-outputs/ - 🐍 Analyzer script: claims/claim2/iperf-analyze.py
Shows that routing/forwarding is unaffected; reports mean bitrate, standard deviation, and
% overheadofzeus_iotvsvanilla.
- 📘 Building the Zeus_IoT-enabled OpenWRT Image: build/README.md
install.sh- install host prerequisites (once)network_setup.sh- prepare TAPs/bridge/veth/namespacerun.sh- launch one OpenWRT variant:./run.sh <zeus_iot|vanilla>kill_qemu.sh- stop any running QEMU VMartifact/zeus_iot/arm-openwrt.sh- QEMU launcher (Zeus_IoT)artifact/vanilla/arm-openwrt.sh- QEMU launcher (Vanilla)
Note: Run only one OpenWRT variant at a time. Use
./kill_qemu.shbefore switching.