Security Analysis for SmartThings IoT Applications

被引:0
|
作者
Schmeidl, Florian [1 ]
Nazzal, Bara' [1 ]
Alalfi, Manar H. [1 ]
机构
[1] Ryerson Univ, Dept Comp Sci, Toronto, ON, Canada
来源
2019 IEEE/ACM 6TH INTERNATIONAL CONFERENCE ON MOBILE SOFTWARE ENGINEERING AND SYSTEMS (MOBILESOFT 2019) | 2019年
基金
加拿大自然科学与工程研究理事会;
关键词
D O I
暂无
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
This paper presents a fully automated static analysis approach and a tool, Taint-Things, for the identification of tainted flows in SmartThings IoT apps. Taint-Things accurately identified all tainted flows reported by one of the state-of the-art tools with at least 4 times improved performance. In addition, our approach reports potential vulnerable tainted flow in a form of a concise security slice, which could provide security auditors with an effective and precise tool to pinpoint security issues in SmartThings apps under test.
引用
收藏
页码:25 / 29
页数:5
相关论文
共 50 条
  • [1] Serverless Security Analysis for IoT Applications
    Ortega Candel, Jose Manuel
    Mora Gimeno, Francisco Jose
    Mora Mora, Higinio
    PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON UBIQUITOUS COMPUTING & AMBIENT INTELLIGENCE (UCAMI 2022), 2023, 594 : 393 - 400
  • [2] SmartVisual: a visualisation tool for SmartThings IoT Apps using static analysis
    Bak, Na-Yeon
    Chang, Byeong-Mo
    Choi, Kwanghoon
    IET SOFTWARE, 2020, 14 (04) : 411 - 422
  • [3] A GQM Approach to Evaluation of the Quality of SmartThings Applications Using Static Analysis
    Chang, Byeong-Mo
    Son, Janine Cassandra
    Choi, Kwanghoon
    KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS, 2020, 14 (06): : 2354 - 2376
  • [4] A mutation framework for evaluating security analysis tools in IoT applications
    Alalfi, Manar H.
    Parveen, Sajeda
    Nazzal, Bara
    SOFTWARE TESTING VERIFICATION & RELIABILITY, 2022, 32 (07):
  • [5] A Mutation Framework for Evaluating Security Analysis Tools in IoT Applications
    Parveen, Sajeda
    Alalfi, Manar H.
    PROCEEDINGS OF THE 2020 IEEE 27TH INTERNATIONAL CONFERENCE ON SOFTWARE ANALYSIS, EVOLUTION, AND REENGINEERING (SANER '20), 2020, : 587 - 591
  • [6] Poster Abstract: SmartAppZoo: a Repository of SmartThings Apps for IoT Benchmarking
    Wang, Zhaohui
    Luo, Bo
    Li, Fengjun
    PROCEEDINGS 8TH ACM/IEEE CONFERENCE ON INTERNET OF THINGS DESIGN AND IMPLEMENTATION, IOTDI 2023, 2023, : 448 - 449
  • [7] Security Vulnerabilities in Consumer IoT Applications
    Shakdher, Arjun
    Agrawal, Suyash
    Yang, Baijian
    2019 IEEE 5TH INTL CONFERENCE ON BIG DATA SECURITY ON CLOUD (BIGDATASECURITY) / IEEE INTL CONFERENCE ON HIGH PERFORMANCE AND SMART COMPUTING (HPSC) / IEEE INTL CONFERENCE ON INTELLIGENT DATA AND SECURITY (IDS), 2019, : 1 - 6
  • [8] Analysis on Security and Privacy Guidelines: RFID-Based IoT Applications
    Abdulghani, Hezam Akram
    Nijdam, Niels Alexander
    Konstantas, Dimitri
    IEEE Access, 2022, 10 : 131528 - 131554
  • [9] Program Analysis of Commodity IoT Applications for Security and Privacy: Challenges and Opportunities
    Celik, Z. Berkay
    Fernandes, Earlence
    Pauley, Eric
    Tan, Gang
    Mcdaniel, Patrick
    ACM COMPUTING SURVEYS, 2019, 52 (04)
  • [10] Analysis on Security and Privacy Guidelines: RFID-Based IoT Applications
    Abdulghani, Hezam Akram
    Nijdam, Niels Alexander
    Konstantas, Dimitri
    IEEE ACCESS, 2022, 10 : 131528 - 131554
12345