An Automated Approach for Privacy Leakage Identification in IoT Apps
February 07, 2022 Β· Declared Dead Β· π IEEE Access
"No code URL or promise found in abstract"
Evidence collected by the PWNC Scanner
Authors
Bara' Nazzal, Manar H. Alalfi
arXiv ID
2202.02895
Category
cs.SE: Software Engineering
Cross-listed
cs.CR
Citations
4
Venue
IEEE Access
Last Checked
4 months ago
Abstract
This paper presents a fully automated static analysis approach and a tool, Taint-Things, for the identification of tainted flows in SmartThings IoT apps. Taint-Things accurately identifies all tainted flows reported by one of the state-of-the-art tools with at least 4 times improved performance. Our approach reports potential vulnerable tainted flows in a form of a concise security slice, where the relevant parts of the code are given with the lines affecting the sensitive information, which could provide security auditors with an effective and precise tool to pinpoint security issues in SmartThings apps under test. We also present and test ways to add precision to Taint-Things by adding extra sensitivities; we provide different approaches for flow, path and context sensitive analyses through modules that can be added to Taint-Things. We present experiments to evaluate Taint-Things by running it on a SmartThings app dataset as well as testing for precision and recall on a set generated by a mutation framework to see how much coverage is achieved without adding false positives. This shows an improvement in performance both in terms of speed up to 4 folds, as well as improving the precision avoiding false positives by providing a higher level of flow and path sensitivity analysis in comparison with one of state of the art tools.
Community Contributions
Found the code? Know the venue? Think something is wrong? Let us know!
π Similar Papers
In the same crypt β Software Engineering
R.I.P.
π»
Ghosted
R.I.P.
π»
Ghosted
Microservices: yesterday, today, and tomorrow
π
π
The Cartographer
A Survey of Machine Learning for Big Code and Naturalness
R.I.P.
π»
Ghosted
An Overview on Smart Contracts: Challenges, Advances and Platforms
R.I.P.
π»
Ghosted
Slither: A Static Analysis Framework For Smart Contracts
R.I.P.
π»
Ghosted
ContractFuzzer: Fuzzing Smart Contracts for Vulnerability Detection
Died the same way β π» Ghosted
R.I.P.
π»
Ghosted
Federated Learning: Strategies for Improving Communication Efficiency
R.I.P.
π»
Ghosted
In-Datacenter Performance Analysis of a Tensor Processing Unit
R.I.P.
π»
Ghosted
Deep Convolutional Neural Networks for Computer-Aided Detection: CNN Architectures, Dataset Characteristics and Transfer Learning
R.I.P.
π»
Ghosted