Program Analysis of Commodity IoT Applications for Security and Privacy: Challenges and Opportunities

TL;DR

This paper reviews the application of program analysis techniques to address security and privacy challenges in IoT systems, highlighting current efforts, limitations, and future opportunities.

Contribution

It provides a comprehensive study of IoT programming platforms, analyzing security issues, defenses, and the role of program analysis in enhancing IoT security and privacy.

Findings

Identified key security vulnerabilities in IoT platforms.

Reviewed existing program analysis techniques applied to IoT.

Highlighted challenges and opportunities for future research in IoT security.

Abstract

Recent advances in Internet of Things (IoT) have enabled myriad domains such as smart homes, personal monitoring devices, and enhanced manufacturing. IoT is now pervasive---new applications are being used in nearly every conceivable environment, which leads to the adoption of device-based interaction and automation. However, IoT has also raised issues about the security and privacy of these digitally augmented spaces. Program analysis is crucial in identifying those issues, yet the application and scope of program analysis in IoT remains largely unexplored by the technical community. In this paper, we study privacy and security issues in IoT that require program-analysis techniques with an emphasis on identified attacks against these systems and defenses implemented so far. Based on a study of five IoT programming platforms, we identify the key insights that result from research efforts in both the program analysis and security communities and relate the efficacy of program-analysis techniques to security and privacy issues. We conclude by studying recent IoT analysis systems and exploring their implementations. Through these explorations, we highlight key challenges and opportunities in calibrating for the environments in which IoT systems will be used.