A Mutation Framework for Evaluating Security Analysis tools in IoT Applications

TL;DR

This paper introduces an automated mutational framework to evaluate and compare the effectiveness of taint-flow security analysis tools specifically designed for IoT applications, focusing on their sensitivity analysis capabilities.

Contribution

It presents the first framework tailored for evaluating taint-flow analysis tools in IoT, using mutational operators to assess tool accuracy in detecting security issues.

Findings

Taint-Things achieved 99% recall and 100% precision.

FlowsMiner achieved 100% recall and 87.6% precision.

SaINT achieved 100% recall and 56.8% precision.

Abstract

With the growing and widespread use of Internet of Things (IoT) in our daily life, its security is becoming more crucial. To ensure information security, we require better security analysis tools for IoT applications. Hence, this paper presents an automated framework to evaluate taint-flow analysis tools in the domain of IoT applications. First, we propose a set of mutational operators tailored to evaluate three types of sensitivity analysis, flow, path and context sensitivity. Then we developed mutators to automatically generate mutants for those types. We demonstrated the framework on a subset of mutational operators to evaluate three taint-flow analyzers, SaINT, Taint-Things and FlowsMiner. Our framework and experiments ranked the taint analysis tools according to precision and recall as follows: Taint-Things (99% Recall, 100% Precision), FlowsMiner (100% Recall, 87.6% Precision), and SaINT (100% Recall, 56.8% Precision). To the best of our knowledge, our framework is the first framework to address the need for evaluating taint-flow analysis tools and specifically those developed for IoT SmartThings applications.