An Automated Approach for Privacy Leakage Identification in IoT Apps
Bara' Nazzal, Manar H. Alalfi
TL;DR
This paper introduces Taint-Things, an automated static analysis tool that efficiently detects privacy leaks in IoT apps with improved speed and accuracy, aiding security audits.
Contribution
The paper presents a novel automated static analysis approach and tool, Taint-Things, which enhances detection speed and precision for privacy leaks in IoT applications.
Findings
Taint-Things achieves at least 4 times faster performance than existing tools.
It accurately identifies all tainted flows reported by state-of-the-art tools.
The tool reduces false positives through enhanced flow, path, and context sensitivity.
Abstract
This paper presents a fully automated static analysis approach and a tool, Taint-Things, for the identification of tainted flows in SmartThings IoT apps. Taint-Things accurately identifies all tainted flows reported by one of the state-of-the-art tools with at least 4 times improved performance. Our approach reports potential vulnerable tainted flows in a form of a concise security slice, where the relevant parts of the code are given with the lines affecting the sensitive information, which could provide security auditors with an effective and precise tool to pinpoint security issues in SmartThings apps under test. We also present and test ways to add precision to Taint-Things by adding extra sensitivities; we provide different approaches for flow, path and context sensitive analyses through modules that can be added to Taint-Things. We present experiments to evaluate Taint-Things by…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Digital and Cyber Forensics · Security and Verification in Computing