An Automated Approach for Privacy Leakage Identification in IoT Apps

by   Bara Nazzal, et al.

This paper presents a fully automated static analysis approach and a tool, Taint-Things, for the identification of tainted flows in SmartThings IoT apps. Taint-Things accurately identifies all tainted flows reported by one of the state-of-the-art tools with at least 4 times improved performance. Our approach reports potential vulnerable tainted flows in a form of a concise security slice, where the relevant parts of the code are given with the lines affecting the sensitive information, which could provide security auditors with an effective and precise tool to pinpoint security issues in SmartThings apps under test. We also present and test ways to add precision to Taint-Things by adding extra sensitivities; we provide different approaches for flow, path and context sensitive analyses through modules that can be added to Taint-Things. We present experiments to evaluate Taint-Things by running it on a SmartThings app dataset as well as testing for precision and recall on a set generated by a mutation framework to see how much coverage is achieved without adding false positives. This shows an improvement in performance both in terms of speed up to 4 folds, as well as improving the precision avoiding false positives by providing a higher level of flow and path sensitivity analysis in comparison with one of state of the art tools.


page 1

page 2

page 3

page 4


A Mutation Framework for Evaluating Security Analysis tools in IoT Applications

With the growing and widespread use of Internet of Things (IoT) in our d...

IIFA: Modular Inter-app Intent Information Flow Analysis of Android Applications

Android apps cooperate through message passing via intents. However, whe...

Sensitive Information Tracking in Commodity IoT

Broadly defined as the Internet of Things (IoT), the growth of commodity...

Securing IoT Apps with Fine-grained Control of Information Flows

Internet of Things is growing rapidly, with many connected devices now a...

Path-sensitive Type Analysis with Backward Analysis for Quality Assurance of Dynamic Typed Language Code

Precise and fast static type analysis for dynamically typed language is ...

Predicting sensitive information leakage in IoT applications using flows-aware machine learning approach

This paper presents an approach for identification of vulnerable IoT app...

Please sign up or login with your details

Forgot password? Click here to reset