Visible to the public Security Analysis for SmartThings IoT Applications

TitleSecurity Analysis for SmartThings IoT Applications
Publication TypeConference Paper
Year of Publication2019
AuthorsSchmeidl, Florian, Nazzal, Bara, Alalfi, Manar H.
Conference Name2019 IEEE/ACM 6th International Conference on Mobile Software Engineering and Systems (MOBILESoft)
Keywordscomposability, data flow analysis, fully automated static analysis approach, Internet of Things, IoT SmartHome Apps, Metrics, program diagnostics, pubcrawl, public domain software, security analysis, security auditors, security of data, SmartThings IoT applications, software security, taint analysis, Taint Static Analysis, Taint-Things, tainted flows
AbstractThis paper presents a fully automated static analysis approach and a tool, Taint-Things, for the identification of tainted flows in SmartThings IoT apps. Taint-Things accurately identified all tainted flows reported by one of the state-of the-art tools with at least 4 times improved performance. In addition, our approach reports potential vulnerable tainted flow in a form of a concise security slice, which could provide security auditors with an effective and precise tool to pinpoint security issues in SmartThings apps under test.
DOI10.1109/MOBILESoft.2019.00013
Citation Keyschmeidl_security_2019