Title | Security Analysis for SmartThings IoT Applications |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Schmeidl, Florian, Nazzal, Bara, Alalfi, Manar H. |
Conference Name | 2019 IEEE/ACM 6th International Conference on Mobile Software Engineering and Systems (MOBILESoft) |
Keywords | composability, data flow analysis, fully automated static analysis approach, Internet of Things, IoT SmartHome Apps, Metrics, program diagnostics, pubcrawl, public domain software, security analysis, security auditors, security of data, SmartThings IoT applications, software security, taint analysis, Taint Static Analysis, Taint-Things, tainted flows |
Abstract | This paper presents a fully automated static analysis approach and a tool, Taint-Things, for the identification of tainted flows in SmartThings IoT apps. Taint-Things accurately identified all tainted flows reported by one of the state-of the-art tools with at least 4 times improved performance. In addition, our approach reports potential vulnerable tainted flow in a form of a concise security slice, which could provide security auditors with an effective and precise tool to pinpoint security issues in SmartThings apps under test. |
DOI | 10.1109/MOBILESoft.2019.00013 |
Citation Key | schmeidl_security_2019 |