With the growing and widespread use of Internet of Things (IoT) in our daily life, its security is becoming more crucial. To ensure information security, we require better security analysis tools for IoT applications. Hence, this paper presents an automated framework to evaluate taint-flow analysis tools in the domain of IoT applications. First, we propose a set of mutational operators tailored to evaluate three types of sensitivity analysis, flow, path and context sensitivity. Then we developed mutators to automatically generate mutants for those types. We demonstrated the framework on a subset of mutational operators to evaluate three taint-flow analyzers, SaINT, Taint-Things and FlowsMiner. Our framework and experiments ranked the taint analysis tools according to precision and recall as follows: Taint-Things (99% Recall, 100% Precision), FlowsMiner (100% Recall, 87.6% Precision), and SaINT (100% Recall, 56.8% Precision). To the best of our knowledge, our framework is the first framework to address the need for evaluating taint-flow analysis tools and specifically those developed for IoT SmartThings applications.
翻译:随着我们日常生活中日益广泛使用互联网(IoT),它的安全正变得越来越重要。为了确保信息安全,我们需要更好的IoT应用的安全分析工具。因此,本文件提出了一个自动框架,用于评价IoT应用领域的污染流分析工具。首先,我们提出一套突变操作器,专门评价三种灵敏度分析、流动、路径和背景敏感性。然后我们开发突变器,自动生成这些类型的变异体。我们展示了一组突变操作器的框架,以评价三种耐性流分析器、Saint、Taint-Things和FlowsMiner。我们的框架和实验按照精确度排列和回顾顺序排列了耐性分析工具的顺序如下:Taint-Tings(99%回召,100%精密度)、Flowsminer(100%回召,87.6%精密度)和Saint(100%回想起,56.8%的精度)。对于我们的知识而言,我们的框架是第一个满足对Smart-流程工具和具体开发的I应用的需要的框架。