This paper presents a fully automated static analysis approach and a tool, Taint-Things, for the identification of tainted flows in SmartThings IoT apps. Taint-Things accurately identifies all tainted flows reported by one of the state-of-the-art tools with at least 4 times improved performance. Our approach reports potential vulnerable tainted flows in a form of a concise security slice, where the relevant parts of the code are given with the lines affecting the sensitive information, which could provide security auditors with an effective and precise tool to pinpoint security issues in SmartThings apps under test. We also present and test ways to add precision to Taint-Things by adding extra sensitivities; we provide different approaches for flow, path and context sensitive analyses through modules that can be added to Taint-Things. We present experiments to evaluate Taint-Things by running it on a SmartThings app dataset as well as testing for precision and recall on a set generated by a mutation framework to see how much coverage is achieved without adding false positives. This shows an improvement in performance both in terms of speed up to 4 folds, as well as improving the precision avoiding false positives by providing a higher level of flow and path sensitivity analysis in comparison with one of state of the art tools.
翻译:本文介绍了一种完全自动化的静态分析方法和一种工具,即Taint-Things,用于识别SmartTingings IoT Apps中受污染的流量的工具。Taint-Things准确地识别了由最先进的工具之一报告的所有受污染流量,其性能至少改进了4倍。我们的方法报告了潜在的脆弱污染流动,其形式是简明安全片,其中代码的相关部分与影响敏感信息的行线相匹配,这可以为安全审计员提供一个有效而精确的工具,用以确定正在测试的SmartThing Apps中的安全问题。我们还提出并测试了如何通过添加额外敏感度来提高Taint-Things的准确度的方法;我们提供了通过可添加到Taint-Thingss的模块进行对流动、路径和背景敏感度分析的不同方法。我们介绍了通过在智能Things app数据集上运行来评估Taint-Things,以及测试和回顾由突变框架生成的一套数据集,以便了解在不增加虚假的正面正面正面效果的情况下实现多少覆盖。这显示在向4个方向上提高了的精确度方面的性分析的进度方面的改进,通过提供一种精确性分析,从而改进了一种精确度的精确度,从而改进了一种精确度,从而提供了一种精确度的精确性分析,从而避免了一种精确度,从而改进了一种精确度。
相关内容
微信扫码咨询专知VIP会员