Abstract
Cross-program propagation of tainted data (such as sensitive information or user input) in an interactive IoT system is listed among the OWASP IoT top 10 most critical security risks. When programs run on distinct devices, as it occurs in IoT systems, they communicate through different channels in order to implement some functionality. Hence, in order to prove the overall system secure, an analysis must consider how these components interact. Standard taint analyses detect if a value coming from a source (such as methods that retrieve user input or sensitive data) flows into a sink (typically, methods that execute SQL queries or send data into the Internet), unsanitized (that is, not properly escaped). This work devises a cross-program taint analysis that leverages an existing intra-program taint analysis to detect security vulnerabilities in multiple communicating programs. The proposed framework has been implemented above the intra-program taint analysis of the Julia static analyzer. Preliminary experimental results on multi-program IoT systems, publicly available on GitHub, show that the technique is effective and detects inter-program flows of tainted data that could not be discovered by analyzing each program in isolation.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
