Program Analysis of Commodity IoT Applications for Security and Privacy

Abstract

Recent advances in Internet of Things (IoT) have enabled myriad domains such as smart homes, personal monitoring devices, and enhanced manufacturing. IoT is now pervasive—new applications are being used in nearly every conceivable environment, which leads to the adoption of device-based interaction and automation. However, IoT has also raised issues about the security and privacy of these digitally augmented spaces. Program analysis is crucial in identifying those issues, yet the application and scope of program analysis in IoT remains largely unexplored by the technical community. In this article, we study privacy and security issues in IoT that require program-analysis techniques with an emphasis on identified attacks against these systems and defenses implemented so far. Based on a study of five IoT programming platforms, we identify the key insights that result from research efforts in both the program analysis and security communities and relate the efficacy of program-analysis techniques to security and privacy issues. We conclude by studying recent IoT analysis systems and exploring their implementations. Through these explorations, we highlight key challenges and opportunities in calibrating for the environments in which IoT systems will be used.

Document Details

Document Type
Pub Defense Publication
Publication Date
Aug 30, 2019
Source ID
10.1145/3333501

Entities

People

  • Earlence Fernandes
  • Eric Pauley
  • Gang Tan
  • Patrick Drew McDaniel
  • Z. Berkay Celik

Organizations

  • National Science Foundation
  • Pennsylvania State University
  • United States Army Research Laboratory
  • University of Washington

Tags

Fields of Study

  • Computer science

Readers

  • Agent-Based Social Robotics and Mobile-Assisted Learning in Virtual Environments.
  • Cybersecurity.
  • Systems Analysis and Design

Technology Areas

  • 5G
  • 5G - DoD 5G Program
  • 5G - Internet of Things
  • Space