Litcius/Paper detail

Static analysis for discovering IoT vulnerabilities

Pietro Ferrara, Amit Kr Mandal, Agostino Cortesi, Fausto Spoto

2020International Journal on Software Tools for Technology Transfer86 citationsDOIOpen Access PDF

Abstract

Abstract The Open Web Application Security Project (OWASP), released the “OWASP Top 10 Internet of Things 2018” list of the high-priority security vulnerabilities for IoT systems. The diversity of these vulnerabilities poses a great challenge toward development of a robust solution for their detection and mitigation. In this paper, we discuss the relationship between these vulnerabilities and the ones listed by OWASP Top 10 (focused on Web applications rather than IoT systems), how these vulnerabilities can actually be exploited, and in which cases static analysis can help in preventing them. Then, we present an extension of an industrial analyzer (Julia) that already covers five out of the top seven vulnerabilities of OWASP Top 10, and we discuss which IoT Top 10 vulnerabilities might be detected by the existing analyses or their extension. The experimental results present the application of some existing Julia’s analyses and their extension to IoT systems, showing its effectiveness of the analysis of some representative case studies.

Topics & Concepts

Computer scienceInternet of ThingsSecure codingComputer securityExtension (predicate logic)Static analysisSoftware security assuranceInformation securityProgramming languageSecurity serviceNetwork Security and Intrusion DetectionAdvanced Malware Detection TechniquesSecurity and Verification in Computing
Static analysis for discovering IoT vulnerabilities | Litcius