Static analysis for discovering IoT vulnerabilities

The Open Web Application Security Project (OWASP), released the “OWASP Top 10 Internet of Things 2018” list of the high-priority security vulnerabilities for IoT systems. The diversity of these vulnerabilities poses a great challenge toward development of a robust solution for their detection and mi...

Full description

Saved in:
Bibliographic Details
Published in:International journal on software tools for technology transfer 2021-02, Vol.23 (1), p.71-88
Main Authors: Ferrara, Pietro, Mandal, Amit Kr, Cortesi, Agostino, Spoto, Fausto
Format: Article
Language:English
Subjects:
Applications programs
Computer Science
Foundation for Mastering Change
Internet of Things
Robustness (mathematics)
Security
Software Engineering
Software Engineering/Programming and Operating Systems
System effectiveness
Theory of Computation
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The Open Web Application Security Project (OWASP), released the “OWASP Top 10 Internet of Things 2018” list of the high-priority security vulnerabilities for IoT systems. The diversity of these vulnerabilities poses a great challenge toward development of a robust solution for their detection and mitigation. In this paper, we discuss the relationship between these vulnerabilities and the ones listed by OWASP Top 10 (focused on Web applications rather than IoT systems), how these vulnerabilities can actually be exploited, and in which cases static analysis can help in preventing them. Then, we present an extension of an industrial analyzer (Julia) that already covers five out of the top seven vulnerabilities of OWASP Top 10, and we discuss which IoT Top 10 vulnerabilities might be detected by the existing analyses or their extension. The experimental results present the application of some existing Julia’s analyses and their extension to IoT systems, showing its effectiveness of the analysis of some representative case studies.
ISSN:1433-2779
1433-2787
DOI:10.1007/s10009-020-00592-x