4 research outputs found
Program Analysis of Commodity IoT Applications for Security and Privacy: Challenges and Opportunities
Recent advances in Internet of Things (IoT) have enabled myriad domains such
as smart homes, personal monitoring devices, and enhanced manufacturing. IoT is
now pervasive---new applications are being used in nearly every conceivable
environment, which leads to the adoption of device-based interaction and
automation. However, IoT has also raised issues about the security and privacy
of these digitally augmented spaces. Program analysis is crucial in identifying
those issues, yet the application and scope of program analysis in IoT remains
largely unexplored by the technical community. In this paper, we study privacy
and security issues in IoT that require program-analysis techniques with an
emphasis on identified attacks against these systems and defenses implemented
so far. Based on a study of five IoT programming platforms, we identify the key
insights that result from research efforts in both the program analysis and
security communities and relate the efficacy of program-analysis techniques to
security and privacy issues. We conclude by studying recent IoT analysis
systems and exploring their implementations. Through these explorations, we
highlight key challenges and opportunities in calibrating for the environments
in which IoT systems will be used.Comment: syntax and grammar error are fixed, and IoT platforms are updated to
match with the submissio
Program Analysis for Security and Privacy Report on the WS PASSWORD at ECOOP’06
Abstract. Software security has become more important than ever. Unfortunately, still now, the security of a software system is almost always retrofitted to an afterthought. When security problems arise, understanding and correcting them can be very challenging. On the one hand, the program analysis research community has created numerous static and dynamic analysis tools for performance optimization and bug detection in object-oriented programs. On the other hand, the security and privacy research community has been looking for solutions to automatically detect security problems, privacy violations, and access-control requirements of object-oriented programs. The purpose of the First Program Analysis for Security and Safety Workshop Discussion (PASSWORD 2006), co-located with the Twentieth European Conference on Object-Oriented Programming (ECOOP 2006), was to bring together members of the academic and industrial communities interested in applying analysis, testing, and verification to security and privacy problems, and to encourage program analysis researchers to see the applicability of their work to security and privacy—an area of research that still needs a lot of exploration. This paper summarizes the discussions and contributions of the PASSWORD workshop.