Cross-Programming Language Taint Analysis for the IoT Ecosystem

Authors

  • Pietro Ferrara JuliaSoft SRL, Verona, Italy
  • Amit Mandal BML Munjal University, Gurgaon, Haryana, India Universita' Ca' Foscari, Venezia, Italy
  • Agostino Cortesi Universita' Ca' Foscari, Venezia, Italy
  • Fausto Spoto Universita' di Verona, Verona, Italy

DOI:

https://doi.org/10.14279/tuj.eceasst.77.1104

Abstract

The Internet of Things (IoT) is a key component for the next disruptive technologies. However, IoT merges together several diverse software layers: embedded, enterprise, and cloud programs interact with each other. In addition, security and privacy vulnerabilities of IoT software might be particularly dangerous due to the pervasiveness and physical nature of these systems. During the last decades, static analysis, and in particular taint analysis, has been widely applied to detect software vulnerabilities. Unfortunately, these analyses assume that software is entirely written in a single programming language, and they are not immediately suitable to detect IoT vulnerabilities where many different software components, written in different programming languages, interact. This paper discusses how to leverage existing static taint analyses to a cross-programming language scenario.

Downloads

Published

2019-10-21

How to Cite

[1]
P. Ferrara, A. Mandal, A. Cortesi, and F. Spoto, “Cross-Programming Language Taint Analysis for the IoT Ecosystem”, eceasst, vol. 77, Oct. 2019.

Issue

Vol. 77 (2019): Interactive Workshop on the Industrial Application of Verification and Testing, ETAPS 2019 Workshop (InterAVT 2019)

Section

Articles

License

Copyright (c) 2019 Electronic Communications of the EASST

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.