Sensitive Information Tracking in Commodity IoT (1802.08307v1)

Abstract: Broadly defined as the Internet of Things (IoT), the growth of commodity devices that integrate physical processes with digital connectivity has had profound effects on society--smart homes, personal monitoring devices, enhanced manufacturing and other IoT apps have changed the way we live, play, and work. Yet extant IoT platforms provide few means of evaluating the use (and potential avenues for misuse) of sensitive information. Thus, consumers and organizations have little information to assess the security and privacy risks these devices present. In this paper, we present SainT, a static taint analysis tool for IoT applications. SainT operates in three phases; (a) translation of platform-specific IoT source code into an intermediate representation (IR), (b) identifying sensitive sources and sinks, and (c) performing static analysis to identify sensitive data flows. We evaluate SainT on 230 SmartThings market apps and find 138 (60%) include sensitive data flows. In addition, we demonstrate SainT on IoTBench, a novel open-source test suite containing 19 apps with 27 unique data leaks. Through this effort, we introduce a rigorously grounded framework for evaluating the use of sensitive information in IoT apps---and therein provide developers, markets, and consumers a means of identifying potential threats to security and privacy.

• The paper introduces a static taint analysis tool that transforms SmartThings source code into an intermediate representation to pinpoint sensitive data flows.
• It systematically tracks data through defined taint sources such as user inputs and device states and detects flows to sinks like Internet connections.
• Empirical evaluation on 230 apps revealed that nearly 60% contain sensitive data flows, underscoring significant privacy risks in IoT environments.

Essay on Sensitive Information Tracking in Commodity IoT

The paper "Sensitive Information Tracking in Commodity IoT" addresses the pressing issue of security and privacy in IoT applications by introducing a static taint analysis tool. This tool, designed for the SmartThings IoT platform, aims to uncover and evaluate the use, and potential misuse, of sensitive information in IoT applications. The rapid proliferation of IoT devices and applications interweaving our physical and digital lives has significantly heightened security concerns, particularly regarding data privacy. As existing commercial frameworks often lack sufficient mechanisms to evaluate and mitigate these risks, the authors propose an advanced method for tracking sensitive data flows within IoT applications.

The static taint analysis tool, referenced here as a novel system, operates through three distinct phases: transformation of platform-specific source code into an intermediate representation (IR), identification of sensitive sources and sinks, and execution of static analysis to pinpoint sensitive data flows. Notably, the IR models an app’s lifecycle by identifying entry points, user inputs, and event-based actions, abstracting other non-essential code components. This careful design enables not only precision in identifying sensitive data flows but also flexibility in potentially adapting the methodology to other similarly structured platforms.

The authors evaluated the tool on a corpus of 230 SmartThings market applications and found that 138 of them, roughly 60%, contain sensitive data flows. This quantitative analysis highlights a significant privacy risk associated with IoT applications, underscoring the necessity for tools that can automatically detect potential security breaches. Additionally, the tool was validated on a novel open-source test suite comprising 19 apps with 27 unique data leaks, effectively demonstrating its detection capabilities.

An important contribution of this research is its systematic categorization of taint sources and sinks in IoT applications. Device state, location, and user inputs are among the key taint sources, while Internet connections and messaging services comprise primary taint sinks. By efficiently tracking backward from these sinks, the tool establishes data-leak paths, allowing for the identification of instances where sensitive data is potentially exposed.

In addition, the paper addresses several idiosyncrasies inherent to the SmartThings platform that can complicate static analysis, such as call by reflection and the use of state variables. The authors propose sophisticated methods for resolving these challenges, such as adding potential call targets for reflective calls to the call graph and employing field-sensitive analysis for state variables. This attention to platform-specific details not only enhances the accuracy of data flow analysis but also provides a valuable framework for handling similar challenges across other IoT ecosystems.

While the tool effectively identifies explicit data flows, the paper also briefly explores implicit flows, where the invocation of a data sink is control-dependent on a condition involving sensitive data. The tool's capability to detect such flows remains optional due to potential increases in false positives. Nonetheless, empirical results suggest minimal impact on false-positive rates when implicit flow tracking is enabled, supporting its utility in broader security assessments.

Overall, the research presented in this paper fills a critical gap in IoT security by providing a robust framework for sensitive information tracking. The introduction of a detailed intermediate representation and the focus on addressing platform-specific features position this tool as a valuable asset for developers, security researchers, and IoT platform providers. Future developments could extend these methodologies to other platforms and domains, potentially enhancing data privacy and security across the IoT landscape. The insights and techniques offered by this paper affirm the importance of systematic and rigorous evaluation schemes in the advancement of IoT security practices.