Write a Blog >>
ISSTA 2020
Sat 18 - Wed 22 July 2020
Tue 21 Jul 2020 13:50 - 14:10 at Zoom - SECURITY Chair(s): Lucas Bang

The ubiquity of Internet of Things (IoT) and our growing reliance on IoT apps are leaving us more vulnerable to safety and security threats than ever before. Many of these threats are manifested at the interaction level, where undesired or malicious coordinations between apps and physical devices can lead to intricate safety and security issues. This paper presents IoTCOM, an approach to automatically discover such hidden and unsafe interaction threats in a compositional and scalable fashion. It is backed with automated program analysis and formally rigorous violation detection engines. IoTCOM relies on program analysis to automatically infer the relevant app’s behavior. Leveraging a novel strategy to trim the extracted app’s behavior prior to translating them to analyzable formal specifications, IoTCOM mitigates the state explosion associated with formal analysis. Our experiments with numerous bundles of real-world IoT apps have corroborated IoTCOM’s ability to effectively detect a broad spectrum of interaction threats triggered through cyber and physical channels, many of which were previously unknown, and to significantly outperform the existing techniques in terms of scalability.

Tue 21 Jul
Times are displayed in time zone: Tijuana, Baja California change

13:30 - 14:30
SECURITYTechnical Papers at Zoom
Chair(s): Lucas BangHarvey Mudd College

Public Live Stream/Recording. Registered participants should join via the Zoom link distributed in Slack.

Feedback-Driven Side-Channel Analysis for Networked Applications
Technical Papers
Ismet Burak KadronUniversity of California at Santa Barbara, Nico RosnerAmazon Web Services, Tevfik BultanUniversity of California, Santa Barbara
Scalable Analysis of Interaction Threats in IoT SystemsACM SIGSOFT Distinguished Paper Award
Technical Papers
Mohannad Alhanahnah, Clay StevensUniversity of Nebraska-Lincoln, Hamid BagheriUniversity of Nebraska-Lincoln, USA
DOI Pre-print Media Attached
DeepSQLi: Deep Semantic Learning for Testing SQL Injection
Technical Papers
Muyang Liu, Ke LiUniversity of Exeter, Tao ChenLoughborough University
DOI Pre-print