Broadly defined as the Internet of Things (IoT), the growth of commodity devices that integrate physical processes with digital connectivity has had profound effects on society—smart homes, personal monitoring devices, enhanced manufacturing and other IoT applications have changed the way we live, play and work.
Yet extant IoT platforms provide few means of evaluating the use (and potential misuse) of sensitive information. Thus, consumers have little information to assess the security and privacy risks these devices present.
In this project, we present SaINT, a tool for analyzing sensitive data leakage in IoT implementations. SaINT operates in three phases; (a) translation of platform-specific source code into an IR modeling sensor-computation-actuator structures, (b) identifying sensitive sources and sinks, and (c) performing static analysis to identify sensitive data leakage. We also introduce IoTBench, an IoT-specific test suite and open repository for evaluating information leakage in IoT apps.