Ryerson University:CRESSET
Web-front available here
TaintThings is a static analysis tool that can detect potential tainted dataflows in SmartThings apps. The approach uses a related TXL paradigm called cascaded markup. The algorithm starts with marking sink statements, analyzing them recursively, finding and marking statements which directly influence them and then those that influence those statements, and so on until a fixed point is reached. This fixed point occurs when a potential tainted source is identified or when no more propagation can be done. The process is done directly on the source code which increases the speed required for the process.
We can also improve the precision of the tool to avoid false positives by providing sensitive analyses. We propose using SSA form to make the analysis flow sensitive. This approach avoids false positives that happen due to conflation of variables in the case of reassigning their values. We provide a framework for path generation to make the analysis path sensitive and for it to consider the branching in code execution and explored ways of optimizing the process to make it more applicable. We also explored function cloning as way to make the analysis context sensitive and to avoid the conflation of method calls.
Web-front available here
The FlowsMiner tool is implemented in Python 3 and uses text mining techniques to identify tainted flows. The tool processes the source code of a SmartApp to put the source code in a so called standard format before tokenizing the source code. This reduces the number of cases to be handled at each step while identifying the tainted flows. The tool starts by identifying the sources of a SmartApp. Once the sources set is identified, the sinks are read from a locally deployed file named as Sinks.txt. This tool uses a fixed set of sinks provided in the Sinks.txt file. However, the tool provides flexibility to update the sinks and is capable of working with any set of sinks. The set of sources and sinks are used to identify tainted flows. The tool tokenizes the source code to check if it contains a sink. If the source code contains a sink, it proceeds further to identify tainted flows. The usage of FlowsMiner is fairly straightforward, click of a button allows users to select a file containing source code of a SmartApp. The tool analyzes the selected file to display the tainted flows.
Web-front available here
CheckYourPrivilege (ChYP) a static source code analysis tool for SmartThings apps. ChYP analyzes SmartThings apps and identify possible over-privilege vulnerability occurrences in them. ChYP 1.0 identifies one of two cases of over-privilege in SmartApps; gaining access to more capabilities than authorized. The second case is acquiring more commands and attributes from a permitted capability than needed which we address in version2 of ChYP. When evaluated, ChYP accurately identified 76 over-privilege occurrences in 222 official and third-party apps.
Web-front available here
When the flow of control is transferred to an external contract, the execution of the caller contract can fail accidentally or deliberately, which can cause a DoS state in the caller contract. The caller contract can be in a DoS state when a transaction is reverted due to a failure in an external call, or the callee contract deliberately causes the transaction to be reverted to disrupt the execution of the caller contract. Scan your smart contracts using Smart Scan Tool to detect DOS due to Unexpected Revert Vulnerability in Ethereum Smart Contracts.
Web-front available here
The AAVD tool uses Python script to perform APK decompilation and merging source files to compile a single file for analysis and uses TXL programming language to perform static analysis. It performs tainted data flow analysis on limited sources and sinks specified in TXL rules. It searches for the sinks in the source code and perform backpropagation till it find the source and reports the data flows. This tool can be used to detect insecure app to app communications. It's specifically designed for Android Automotive apps but can be used on Android apps as well. The tool presented in this website is limited to static analysis only. However, with Python script it can be used to find inter-component communication leaks among multiple apps.
Web-front available here
This tool is an automated framework to evaluate taint-flow analysis tools in the domain of IoT applications. It provides mutational operators tailored to evaluate three types of sensitivity analysis, flow, path and context sensitivity. It automatically generates mutants for those types and can be used to evaluate three taint-flow analyzers. To the best ofour knowledge, our framework is the first framework to address the need for evaluating taint-flow analysis tools and specifically those developed for IoT SmartThings applications.