We use VSA to reconstruct endpoints, cryptographic data, and ICC keys for the flow analysis. We use flow analysis to find data leaks, and connect request/response data with endpoints. With the ICC information of the VSA, we support data flows involving ICC.
For more details, see our paper "IoTFlow: Inferring IoT Device Behavior at Scale through Static Mobile Companion App Analysis" we presented at CCS 2023.
- VSA contains the code of the value set analysis. We provided a Docker container to run it. Add apps to
apps_to_analyzeand hitdocker compose upto try it out. - FlowAnalysis contains the code of the data flow analysis. We again provided a Docker container for easier setup. Add apps to apps_to_analyze and hit
docker compose upto try it out. - In config we provide the configurations we used for the analysis, e.g., the sources and sinks.
- Datasets contain the app ids and version codes of the apps we used.
- In scripts we added code, we used to analyze the obtained results further and generate the tables.
@inproceedings{iotflow:ccs2023,
title = {{IoTFlow: Inferring IoT Device Behavior at Scale through Static Mobile Companion App Analysis}},
author = {Schmidt, David and Tagliaro, Carlotta and Borgolte, Kevin and Lindorfer, Martina},
booktitle = {Proceedings of the 30th ACM SIGSAC Conference on Computer and Communications Security (CCS)},
date = {2023-11},
doi = {10.1145/3576915.3623211},
edition = {30},
editor = {Cremers, Cas and Kirda, Engin},
location = {Copenhagen, Denmark},
publisher = {Association for Computing Machinery (ACM)},
}
- David Schmidt:
- email: dschmidt@seclab.wien
- bsky: @dschm1dt.bsky.social
- twitter: @dschm1dt
- Carlotta Tagliaro:
- email: carlotta@seclab.wien
- twitter: @Pseudorandomico
- Kevin Borgolte
- email: kevin.borgolte@rub.de
- twitter: @caovc
- Martina Lindorfer
- email: martina@seclab.wien
- twitter: @lindorferin