Finding bugs inside IoT devices via static analysis

This project describes leveraging on a relatively new static analyzing tool called CodeQL, which processes codebase into a query-able database which allows one to use CodeQL queries to scan and identify problems of the codebase at the source code level. During the project, a python program to...

全面介紹

Saved in:
書目詳細資料
主要作者: Lim, Gerald Ze Yang
其他作者: Luo Jun
格式: Final Year Project
語言:English
出版: Nanyang Technological University 2022
主題:
在線閱讀:https://hdl.handle.net/10356/156768
標簽: 添加標簽
沒有標簽, 成為第一個標記此記錄!
實物特徵
總結:This project describes leveraging on a relatively new static analyzing tool called CodeQL, which processes codebase into a query-able database which allows one to use CodeQL queries to scan and identify problems of the codebase at the source code level. During the project, a python program to improve the efficiency of the process workflow in CodeQL was created. This program simplifies the creation of multiple CodeQL databases and query scanning. We then identified three third-party IoT cloud platforms to target and used the created python program to scan the libraries to identify software bugs. After that, we analyze the data set and filter out the results and perform static analysis on the result by looking at the source code and its data flow path. Lastly, we took a deeper dive and studied a vulnerability identified in the library used in the best practices of a third-party IoT cloud platform and demonstrated a Remote Code Execution (RCE) Proof-Of-Concept.