Finding bugs inside IoT devices via static analysis
This project describes leveraging on a relatively new static analyzing tool called CodeQL, which processes codebase into a query-able database which allows one to use CodeQL queries to scan and identify problems of the codebase at the source code level. During the project, a python program to...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2022
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/156768 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-156768 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1567682022-04-23T12:06:40Z Finding bugs inside IoT devices via static analysis Lim, Gerald Ze Yang Luo Jun School of Computer Science and Engineering junluo@ntu.edu.sg Engineering::Computer science and engineering This project describes leveraging on a relatively new static analyzing tool called CodeQL, which processes codebase into a query-able database which allows one to use CodeQL queries to scan and identify problems of the codebase at the source code level. During the project, a python program to improve the efficiency of the process workflow in CodeQL was created. This program simplifies the creation of multiple CodeQL databases and query scanning. We then identified three third-party IoT cloud platforms to target and used the created python program to scan the libraries to identify software bugs. After that, we analyze the data set and filter out the results and perform static analysis on the result by looking at the source code and its data flow path. Lastly, we took a deeper dive and studied a vulnerability identified in the library used in the best practices of a third-party IoT cloud platform and demonstrated a Remote Code Execution (RCE) Proof-Of-Concept. Bachelor of Engineering (Computer Science) 2022-04-23T12:06:40Z 2022-04-23T12:06:40Z 2022 Final Year Project (FYP) Lim, G. Z. Y. (2022). Finding bugs inside IoT devices via static analysis. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/156768 https://hdl.handle.net/10356/156768 en SCSE21-0357 application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering |
| spellingShingle |
Engineering::Computer science and engineering Lim, Gerald Ze Yang Finding bugs inside IoT devices via static analysis |
| description |
This project describes leveraging on a relatively new static analyzing tool called CodeQL,
which processes codebase into a query-able database which allows one to use CodeQL
queries to scan and identify problems of the codebase at the source code level.
During the project, a python program to improve the efficiency of the process workflow in
CodeQL was created. This program simplifies the creation of multiple CodeQL databases
and query scanning.
We then identified three third-party IoT cloud platforms to target and used the created
python program to scan the libraries to identify software bugs.
After that, we analyze the data set and filter out the results and perform static analysis on the result by looking at the source code and its data flow path.
Lastly, we took a deeper dive and studied a vulnerability identified in the library used in the best practices of a third-party IoT cloud platform and demonstrated a Remote Code Execution (RCE) Proof-Of-Concept. |
| author2 |
Luo Jun |
| author_facet |
Luo Jun Lim, Gerald Ze Yang |
| format |
Final Year Project |
| author |
Lim, Gerald Ze Yang |
| author_sort |
Lim, Gerald Ze Yang |
| title |
Finding bugs inside IoT devices via static analysis |
| title_short |
Finding bugs inside IoT devices via static analysis |
| title_full |
Finding bugs inside IoT devices via static analysis |
| title_fullStr |
Finding bugs inside IoT devices via static analysis |
| title_full_unstemmed |
Finding bugs inside IoT devices via static analysis |
| title_sort |
finding bugs inside iot devices via static analysis |
| publisher |
Nanyang Technological University |
| publishDate |
2022 |
| url |
https://hdl.handle.net/10356/156768 |
| _version_ |
1731235809464418304 |