Web-front available here

KASTroid is a static taint analysis framework designed to detect information leakage vulnerabilities in Kotlin-based Android applications. KASTroid employs a novel modeling and static analysis approach to identify tainted flows arising from unsafe practices which can expose sensitive user data to unauthorized applications or make the application less safe.

We demonstrate the feasibility of modeling Kotlin apps and extracting structural information through statitical analysis techniques by developing and implementing a dedicated analysis framework. We show that this framework can detect implicit inter-app communication via broadcasts, logging vulnerabilities, and enforce safety properties such as limits and constraints on sensitive data.

Web-front available here

TaintThings is a static analysis tool that can detect potential tainted dataflows in SmartThings apps. The approach uses a related TXL paradigm called cascaded markup. The algorithm starts with marking sink statements, analyzing them recursively, finding and marking statements which directly influence them and then those that influence those statements, and so on until a fixed point is reached. This fixed point occurs when a potential tainted source is identified or when no more propagation can be done. The process is done directly on the source code which increases the speed required for the process

We can also improve the precision of the tool to avoid false positives by providing sensitive analyses. We propose using SSA form to make the analysis flow sensitive. This approach avoids false positives that happen due to conflation of variables in the case of reassigning their values. We provide a framework for path generation to make the analysis path sensitive and for it to consider the branching in code execution and explored ways of optimizing the process to make it more applicable. We also explored function cloning as way to make the analysis context sensitive and to avoid the conflation of method calls.

Web-front available here

The FlowsMiner tool is implemented in Python 3 and uses text mining techniques to identify tainted flows. The tool processes the source code of a SmartApp to put the source code in a so called standard format before tokenizing the source code. This reduces the number of cases to be handled at each step while identifying the tainted flows. The tool starts by identifying the sources of a SmartApp. Once the sources set is identified, the sinks are read from a locally deployed file named as Sinks.txt. This tool uses a fixed set of sinks provided in the Sinks.txt file. However, the tool provides flexibility to update the sinks and is capable of working with any set of sinks. The set of sources and sinks are used to identify tainted flows. The tool tokenizes the source code to check if it contains a sink. If the source code contains a sink, it proceeds further to identify tainted flows. The usage of FlowsMiner is fairly straightforward, click of a button allows users to select a file containing source code of a SmartApp. The tool analyzes the selected file to display the tainted flows.

Web-front available here

The permission system in the SmartThings platform governs how apps access devices. The system was designed to protect devices from third-party apps, by forcing apps to access devices through their capabilities. Design flaws in the system result in apps being over-privileged with unauthorized capabilities. This vulnerability represents serious security challenges to this platform and its users. ChYP is an automated tool that can identify common patterns for the over-privilege vulnerability in SmartThings apps.

Web-front available here

This tool is an automated framework to evaluate taint-flow analysis tools in the domain of IoT applications. It provides mutational operators tailored to evaluate three types of sensitivity analysis, flow, path and context sensitivity. It automatically generates mutants for those types and can be used to evaluate three taint-flow analyzers. To the best ofour knowledge, our framework is the first framework to address the need for evaluating taint-flow analysis tools and specifically those developed for IoT SmartThings applications.

Web-front available here

When the flow of control is transferred to an external contract, the execution of the caller contract can fail accidentally or deliberately, which can cause a DoS state in the caller contract. The caller contract can be in a DoS state when a transaction is reverted due to a failure in an external call, or the callee contract deliberately causes the transaction to be reverted to disrupt the execution of the caller contract. Scan your smart contracts using Smart Scan Tool to detect DOS due to Unexpected Revert Vulnerability in Ethereum Smart Contracts.

Web-front available here

The AAVD tool uses Python script to perform APK decompilation and merging source files to compile a single file for analysis and uses TXL programming language to perform static analysis. It performs tainted data flow analysis on limited sources and sinks specified in TXL rules. It searches for the sinks in the source code and perform backpropagation till it find the source and reports the data flows. This tool can be used to detect insecure app to app communications. It's specifically designed for Android Automotive apps but can be used on Android apps as well. The tool presented in this website is limited to static analysis only. However, with Python script it can be used to find inter-component communication leaks among multiple apps.