{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,14]],"date-time":"2026-05-14T20:06:32Z","timestamp":1778789192236,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":27,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,4,14]],"date-time":"2022-04-14T00:00:00Z","timestamp":1649894400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1942235"],"award-info":[{"award-number":["CNS-1942235"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,4,14]]},"DOI":"10.1145\/3508398.3511511","type":"proceedings-article","created":{"date-parts":[[2022,4,16]],"date-time":"2022-04-16T04:13:31Z","timestamp":1650082411000},"page":"203-213","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Security Analysis of IoT Frameworks using Static Taint Analysis"],"prefix":"10.1145","author":[{"given":"Tuba","family":"Yavuz","sequence":"first","affiliation":[{"name":"University of Florida, Gainesville, FL, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christopher","family":"Brant","sequence":"additional","affiliation":[{"name":"University of Florida, Gainesville, FL, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2022,4,15]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"d.]. . \"https:\/\/blog.zimperium.com\/freertos-tcpip-stack-vulnerabilities-details\/ \". last accessed","author":"REFERENCES","year":"2021","unstructured":"REFERENCES [1] [n. d.]. . \"https:\/\/blog.zimperium.com\/freertos-tcpip-stack-vulnerabilities-details\/ \". last accessed September 2021 . REFERENCES [1] [n. d.]. . \"https:\/\/blog.zimperium.com\/freertos-tcpip-stack-vulnerabilities-details\/ \". last accessed September 2021."},{"key":"e_1_3_2_1_2_1","volume-title":"d.]. Amazon Alexa security bug allowed access to voice history. \"https: \/\/www.bbc.com\/news\/technology-53770778\". last accessed","year":"2021","unstructured":"[n. d.]. Amazon Alexa security bug allowed access to voice history. \"https: \/\/www.bbc.com\/news\/technology-53770778\". last accessed September 2021 . [n. d.]. Amazon Alexa security bug allowed access to voice history. \"https: \/\/www.bbc.com\/news\/technology-53770778\". last accessed September 2021."},{"key":"e_1_3_2_1_3_1","volume-title":"d.]. Amazon FreeRTOS. \"https:\/\/github.com\/aws\/amazon-freertos\". last accessed","year":"2021","unstructured":"[n. d.]. Amazon FreeRTOS. \"https:\/\/github.com\/aws\/amazon-freertos\". last accessed June 2021 . [n. d.]. Amazon FreeRTOS. \"https:\/\/github.com\/aws\/amazon-freertos\". last accessed June 2021."},{"key":"e_1_3_2_1_4_1","volume-title":"d.]. ambiot-sdk. \"https:\/\/github.com\/ambiot\/ambd_sdk\". last accessed","year":"2021","unstructured":"[n. d.]. ambiot-sdk. \"https:\/\/github.com\/ambiot\/ambd_sdk\". last accessed September 2021 . [n. d.]. ambiot-sdk. \"https:\/\/github.com\/ambiot\/ambd_sdk\". last accessed September 2021."},{"key":"e_1_3_2_1_5_1","volume-title":"d.]. DDoS attack that disrupted internet was largest of its kind in history, experts sa. last accessed","year":"2021","unstructured":"[n. d.]. DDoS attack that disrupted internet was largest of its kind in history, experts sa. last accessed September 2021 . [n. d.]. DDoS attack that disrupted internet was largest of its kind in history, experts sa. last accessed September 2021."},{"key":"e_1_3_2_1_6_1","volume-title":"d.]. Google Cloud IoT Device SDK for Embedded C. \"https:\/\/github.com\/ GoogleCloudPlatform\/iot-device-sdk-embedded-c\". last accessed","year":"2021","unstructured":"[n. d.]. Google Cloud IoT Device SDK for Embedded C. \"https:\/\/github.com\/ GoogleCloudPlatform\/iot-device-sdk-embedded-c\". last accessed June 2021 . [n. d.]. Google Cloud IoT Device SDK for Embedded C. \"https:\/\/github.com\/ GoogleCloudPlatform\/iot-device-sdk-embedded-c\". last accessed June 2021."},{"key":"e_1_3_2_1_7_1","volume-title":"d.]. SmartThings SDK for Direct Connected Devices for C. \"https:\/\/github. com\/SmartThingsCommunity\/st-device-sdk-c\". last accessed","year":"2021","unstructured":"[n. d.]. SmartThings SDK for Direct Connected Devices for C. \"https:\/\/github. com\/SmartThingsCommunity\/st-device-sdk-c\". last accessed June 2021 . [n. d.]. SmartThings SDK for Direct Connected Devices for C. \"https:\/\/github. com\/SmartThingsCommunity\/st-device-sdk-c\". last accessed June 2021."},{"key":"e_1_3_2_1_8_1","volume-title":"d.]. \"BrickerBot\" Results In Permanent Denial-of-Service. \"https: \/\/www.radware.com\/security\/ddos-threats-attacks\/brickerbot-pdospermanent-denial-of-service\/\". last accessed","year":"2021","unstructured":"[n. d.]. \"BrickerBot\" Results In Permanent Denial-of-Service. \"https: \/\/www.radware.com\/security\/ddos-threats-attacks\/brickerbot-pdospermanent-denial-of-service\/\". last accessed September 2021 . [n. d.]. \"BrickerBot\" Results In Permanent Denial-of-Service. \"https: \/\/www.radware.com\/security\/ddos-threats-attacks\/brickerbot-pdospermanent-denial-of-service\/\". last accessed September 2021."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594299"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2021-0009"},{"key":"e_1_3_2_1_11_1","volume-title":"Sensitive Information Tracking in Commodity IoT. In 27th USENIX Security Symposium, USENIX Security 2018","author":"Celik Z. Berkay","year":"2018","unstructured":"Z. Berkay Celik , Leonardo Babun , Amit Kumar Sikder , Hidayet Aksu , Gang Tan , Patrick D. McDaniel , and A. Selcuk Uluagac . 2018 . Sensitive Information Tracking in Commodity IoT. In 27th USENIX Security Symposium, USENIX Security 2018 , Baltimore, MD, USA, August 15--17 , 2018 , William Enck and Adrienne Porter Felt (Eds.). USENIX Association, 1687--1704. Z. Berkay Celik, Leonardo Babun, Amit Kumar Sikder, Hidayet Aksu, Gang Tan, Patrick D. McDaniel, and A. Selcuk Uluagac. 2018. Sensitive Information Tracking in Commodity IoT. In 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15--17, 2018, William Enck and Adrienne Porter Felt (Eds.). USENIX Association, 1687--1704."},{"key":"e_1_3_2_1_12_1","volume-title":"HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation. In 29th USENIX Security Symposium (USENIX Security 20)","author":"Clements Abraham A","year":"2020","unstructured":"Abraham A Clements , Eric Gustafson , Tobias Scharnowski , Paul Grosen , David Fritz , Christopher Kruegel , Giovanni Vigna , Saurabh Bagchi , and Mathias Payer . 2020 . HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation. In 29th USENIX Security Symposium (USENIX Security 20) . Abraham A Clements, Eric Gustafson, Tobias Scharnowski, Paul Grosen, David Fritz, Christopher Kruegel, Giovanni Vigna, Saurabh Bagchi, and Mathias Payer. 2020. HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation. In 29th USENIX Security Symposium (USENIX Security 20)."},{"key":"e_1_3_2_1_13_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium, NDSS 2011","author":"Egele Manuel","year":"2011","unstructured":"Manuel Egele , Christopher Kruegel , Engin Kirda , and Giovanni Vigna . 2011 . PiOS: Detecting Privacy Leaks in iOS Applications . In Proceedings of the Network and Distributed System Security Symposium, NDSS 2011 , San Diego, California, USA, 6th February - 9th February 2011. The Internet Society. Manuel Egele, Christopher Kruegel, Engin Kirda, and Giovanni Vigna. 2011. PiOS: Detecting Privacy Leaks in iOS Applications. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2011, San Diego, California, USA, 6th February - 9th February 2011. The Internet Society."},{"key":"e_1_3_2_1_14_1","volume-title":"29th USENIX Security Symposium, USENIX Security 2020","author":"Feng Bo","year":"2020","unstructured":"Bo Feng , Alejandro Mera , and Long Lu . 2020 . P2IM: Scalable and Hardwareindependent Firmware Testing via Automatic Peripheral Interface Modeling . In 29th USENIX Security Symposium, USENIX Security 2020 , August 12 --14 , 2020, Srdjan Capkun and Franziska Roesner (Eds.). USENIX Association, 1237--1254. Bo Feng, Alejandro Mera, and Long Lu. 2020. P2IM: Scalable and Hardwareindependent Firmware Testing via Automatic Peripheral Interface Modeling. In 29th USENIX Security Symposium, USENIX Security 2020, August 12--14, 2020, Srdjan Capkun and Franziska Roesner (Eds.). USENIX Association, 1237--1254."},{"key":"e_1_3_2_1_15_1","volume-title":"FlowFence: Practical Data Protection for Emerging IoT Application Frameworks. In 25th USENIX Security Symposium, USENIX Security 16","author":"Fernandes Earlence","year":"2016","unstructured":"Earlence Fernandes , Justin Paupore , Amir Rahmati , Daniel Simionato , Mauro Conti , and Atul Prakash . 2016 . FlowFence: Practical Data Protection for Emerging IoT Application Frameworks. In 25th USENIX Security Symposium, USENIX Security 16 , Austin, TX, USA, August 10--12 , 2016, Thorsten Holz and Stefan Savage (Eds.). USENIX Association, 531--548. Earlence Fernandes, Justin Paupore, Amir Rahmati, Daniel Simionato, Mauro Conti, and Atul Prakash. 2016. FlowFence: Practical Data Protection for Emerging IoT Application Frameworks. In 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10--12, 2016, Thorsten Holz and Stefan Savage (Eds.). USENIX Association, 531--548."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-30921-2_17"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/143062.143156"},{"key":"e_1_3_2_1_18_1","volume-title":"DR. CHECKER: A Soundy Analysis for Linux Kernel Drivers. In 26th USENIX Security Symposium, USENIX Security 2017","author":"Machiry Aravind","year":"2017","unstructured":"Aravind Machiry , Chad Spensky , Jake Corina , Nick Stephens , Christopher Kruegel , and Giovanni Vigna . 2017 . DR. CHECKER: A Soundy Analysis for Linux Kernel Drivers. In 26th USENIX Security Symposium, USENIX Security 2017 , Vancouver, BC, Canada, August 16--18 , 2017, Engin Kirda and Thomas Ristenpart (Eds.). USENIX Association, 1007--1024. Aravind Machiry, Chad Spensky, Jake Corina, Nick Stephens, Christopher Kruegel, and Giovanni Vigna. 2017. DR. CHECKER: A Soundy Analysis for Linux Kernel Drivers. In 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16--18, 2017, Engin Kirda and Thomas Ristenpart (Eds.). USENIX Association, 1007--1024."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3320269.3384735"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/199448.199462"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.scico.2005.02.009"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-17465-1_22"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2892208.2892235"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1542476.1542486"},{"key":"e_1_3_2_1_25_1","volume-title":"Scaling Static Taint Analysis to Industrial SOA Applications: A Case Study at Alibaba (ESEC\/FSE","author":"Wang Jie","year":"2020","unstructured":"Jie Wang , Yunguang Wu , Gang Zhou , Yiming Yu , Zhenyu Guo , and Yingfei Xiong . 2020. Scaling Static Taint Analysis to Industrial SOA Applications: A Case Study at Alibaba (ESEC\/FSE 2020 ). 1477--1486. Jie Wang, Yunguang Wu, Gang Zhou, Yiming Yu, Zhenyu Guo, and Yingfei Xiong. 2020. Scaling Static Taint Analysis to Industrial SOA Applications: A Case Study at Alibaba (ESEC\/FSE 2020). 1477--1486."},{"key":"e_1_3_2_1_26_1","volume-title":"Fear and Logging in the Internet of Things. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018","author":"Wang Qi","year":"2018","unstructured":"Qi Wang , Wajih Ul Hassan , Adam Bates , and Carl A. Gunter . 2018 . Fear and Logging in the Internet of Things. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018 , San Diego, California, USA, February 18--21 , 2018 . The Internet Society. Qi Wang, Wajih Ul Hassan, Adam Bates, and Carl A. Gunter. 2018. Fear and Logging in the Internet of Things. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18--21, 2018. The Internet Society."},{"key":"e_1_3_2_1_27_1","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Zhou Wei","year":"2021","unstructured":"Wei Zhou , Le Guan , Peng Liu , and Yuqing Zhang . 2021 . Automatic Firmware Emulation through Invalidity-guided Knowledge Inference . In 30th USENIX Security Symposium (USENIX Security 21) . USENIX Association. https:\/\/www.usenix. org\/conference\/usenixsecurity21\/presentation\/zho Wei Zhou, Le Guan, Peng Liu, and Yuqing Zhang. 2021. Automatic Firmware Emulation through Invalidity-guided Knowledge Inference. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association. https:\/\/www.usenix. org\/conference\/usenixsecurity21\/presentation\/zho"}],"event":{"name":"CODASPY '22: Twelveth ACM Conference on Data and Application Security and Privacy","location":"Baltimore MD USA","acronym":"CODASPY '22","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3508398.3511511","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3508398.3511511","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3508398.3511511","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:30:39Z","timestamp":1750188639000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3508398.3511511"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,4,14]]},"references-count":27,"alternative-id":["10.1145\/3508398.3511511","10.1145\/3508398"],"URL":"https:\/\/doi.org\/10.1145\/3508398.3511511","relation":{},"subject":[],"published":{"date-parts":[[2022,4,14]]},"assertion":[{"value":"2022-04-15","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}