A Mutation Framework for Evaluating Security Analysis tools in IoT Applications

With the growing and widespread use of the Internet of Things (IoT) in our daily life, the security of IoT is becoming more crucial. To ensure information security, we require better security analysis tools for IoT applications. Hence, this thesis presents an automated framework to evaluate taint-flow analysis tools in the domain of IoT applications. First, we propose a set of mutational operators tailored to evaluate three types of sensitivity analysis, flow, path and context sensitivity. Then we developed mutators to automatically generate mutants for those types. We demonstrated the framework on a subset of mutational operators to evaluate two taint-flow analyzers, SaINT [1] and Taint-Things [2]. To the best of our knowledge, our framework is the first framework to address the need for evaluating taint-flow analysis tools and specifically those developed for IoT SmartThings applications.