Please use this identifier to cite or link to this item:
Title: Finding bugs inside IoT devices via static analysis
Authors: Lim, Gerald Ze Yang
Keywords: Engineering::Computer science and engineering
Issue Date: 2022
Publisher: Nanyang Technological University
Source: Lim, G. Z. Y. (2022). Finding bugs inside IoT devices via static analysis. Final Year Project (FYP), Nanyang Technological University, Singapore.
Project: SCSE21-0357
Abstract: This project describes leveraging on a relatively new static analyzing tool called CodeQL, which processes codebase into a query-able database which allows one to use CodeQL queries to scan and identify problems of the codebase at the source code level. During the project, a python program to improve the efficiency of the process workflow in CodeQL was created. This program simplifies the creation of multiple CodeQL databases and query scanning. We then identified three third-party IoT cloud platforms to target and used the created python program to scan the libraries to identify software bugs. After that, we analyze the data set and filter out the results and perform static analysis on the result by looking at the source code and its data flow path. Lastly, we took a deeper dive and studied a vulnerability identified in the library used in the best practices of a third-party IoT cloud platform and demonstrated a Remote Code Execution (RCE) Proof-Of-Concept.
Fulltext Permission: restricted
Fulltext Availability: With Fulltext
Appears in Collections:SCSE Student Reports (FYP/IA/PA/PI)

Files in This Item:
File Description SizeFormat 
FYP Report-Gerald.pdf
  Restricted Access
1.42 MBAdobe PDFView/Open

Page view(s)

Updated on May 20, 2022


Updated on May 20, 2022

Google ScholarTM


Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.