Static Code Analysis for IoT Security: A Systematic Literature Review

Static Code Analysis for IoT Security: A Systematic Literature Review

연구 분야: Strategies

학회: ACM Computing Surveys, Volume 58, Issue 3

The growth of the Internet of Things (IoT) has provided significant advances in several areas of the industry, but security concerns have also increased due to this expansion. Many IoT devices are the target of cyber attacks due to various firmware, source code, and software vulnerabilities. In this context, static code analysis, leveraging various techniques, has emerged as an effective approach to examine and identify security vulnerabilities, including insecure functions, buffer overflows, and code injection. However, recent research has shown several challenges associated with this approach, such as limited understanding of vulnerabilities, inadequate threat detection, and insufficient semantic analysis of IoT device source code. Consequently, several IoT security research studies integrate static analysis with other methods, such as dynamic analysis, machine learning, and natural language processing, to enhance vulnerability analysis and detection. To provide a comprehensive understanding of the current state of static analysis in IoT security, this systematic literature review explores existing vulnerabilities, techniques, and methods while highlighting the challenges that hinder the extraction of meaningful insights from such analyses.