Full Program »
Westworld: Fuzzing-Assisted Remote Dynamic Symbolic Execution of Smart Apps on IoT Cloud Platforms
Existing symbolic execution typically assumes the analyzer can control the I/O environment and/or access the library code, which, however, is not the case when programs run on a remote proprietary execution environment managed by another party. For example, SmartThings, one of the most popular IoT device integration platforms, is such a cloud-based execution environment managed by Samsung. For programmers who write automation applications to be deployed on IoT cloud platforms, it raises significant challenges when they want to systematically test code and find bugs. We propose remote dynamic symbolic execution (remote DSE), which symbolically executes programs running in a remote proprietary execution environment where the analyzer has little control, attaining both precision (in terms of analysis results) and completeness (in terms of path coverage). As a case study, we enable remote DSE for analyzing automation apps running on SmartThings. We have developed a prototype and the evaluation shows it is effective in testing automation apps and finding bugs.