Cross-Programming Language Taint Analysis for the IoT Ecosystem

The Internet of Things (IoT) is a key component for the next disrup-tive technologies. However, IoT merges together several diverse software layers:embedded, enterprise, and cloud programs interact with each other. In addition,security and privacy vulnerabilities of IoT software might be particularly danger-ous due to the pervasiveness and physical nature of these systems. During the lastdecades, static analysis, and in particular taint analysis, has been widely applied todetect software vulnerabilities. Unfortunately, these analyses assume that softwareis entirely written in a single programming language, and they are not immediatelysuitable to detect IoT vulnerabilities where many different software components,written in different programming languages, interact. This paper discusses how toleverage existing static taint analyses to a cross-programming language scenario.