Conferences and supporting programme
Semantic Static Analysis of IoT Software
The IoT paradigm brings together two historically different sw worlds. On the one hand, embedded sw runs on “things”, and it is written in lower level programming languages like C and C++. Such sw manages locally the device interacting with the physical world. On the other hand, enterprise sw running nowadays on the cloud is often implemented in higher level programming languages like Java and C#. It usually manages the data and the business processes of an organization (the Internet part), and it does not directly interact with the physical world. Rigorous semantic static analyses have been widely applied to safety-critical sw to detect runtime errors that might compromise its safety. Compared to non-semantic (e.g., syntactic) analyses, they discover all possible bugs of a given type, producing fewer false alarms. For these reasons, many standards like ISO 26262 require the application of semantic static analysis. Similar analyses were available also for enterprise sw despite the lack of interest in this world, since bugs and security vulnerabilities impacted only data and processes, and not the safety. However, the enterprise sw of an IoT system indirectly interacts with the physical world, where a sw issue might compromise the safety of an IoT system. In this article, we discuss and show how we can combine semantic static analyses applied to different sw components of IoT systems to detect bugs and vulnerabilities that might impact the physical reliability of the system.
--- Date: 27.02.2019 Time: 2:30 PM - 3:00 PM Location: Conference Counter NCC Ost