Internet of Things (IoT) deployments are becoming increasingly automated and vastly more complex. Facilitated by programming abstractions such as trigger-action rules, end-users can now easily create new functionalities by interconnecting their devices and other online services. However, when multiple rules are simultaneously enabled, complex system behaviors arise that are diicult to understand or diagnose. While history tells us that such conditions are ripe for exploitation, at present the security states of trigger-action IoT deployments are largely unknown.In this work, we conduct a comprehensive analysis of the interactions between trigger-action rules in order to identify their security risks. Using IFTTT as an exemplar platform, we irst enumerate the space of inter-rule vulnerabilities that exist within trigger-action platforms. To aid users in the identiication of these dangers, we go on to present iRuler, a system that performs Satisiability Modulo Theories (SMT) solving and model checking to discover inter-rule vulnerabilities within IoT deployments. iRuler operates over an abstracted information low model that represents the attack surface of an IoT deployment, but we discover in practice that such models are diicult to obtain given the closed nature of IoT platforms. To address this, we develop methods that assist in inferring triggeraction information lows based on Natural Language Processing. We develop a novel evaluative methodology for approximating plausible real-world IoT deployments based on the installation counts of 315,393 IFTTT applets, determining that 66% of the synthetic deployments in the IFTTT ecosystem exhibit the potential for interrule vulnerabilities. Combined, these eforts provide the insight into the real-world dangers of IoT deployment misconigurations. CCS CONCEPTS• Security and privacy → Formal methods and theory of security; Vulnerability scanners; Software security engineering; • Computing methodologies → Natural language processing; • Computer systems organization → Embedded and cyber-physical systems.
Recent advances in causality analysis have enabled investigators to trace multi-stage attacks using provenance graphs. Based on system-layer audit logs (e.g., syscalls), these approaches omit vital sources of application context (e.g., email addresses, HTTP response codes) that can be found in higher layers of the system. Although such information is often essential to understanding attack behaviors, it is difficult to incorporate this evidence into causal analysis engines because of the semantic gap that exists between system layers. To address that shortcoming, we propose the notion of universal provenance, which encodes all forensically relevant causal dependencies regardless of their layer of origin. To transparently realize that vision on commodity systems, we present OmegaLog, a provenance tracker that bridges the semantic gap between system and application logging contexts. OmegaLog analyzes program binaries to identify and model application-layer logging behaviors, enabling accurate reconciliation of application events with system-layer accesses. OmegaLog then intercepts applications' runtime logging activities and grafts those events onto the system-layer provenance graph, allowing investigators to reason more precisely about the nature of attacks. We demonstrate that our system is widely applicable to existing software projects and can transparently facilitate execution partitioning of provenance graphs without any training or developer intervention. Evaluation on real-world attack scenarios shows that our technique generates concise provenance graphs with rich semantic information relative to the state-of-the-art, with an average runtime overhead of 4%.
We study transmission and reflection properties of a perfectly amplifying as well as absorbing medium analytically by using the tight binding equation. Different expressions for transmittance and reflectance are obtained for even and odd values of the sample length which is the origin of their oscillatory behavior. In a weak amplifying medium, a cross-over length scale exists below which transmittance and reflectance increase exponentially and above which transmittance decays exponentially while the reflectance gets saturated.Depending on amplification transmittance and reflectance show singular behavior at the cross-over length. In a weak absorbing medium we do not find any cross-over length scale. The transmission coefficient behaves similar to that in an amplifying medium in the asymptotic limit. In a strong amplifying/absorbing medium, the transmission coefficient decays exponentially in the large length limit. In both weak as well as strong absorbing media the logarithm of the reflection coefficient shows the same behavior as obtained in an amplifying medium but with opposite sign.
For a wetting phase displacing a nonwetting phase from a porous medium the distribution of the residual fluid may depend on displacement conditions. Although this subject has been debated in the literature, only a few, experiments have been cited to support the various conclusions. Experimental results presented in this paper show that fluid distributions are dependent on imbibition procedures. Results agree qualitatively with predictions from the pore doublet model. if the rate of water imbibition is restricted, the nonwetting phase is trapped preferentially in the larger pores as expected. But if the rate of water imbibition is unrestricted, trapping occurs somewhat more in the smaller pores. These conclusions were deduced primarily from relative permeability measurements. Introduction Relative permeabilities are known to depend on the saturation history of the porous medium. For either continuously increasing or continuously decreasing wetting phase saturations, however, they have normally been assumed to be single-valued functions of saturation. Several investigators have compared relative permeabilities measured by different method and have reported acceptable agreement. Studies of simple models of the displacement process suggest that the distribution of residual fluids can be influenced by the displacement method. If this is so, relative permeabilities also should depend on the method of displacement. These predictions have not been supported by experimental data. The object of this paper is to investigate experimentally some of the predictions of these model studies. The particular question of importance is whether steady-state and unsteady-state methods should be expected to give the same values of relative permeability. Much of the reported data showing agreement between steady-state and unsteady-state methods have been obtained on unconsolidated sand. Johnson, Bossler and Neumann, however, compared steady-state and unsteady-state results for Weiler sandstone and found no significant difference. Levine made a detailed study of pressure and saturation distributions for a laboratory waterflood in a consolidated system but made no attempt to calculate performance from steady-state relative permeability data. Bail and Marsden in a somewhat similar set of experiments did attempt a comparison of observations with predictions but the results were inconclusive. Excluding gravity, two forces affect the distribution of wetting and nonwetting phases during an unsteady-state, immiscible displacement: viscous and capillary forces. If relative permeabilities are indeed the same when measured by steady- or unsteady-state methods, the fluid distributions at the same fluid saturations must be similar for both methods. Furthermore, the implication is that the relation between capillary and viscous forces is the same for both methods insofar as the effect on microscopic fluid distributions is concerned. Unsteady-state displacements are normally run at high rates to maximize the ratio of the viscous to capillary forces. The objective is to reduce the effect of capillary forces on macroscopic fluid distributions. For floods in which the phase which wets the porous medium displaces the nonwetting phase, capillary forces compete with viscous forces in determining fluid distributions. The residual nonwetting phase is discontinuous. Competitive aspects of viscous and capillary forces and the resulting effect on water-oil distribution in porous media have been illustrated in an elementary way using a pore doublet model. This model and predictions from it have been discussed at considerable length by Rose and Witherspoon, Rose and Cleary and by Moore and Slobod. Rose and Witherspoon show that so long as water invades the model at a rate equal to or greater than the free imbibition rate, the water will move through the larger capillary of a doublet first and trap oil in the smaller capillary. SPEJ P. 261ˆ
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
Contact Info
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Product
Resources
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.
