IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT

Celik, Z. Berkay; Tan, Gang; McDaniel, Patrick

doi:10.14722/ndss.2019.23326

Cited by 182 publications

(143 citation statements)

References 18 publications

Supporting

Mentioning

140

Contrasting

Order By: Relevance

“…Our key observation is that for a system of apps to reach an unsafe configuration, a cross-app interaction should either lead to an inconsistent state that violates the intended specification for some apps, or engage in an interaction where the action of one app triggers the execution of another app. This is supported by the intuition, as well as existing real-world vulnerabilities [12], [14], [15], [17], [36], that an end user may consider a system of IoT apps as safe if the runtime behavior of an app in isolation is bisimilar to running that app in parallel with other apps in the system. Drawing on Focardi and Martinelli's Generalized Non Deducibility on Composition [21], we formalize this intuition to provide a bisimulationbased characterization of safe cross-app interaction.…”

Section: Introductionmentioning

confidence: 92%

“…Surbatovich et al [36] study a dataset of 20K IFTTT applets and provide an empirical evaluation of potential secrecy and integrity violations, including violations due to crossapp interactions. Celik et al [12], [14] propose static and dynamic enforcement mechanisms for unveiling cross-app interference vulnerabilities. Ding et al [17] propose a framework that combines device physical channel analysis and static analysis to generate all potential interaction chains among applications in an IoT environment.…”

Section: Related Workmentioning

confidence: 99%

“…A more subtle vulnerability concerns the unintended or malicious interaction between different apps running on behalf on the same user [12], [14], [15], [17], [36]. The distinctive feature of IoT apps to affect a shared physical environment such as the room temperature, may enable unintended crossapp interactions between IoT apps that are installed by the same user.…”

Section: Introductionmentioning

confidence: 99%

“…Recent research identifies numerous use cases of crossapp interactions that violate specific policies, and suggests tracking dependencies across IoT apps to identify policy violations [12], [14], [15], [17], [36]. These mechanisms perform inter-application program analysis to track depen-dencies, and (manual or automatic) language processing to identify semantically-related language constructs, e.g., the fact that temperature and thermostat refer to related semantic constructs, despite their syntax being different.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Securing Cross-App Interactions in IoT Platforms

Balliu

Merro

Pasqua

2019

2019 IEEE 32nd Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

IoT platforms enable users to connect various smart devices and online services via reactive apps running on the cloud. These apps, often developed by third-parties, perform simple computations on data triggered by external information sources and actuate the results of computation on external information sinks. Recent research shows that unintended or malicious interactions between the different (even benign) apps of a user can cause severe security and safety risks. These works leverage program analysis techniques to build tools for unveiling unexpected interference across apps for specific use cases. Despite these initial efforts, we are still lacking a semantic framework for understanding interactions between IoT apps. The question of what security policy cross-app interference embodies remains largely unexplored. This paper proposes a semantic framework capturing the essence of cross-app interactions in IoT platforms. The framework generalizes and connects syntactic enforcement mechanisms to bisimulation-based notions of security, thus providing a baseline for formulating soundness criteria of these enforcement mechanisms. Specifically, we present a calculus that models the behavioral semantics of a system of apps executing concurrently, and use it to define desirable semantic policies in the security and safety context of IoT apps. To demonstrate the usefulness of our framework, we define static mechanisms for enforcing crossapp security and safety, and prove them sound with respect to our semantic conditions. Finally, we leverage real-world apps to validate the practical benefits of our policy framework.

show abstract

Section: Introductionmentioning

confidence: 92%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Securing Cross-App Interactions in IoT Platforms

Balliu

Merro

Pasqua

2019

2019 IEEE 32nd Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

show abstract

“…Recent research [10], [16], [17], [25], [26], [34], [58] identifies ways to leak private information by malicious IoT apps and suggests information flow tracking as countermeasure. The suggested mechanisms perform data-flow (explicit [30]) and control-flow (implicit [30]) tracking.…”

Section: Introductionmentioning

confidence: 99%

Clockwork: Tracking Remote Timing Attacks

Bastys

Balliu

Rezk

et al. 2020

2020 IEEE 33rd Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

Timing leaks have been a major concern for the security community. A common approach is to prevent secrets from affecting the execution time, thus achieving security with respect to a strong, local attacker who can measure the timing of program runs. However, this approach becomes restrictive as soon as programs branch on a secret. This paper focuses on timing leaks under remote execution. A key difference is that the remote attacker does not have a reference point of when a program run has started or finished, which significantly restricts attacker capabilities. We propose an extensional security characterization that captures the essence of remote timing attacks. We identify patterns of combining clock access, secret branching, and output in a way that leads to timing leaks. Based on these patterns, we design Clockwork, a monitor that rules out remote timing leaks. We implement the approach for JavaScript, leveraging JSFlow, a state-of-the-art information flow tracker. We demonstrate the feasibility of the approach on case studies with IFTTT, a popular IoT app platform, and VJSC, an advanced JavaScript library for e-voting.

show abstract

5G Mobile Networks Security Landscape and Major Risks

Mitra

Marina

2021

Wiley 5G Ref

View full text Add to dashboard Cite

The 5G is all set to create a paradigm shift in the telecommunication network architecture by introducing a millimeter‐wave‐based customizable radio network and a redesigned cloud‐native core network to offer high‐speed, low‐latency mobile broadband anytime anywhere. The key enabling technologies of the 5G are massive MIMO, beamforming, Software‐Defined Networking (SDN), Network Functions Virtualization (NFV), and Mobile Edge Computing (MEC). However, the network agility, connection to billions of smart things, and blind adoption of machine learning models and open‐source software in the networked systems bring in a unique set of security threats and privacy concerns to the network and its stakeholders. This article provides a comprehensive analysis of the evolving security threat landscape of 5G, recommended security measures, current state‐of‐the‐art solutions, and open research areas.

show abstract

IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT

Cited by 182 publications

References 18 publications

Securing Cross-App Interactions in IoT Platforms

Securing Cross-App Interactions in IoT Platforms

Clockwork: Tracking Remote Timing Attacks

5G Mobile Networks Security Landscape and Major Risks

Contact Info

Product

Resources

About