On the Safety of IoT Device Physical Interaction Control

Ding, Wenbo; Hu, Hongxin

doi:10.1145/3243734.3243865

Cited by 139 publications

(113 citation statements)

References 12 publications

Supporting

Mentioning

110

Contrasting

Order By: Relevance

“…Our key observation is that for a system of apps to reach an unsafe configuration, a cross-app interaction should either lead to an inconsistent state that violates the intended specification for some apps, or engage in an interaction where the action of one app triggers the execution of another app. This is supported by the intuition, as well as existing real-world vulnerabilities [12], [14], [15], [17], [36], that an end user may consider a system of IoT apps as safe if the runtime behavior of an app in isolation is bisimilar to running that app in parallel with other apps in the system. Drawing on Focardi and Martinelli's Generalized Non Deducibility on Composition [21], we formalize this intuition to provide a bisimulationbased characterization of safe cross-app interaction.…”

Section: Introductionmentioning

confidence: 92%

“…Celik et al [12], [14] propose static and dynamic enforcement mechanisms for unveiling cross-app interference vulnerabilities. Ding et al [17] propose a framework that combines device physical channel analysis and static analysis to generate all potential interaction chains among applications in an IoT environment. They leverage natural language processing to identify services that have similar semantics, and propose a risk-based approach to classify the actual risks of the discovered interaction chains.…”

Section: Related Workmentioning

confidence: 99%

“…A more subtle vulnerability concerns the unintended or malicious interaction between different apps running on behalf on the same user [12], [14], [15], [17], [36]. The distinctive feature of IoT apps to affect a shared physical environment such as the room temperature, may enable unintended crossapp interactions between IoT apps that are installed by the same user.…”

Section: Introductionmentioning

confidence: 99%

“…Recent research identifies numerous use cases of crossapp interactions that violate specific policies, and suggests tracking dependencies across IoT apps to identify policy violations [12], [14], [15], [17], [36]. These mechanisms perform inter-application program analysis to track depen-dencies, and (manual or automatic) language processing to identify semantically-related language constructs, e.g., the fact that temperature and thermostat refer to related semantic constructs, despite their syntax being different.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Securing Cross-App Interactions in IoT Platforms

Balliu

Merro

Pasqua

2019

2019 IEEE 32nd Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

IoT platforms enable users to connect various smart devices and online services via reactive apps running on the cloud. These apps, often developed by third-parties, perform simple computations on data triggered by external information sources and actuate the results of computation on external information sinks. Recent research shows that unintended or malicious interactions between the different (even benign) apps of a user can cause severe security and safety risks. These works leverage program analysis techniques to build tools for unveiling unexpected interference across apps for specific use cases. Despite these initial efforts, we are still lacking a semantic framework for understanding interactions between IoT apps. The question of what security policy cross-app interference embodies remains largely unexplored. This paper proposes a semantic framework capturing the essence of cross-app interactions in IoT platforms. The framework generalizes and connects syntactic enforcement mechanisms to bisimulation-based notions of security, thus providing a baseline for formulating soundness criteria of these enforcement mechanisms. Specifically, we present a calculus that models the behavioral semantics of a system of apps executing concurrently, and use it to define desirable semantic policies in the security and safety context of IoT apps. To demonstrate the usefulness of our framework, we define static mechanisms for enforcing crossapp security and safety, and prove them sound with respect to our semantic conditions. Finally, we leverage real-world apps to validate the practical benefits of our policy framework.

show abstract

Section: Introductionmentioning

confidence: 92%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Securing Cross-App Interactions in IoT Platforms

Balliu

Merro

Pasqua

2019

2019 IEEE 32nd Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

show abstract

“…e.g., unlocking doors when users are not at home, or creating unsafe or damaging conditions by turning off the heat at winter. Recently, it has been shown that the interactions between devices are an increasing cause of safety and security violations [11], [12], [14], [39]. In practice, IoT apps interact through a common device or some common abstract event (such as the home, away or sleeping modes) when they are co-installed in an environment.…”

Section: Introductionmentioning

confidence: 99%

IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT

Celik

Tan

McDaniel

2019

Proceedings 2019 Network and Distributed System Security Symposium

181

140

View full text Add to dashboard Cite

Broadly defined as the Internet of Things (IoT), the growth of commodity devices that integrate physical processes with digital connectivity has changed the way we live, play, and work. To date, the traditional approach to securing IoT has treated devices individually. However, in practice, it has been recently shown that the interactions among devices are often the real cause of safety and security violations. In this paper, we present IOTGUARD, a dynamic, policy-based enforcement system for IoT, which protects users from unsafe and insecure device states by monitoring the behavior of IoT and triggeraction platform apps. IOTGUARD operates in three phases: (a) implementation of a code instrumentor that adds extra logic to an app's source code to collect app's information at runtime, (b) storing the apps' information in a dynamic model that represents the runtime execution behavior of apps, and (c) identifying IoT safety and security policies, and enforcing relevant policies on the dynamic model of individual apps or sets of interacting apps. We demonstrate IOTGUARD on 20 flawed apps and find that IOTGUARD correctly enforces 12 of the 12 policy violations. In addition, we evaluate IOTGUARD on 35 SmartThings IoT and 30 IFTTT trigger-action platform market apps executed in a simulated smart home. IOTGUARD enforces 11 unique policies and blocks 16 states in six (17.1%) SmartThings and five (16.6%) IFTTT apps. IOTGUARD imposes only 17.3% runtime overhead on an app and 19.8% for five interacting apps. Through this effort, we introduce a rigorously grounded system for enforcing correct operation of IoT devices through systematically identified IoT policies, demonstrating the effectiveness and value of monitoring IoT apps with tools such as IOTGUARD.

show abstract