Security Analysis for SmartThings IoT Applications

Schmeidl, Florian; Nazzal, Bara'; Alalfi, Manar H.

doi:10.1109/mobilesoft.2019.00013

Cited by 18 publications

(33 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Service provider (e.g., Amazon, Google). [21,41,42,96,129]. Because Samsung's IoT ecosystem advocates interoperability between different devices, SmartThings also allows third-party developers to further develop device functions through this programming framework.…”

Section: Security Issuesmentioning

confidence: 99%

“…Samsung SmartThings. Researchers have found that SmartThings has security issues in both the IoT cloud and the app [21,41,42,96,129]. Because SmartThings allows multiple apps to coexist, the interaction between different apps and the interoperability between devices also cause security issues.…”

Section: Security Issuesmentioning

confidence: 99%

“…Establish sound access control mechanisms. This applies to case studies [26,41,85,96,129]. The cloud is mainly responsible for this security protection.…”

Section: :26mentioning

confidence: 99%

See 2 more Smart Citations

IoT Cloud Security Review

et al. 2021

View full text Add to dashboard Cite

Recent years have seen the rapid development and integration of the Internet of Things (IoT) and cloud computing. The market is providing various consumer-oriented smart IoT devices; the mainstream cloud service providers are building their software stacks to support IoT services. With this emerging trend even growing, the security of such smart IoT cloud systems has drawn much research attention in recent years. To better understand the emerging consumer-oriented smart IoT cloud systems for practical engineers and new researchers, this article presents a review of the most recent research efforts on existing, real, already deployed consumer-oriented IoT cloud applications in the past five years using typical case studies. Specifically, we first present a general model for the IoT cloud ecosystem. Then, using the model, we review and summarize recent, representative research works on emerging smart IoT cloud system security using 10 detailed case studies, with the aim that the case studies together provide insights into the insecurity of current emerging IoT cloud systems. We further present a systematic approach to conduct a security analysis for IoT cloud systems. Based on the proposed security analysis approach, we review and suggest potential security risk mitigation methods to protect IoT cloud systems. We also discuss future research challenges for the IoT cloud security area.

show abstract

Section: Security Issuesmentioning

confidence: 99%

Section: Security Issuesmentioning

confidence: 99%

See 1 more Smart Citation

IoT Cloud Security Review

et al. 2021

View full text Add to dashboard Cite

show abstract

“…But, such tools for SmartApps are not widely available. There are some solutions that have used static analysis to identify vulnerable IoT applications [8,16,38].…”

Section: Introductionmentioning

confidence: 99%

Predicting sensitive information leakage in IoT applications using flows-aware machine learning approach

Naeem¹,

Alalfi²

2022

Preprint

Self Cite

View full text Add to dashboard Cite

This paper presents an approach for identification of vulnerable IoT applications. The approach focuses on a category of vulnerabilities that leads to sensitive information leakage which can be identified by using taint flow analysis. Tainted flows vulnerability is very much impacted by the structure of the program and the order of the statements in the code, designing an approach to detect such vulnerability needs to take into consideration such information in order to provide precise results. In this paper, we propose and develop an approach, FlowsMiner, that mines features from the code related to program structure such as control statements and methods, in addition to program's statement order. FlowsMiner, generates features in the form of tainted flows. We developed, Flows2Vec, a tool that transform the features recovered by FlowsMiner into vectors, which are then used to aid the process of machine learning by providing a flow's aware model building process. The resulting model is capable of accurately classify applications as vulnerable if the vulnerability is exhibited by changes in the order of statements in source code. When compared to a base Bag of Words (BoW) approach, the experiments show that the proposed approach has improved the AUC of the prediction models for all algorithms and the best case for Corpus1 dataset is improved from 0.91 to 0.94 and for Corpus2 from 0.56 to 0.96.

show abstract

“…This includes, in addition to flow-sensitive discussed previously [15], path sensitive and context sensitive analysis mutational operators. • Third, we provide a comprehensive evaluation that demonstrates the framework on the evaluation of three static analysis tools, SaINT [14], Tainted-Things [16], and FlowsMiner [17].…”

Section: Introductionmentioning

confidence: 99%

A Mutation Framework for Evaluating Security Analysis tools in IoT Applications

Alalfi¹,

Parveen²,

Nazzal³

2021

Preprint

Self Cite

View full text Add to dashboard Cite

With the growing and widespread use of Internet of Things (IoT) in our daily life, its security is becoming more crucial. To ensure information security, we require better security analysis tools for IoT applications. Hence, this paper presents an automated framework to evaluate taint-flow analysis tools in the domain of IoT applications. First, we propose a set of mutational operators tailored to evaluate three types of sensitivity analysis, flow, path and context sensitivity. Then we developed mutators to automatically generate mutants for those types. We demonstrated the framework on a subset of mutational operators to evaluate three taintflow analyzers, SaINT, Taint-Things and FlowsMiner. Our framework and experiments ranked the taint analysis tools according to precision and recall as follows: Taint-Things (99% Recall, 100% Precision), FlowsMiner (100% Recall, 87.6% Precision), and SaINT (100% Recall, 56.8% Precision). To the best of our knowledge, our framework is the first framework to address the need for evaluating taint-flow analysis tools and specifically those developed for IoT SmartThings applications.

show abstract

Security Analysis for SmartThings IoT Applications

Cited by 18 publications

References 3 publications

IoT Cloud Security Review

IoT Cloud Security Review

Predicting sensitive information leakage in IoT applications using flows-aware machine learning approach

A Mutation Framework for Evaluating Security Analysis tools in IoT Applications

Contact Info

Product

Resources

About