Program Analysis of Commodity IoT Applications for Security and Privacy

Celik, Z. Berkay; Fernandes, Earlence; Pauley, Eric; Tan, Gang; McDaniel, Patrick

doi:10.1145/3333501

Cited by 104 publications

(47 citation statements)

References 65 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…When she leaves, it locks the front door, turns off the lights, and sets the thermostat to another specific value. The code instrumentor searches for entry points of the app and finds two entry points: the not-present event handler that turns off the switch, locks the door, and sets the temperature (lines [10][11][12], and the present event handler that turns on the switch, unlocks the door and sets the temperature (lines 13-18). For each action, the code instrumentor finds the predicate that guards the action and the numerical-valued attributes used in the action call.…”

Section: A Code Instrumentormentioning

confidence: 99%

“…For example, a rule turns on the light when the user receives an email, and similarly, another rule logs the user's presence to a spreadsheet file when the front door is unlocked. This inter-tangled environment expands the interactions among devices to online services [10], [47]; for example, an IoT app that subscribes to the switch "turn-on" event interacts with a trigger-action platform rule that "turns on" the switch when the user is tagged in a photo on Facebook.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT

Celik

Tan

McDaniel

2019

Proceedings 2019 Network and Distributed System Security Symposium

Self Cite

186

140

View full text Add to dashboard Cite

Broadly defined as the Internet of Things (IoT), the growth of commodity devices that integrate physical processes with digital connectivity has changed the way we live, play, and work. To date, the traditional approach to securing IoT has treated devices individually. However, in practice, it has been recently shown that the interactions among devices are often the real cause of safety and security violations. In this paper, we present IOTGUARD, a dynamic, policy-based enforcement system for IoT, which protects users from unsafe and insecure device states by monitoring the behavior of IoT and triggeraction platform apps. IOTGUARD operates in three phases: (a) implementation of a code instrumentor that adds extra logic to an app's source code to collect app's information at runtime, (b) storing the apps' information in a dynamic model that represents the runtime execution behavior of apps, and (c) identifying IoT safety and security policies, and enforcing relevant policies on the dynamic model of individual apps or sets of interacting apps. We demonstrate IOTGUARD on 20 flawed apps and find that IOTGUARD correctly enforces 12 of the 12 policy violations. In addition, we evaluate IOTGUARD on 35 SmartThings IoT and 30 IFTTT trigger-action platform market apps executed in a simulated smart home. IOTGUARD enforces 11 unique policies and blocks 16 states in six (17.1%) SmartThings and five (16.6%) IFTTT apps. IOTGUARD imposes only 17.3% runtime overhead on an app and 19.8% for five interacting apps. Through this effort, we introduce a rigorously grounded system for enforcing correct operation of IoT devices through systematically identified IoT policies, demonstrating the effectiveness and value of monitoring IoT apps with tools such as IOTGUARD.

show abstract

Section: A Code Instrumentormentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT

Celik

Tan

McDaniel

2019

Proceedings 2019 Network and Distributed System Security Symposium

Self Cite

186

140

View full text Add to dashboard Cite

show abstract

“…Although browser vendors have moved to eliminate fine-grained timers from JavaScript, researchers have uncovered other ways to measure time [53], [54]. Information flow in IoT apps An active area of research is dedicated to securing IoT apps [10], [27]. Surbatovich et al [58] present an empirical study of IFTTT apps and categorize the apps with respect to potential security and integrity violations.…”

Section: Related Workmentioning

confidence: 99%

Clockwork: Tracking Remote Timing Attacks

Bastys

Balliu

Rezk

et al. 2020

2020 IEEE 33rd Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

Timing leaks have been a major concern for the security community. A common approach is to prevent secrets from affecting the execution time, thus achieving security with respect to a strong, local attacker who can measure the timing of program runs. However, this approach becomes restrictive as soon as programs branch on a secret. This paper focuses on timing leaks under remote execution. A key difference is that the remote attacker does not have a reference point of when a program run has started or finished, which significantly restricts attacker capabilities. We propose an extensional security characterization that captures the essence of remote timing attacks. We identify patterns of combining clock access, secret branching, and output in a way that leads to timing leaks. Based on these patterns, we design Clockwork, a monitor that rules out remote timing leaks. We implement the approach for JavaScript, leveraging JSFlow, a state-of-the-art information flow tracker. We demonstrate the feasibility of the approach on case studies with IFTTT, a popular IoT app platform, and VJSC, an advanced JavaScript library for e-voting.

show abstract

“…However the trust of the SP is not critical in the application of data security protection methods, if transmission occurs and nicknames for users are used. Accordingly, advanced methods based on the trust of the SP should have an inbuilt system to alert users to grant permission for their data to be accessed [32]. How to avoid dependence on the trust of the SP has been an open problem, which has recently been addressed in the Blind Approach [33] by way of using a pair of keys in addition to the third party, and in the Double Obfuscation Approach (DOA) [34].…”

Section: Literature Reviewmentioning

confidence: 99%