Cross-App Threats in Smart Homes: Categorization, Detection and Handling
A number of Internet of Things (IoTs) platforms have emerged to enable various IoT apps developed by third-party developers to automate smart homes. Prior research mostly concerns the overprivilege problem in the permission model. Our work, however, reveals that even IoT apps that follow the principle of least privilege, when they interplay, can cause a unique type of threats, named Cross-App Interference (CAI) threats. We describe and categorize the new threats, showing that unexpected automation and security and privacy issues may be caused by such threats, which cannot be handled by existing IoT security mechanisms. To address the problem, we present HOMEGUARD, a system for appified IoT platforms to detect and cope with CAI threats. A symbolic executor module is built to precisely extract the automation semantics from IoT apps. The semantics of different IoT apps are then considered collectively to evaluate their interplay and discover CAI threats systematically. A user interface is presented to users during IoT app installation, interpreting the discovered threats to help them make decisions. We evaluate HOMEGUARD via a proof-of-concept implementation on Samsung's SmartThings, and discover many threat instances among apps in the SmartThings public repository. The evaluation shows that it is precise, effective and efficient.
NurtureToken New!

Token crowdsale for this paper ends in

Buy Nurture Tokens

Authors

Are you an author of this paper? Check the Twitter handle we have for you is correct.

Haotian Chi (add twitter)
Qiang Zeng (add twitter)
Xiaojiang Du (add twitter)
Jiaping Yu (add twitter)
Ask The Authors

Ask the authors of this paper a question or leave a comment.

Read it. Rate it.
#1. Which part of the paper did you read?

#2. The paper contains new data or analyses that is openly accessible?
#3. The conclusion is supported by the data and analyses?
#4. The conclusion is of scientific interest?
#5. The result is likely to lead to future research?

Github
User:
None (add)
Repo:
None (add)
Stargazers:
0
Forks:
0
Open Issues:
0
Network:
0
Subscribers:
0
Language:
None
Youtube
Link:
None (add)
Views:
0
Likes:
0
Dislikes:
0
Favorites:
0
Comments:
0
Other
Sample Sizes (N=):
Inserted:
Words Total:
Words Unique:
Source:
Abstract:
None
08/07/18 05:53PM
13,690
3,514
Tweets
HubBucket: RT @arxiv_org: Cross-App Threats in Smart Homes: Categorization, Detection and Handling. https://t.co/r3LM9cYw4Z https://t.co/uYJeMOkEma
arxiv_org: Cross-App Threats in Smart Homes: Categorization, Detection and Handling. https://t.co/r3LM9cYw4Z https://t.co/uYJeMOkEma
ComputerPapers: Cross-App Threats in Smart Homes: Categorization, Detection and Handling. https://t.co/q0sxFGwe2g
Images
Related