4 research outputs found
Tyche: Risk-Based Permissions for Smart Home Platforms
Emerging smart home platforms, which interface with a variety of physical
devices and support third-party application development, currently use
permission models inspired by smartphone operating systems-they group
functionally similar device operations into separate units, and require users
to grant apps access to devices at that granularity. Unfortunately, this leads
to two issues: (1) apps that do not require access to all of the granted device
operations have overprivileged access to them, (2) apps might pose a higher
risk to users than needed because physical device operations are fundamentally
risk-asymmetric-"door.unlock" provides access to burglars, and "door.lock" can
potentially lead to getting locked out. Overprivileged apps with access to
mixed-risk operations only increase the potential for damage. We present Tyche,
a system that leverages the risk-asymmetry in physical device operations to
limit the risk that apps pose to smart home users, without increasing the
user's decision overhead. Tyche introduces the notion of risk-based
permissions. When using risk-based permissions, device operations are grouped
into units of similar risk, and users grant apps access to devices at that
risk-based granularity. Starting from a set of permissions derived from the
popular Samsung SmartThings platform, we conduct a user study involving
domain-experts and Mechanical Turk users to compute a relative ranking of risks
associated with device operations. We find that user assessment of risk closely
matches that of domain experts. Using this ranking, we define risk-based
groupings of device operations, and apply it to existing SmartThings apps,
showing that risk-based permissions indeed limit risk if apps are malicious or
exploitable
Soteria: Automated IoT Safety and Security Analysis
Broadly defined as the Internet of Things (IoT), the growth of commodity
devices that integrate physical processes with digital systems have changed the
way we live, play and work. Yet existing IoT platforms cannot evaluate whether
an IoT app or environment is safe, secure, and operates correctly. In this
paper, we present Soteria, a static analysis system for validating whether an
IoT app or IoT environment (collection of apps working in concert) adheres to
identified safety, security, and functional properties. Soteria operates in
three phases; (a) translation of platform-specific IoT source code into an
intermediate representation (IR), (b) extracting a state model from the IR, (c)
applying model checking to verify desired properties. We evaluate Soteria on 65
SmartThings market apps through 35 properties and find nine (14%) individual
apps violate ten (29%) properties. Further, our study of combined app
environments uncovered eleven property violations not exhibited in the isolated
apps. Lastly, we demonstrate Soteria on MalIoT, a novel open-source test suite
containing 17 apps with 20 unique violations.Comment: Accepted to the USENIX Annual Technical Conference (USENIX ATC), 201
Sensitive Information Tracking in Commodity IoT
Broadly defined as the Internet of Things (IoT), the growth of commodity
devices that integrate physical processes with digital connectivity has had
profound effects on society--smart homes, personal monitoring devices, enhanced
manufacturing and other IoT apps have changed the way we live, play, and work.
Yet extant IoT platforms provide few means of evaluating the use (and potential
avenues for misuse) of sensitive information. Thus, consumers and organizations
have little information to assess the security and privacy risks these devices
present. In this paper, we present SainT, a static taint analysis tool for IoT
applications. SainT operates in three phases; (a) translation of
platform-specific IoT source code into an intermediate representation (IR), (b)
identifying sensitive sources and sinks, and (c) performing static analysis to
identify sensitive data flows. We evaluate SainT on 230 SmartThings market apps
and find 138 (60%) include sensitive data flows. In addition, we demonstrate
SainT on IoTBench, a novel open-source test suite containing 19 apps with 27
unique data leaks. Through this effort, we introduce a rigorously grounded
framework for evaluating the use of sensitive information in IoT apps---and
therein provide developers, markets, and consumers a means of identifying
potential threats to security and privacy.Comment: first submissio
Real-time Analysis of Privacy-(un)aware IoT Applications
Users trust IoT apps to control and automate their smart devices. These apps
necessarily have access to sensitive data to implement their functionality.
However, users lack visibility into how their sensitive data is used (or
leaked), and they often blindly trust the app developers. In this paper, we
present IoTWatcH, a novel dynamic analysis tool that uncovers the privacy risks
of IoT apps in real-time. We designed and built IoTWatcH based on an IoT
privacy survey that considers the privacy needs of IoT users. IoTWatcH provides
users with a simple interface to specify their privacy preferences with an IoT
app. Then, in runtime, it analyzes both the data that is sent out of the IoT
app and its recipients using Natural Language Processing (NLP) techniques.
Moreover, IoTWatcH informs the users with its findings to make them aware of
the privacy risks with the IoT app. We implemented IoTWatcH on real IoT
applications. Specifically, we analyzed 540 IoT apps to train the NLP model and
evaluate its effectiveness. IoTWatcH successfully classifies IoT app data sent
to external parties to correct privacy labels with an average accuracy of
94.25%, and flags IoT apps that leak privacy data to unauthorized parties.
Finally, IoTWatcH yields minimal overhead to an IoT app's execution, on average
105 ms additional latency