Hai Lin (Tsinghua University), Chenglong Li (Tsinghua University), Jiahai Yang (Tsinghua University), Zhiliang Wang (Tsinghua University), Linna Fan (National University of Defense Technology), Chenxin Duan (Tsinghua University)

Today, smart home platforms are widely used around the world and offer users automation to define their daily routines. However, individual automation rule anomalies and cross-automation threats that exist in different platforms put the smart home in danger. Recent researches focus on detecting these threats of the specific platform and can only cover limited threat plane. To solve these problems, we design a novel system called CP-IoT, which can monitor the execution behavior of the automation and discover the anomalies, as well as hidden risks among them on heterogeneous IoT platforms. Specifically, CP-IoT constructs a centralized, dynamic graph model for portraying the behavior of automation and the state transition. By analyzing two kinds of app pages with different description granularity, CP-IoT extracts the rule execution logic and collects user policy from different platforms. To detect the inconsistent behavior of an automation rule in different platforms, we propose a self-learning method for event fingerprint extraction by clustering the traffic of different platforms collected from the side channel, and an anomaly detection method by checking the rule execution behavior with its specification reflected in the graph model. To detect the cross-rule threats, we formalize each threat type as a symbolic representation and apply the searching algorithm on the graph. We validate the performance of CP-IoT on four platforms. The evaluation shows that CP-IoT can detect anomalies with high accuracy and effectively discover various types of cross-rule threats.

View More Papers

TEE-SHirT: Scalable Leakage-Free Cache Hierarchies for TEEs

Kerem Arikan (Binghamton University), Abraham Farrell (Binghamton University), Williams Zhang Cen (Binghamton University), Jack McMahon (Binghamton University), Barry Williams (Binghamton University), Yu David Liu (Binghamton University), Nael Abu-Ghazaleh (University of California, Riverside), Dmitry Ponomarev (Binghamton University)

Read More

Secure Control of Connected and Automated Vehicles Using Trust-Aware...

H M Sabbir Ahmad, Ehsan Sabouni, Akua Dickson (Boston University), Wei Xiao (Massachusetts Institute of Technology), Christos Cassandras, Wenchao Li (Boston University)

Read More

PriSrv: Privacy-Enhanced and Highly Usable Service Discovery in Wireless...

Yang Yang (School of Computing and Information Systems, Singapore Management University, Singapore), Robert H. Deng (School of Computing and Information Systems, Singapore Management University, Singapore), Guomin Yang (School of Computing and Information Systems, Singapore Management University, Singapore), Yingjiu Li (Department of Computer Science, University of Oregon, USA), HweeHwa Pang (School of Computing and Information Systems,…

Read More

MacOS versus Microsoft Windows: A Study on the Cybersecurity...

Cem Topcuoglu (Northeastern University), Andrea Martinez (Florida International University), Abbas Acar (Florida International University), Selcuk Uluagac (Florida International University), Engin Kirda (Northeastern University)

Read More