Z. Berkay Celik (Penn State University), Gang Tan (Penn State University), Patrick McDaniel (Penn State University)

Broadly defined as the Internet of Things (IoT), the growth of commodity devices that integrate physical processes with digital connectivity has changed the way we live, play, and work. To date, the traditional approach to securing IoT has treated devices individually. However, in practice, it has been recently shown that the interactions among devices are often the real cause of safety and security violations. In this paper, we present IoTGuard, a dynamic, policy-based enforcement system for IoT, which protects users from unsafe and insecure device states by monitoring the behavior of IoT and trigger-action platform apps. IoTGuard operates in three phases: (a) implementation of a code instrumentor that adds extra logic to an app's source code to collect app's information at runtime, (b) storing the apps' information in a dynamic model that represents the runtime execution behavior of apps, and (c) identifying IoT safety and security policies, and enforcing relevant policies on the dynamic model of individual apps or sets of interacting apps. We demonstrate IoTGuard on 20 flawed apps and find that IoTGuard correctly enforces 12 of the 12 policy violations. In addition, we evaluate IoTGuard on 35 SmartThings IoT and 30 IFTTT trigger-action platform market apps executed in a simulated smart home. IoTGuard enforces 11 unique policies and blocks 16 states in six (17.1%) SmartThings and five (16.6%) IFTTT apps. IoTGuard imposes only 17.3% runtime overhead on an app and 19.8% for five interacting apps. Through this effort, we introduce a rigorously grounded system for enforcing correct operation of IoT devices through systematically identified IoT policies, demonstrating the effectiveness and value of monitoring IoT apps with tools such as IoTGuard.

View More Papers

Balancing Image Privacy and Usability with Thumbnail-Preserving Encryption

Kimia Tajik (Oregon State University), Akshith Gunasekaran (Oregon State University), Rhea Dutta (Cornell University), Brandon Ellis (Oregon State University), Rakesh B. Bobba (Oregon State University), Mike Rosulek (Oregon State University), Charles V. Wright (Portland State University), Wu-Chi Feng (Portland State University)

Read More

Profit: Detecting and Quantifying Side Channels in Networked Applications

Nicolás Rosner (University of California, Santa Barbara), Ismet Burak Kadron (University of California, Santa Barbara), Lucas Bang (Harvey Mudd College), Tevfik Bultan (University of California, Santa Barbara)

Read More

Cybercriminal Minds: An investigative study of cryptocurrency abuses in...

Seunghyeon Lee (KAIST, S2W LAB Inc.), Changhoon Yoon (S2W LAB Inc.), Heedo Kang (KAIST), Yeonkeun Kim (KAIST), Yongdae Kim (KAIST), Dongsu Han (KAIST), Sooel Son (KAIST), Seungwon Shin (KAIST, S2W LAB Inc.)

Read More

PeriScope: An Effective Probing and Fuzzing Framework for the...

Dokyung Song (University of California, Irvine), Felicitas Hetzelt (Technical University of Berlin), Dipanjan Das (University of California, Santa Barbara), Chad Spensky (University of California, Santa Barbara), Yeoul Na (University of California, Irvine), Stijn Volckaert (University of California, Irvine and KU Leuven), Giovanni Vigna (University of California, Santa Barbara), Christopher Kruegel (University of California, Santa Barbara),…

Read More