Expat: Expectation-based Policy Analysis and Enforcement for Appified Smart-Home Platforms

This paper focuses on developing a security mechanism geared towards appified smart-home platforms. Such platforms often expose programming interfaces for developing automation apps that mechanize different tasks among smart sensors and actuators (e.g., automatically turning on the AC when the room temperature is above 80 F). Due to the lack of effective access control mechanisms, these automation apps can not only have unrestricted access to the user's sensitive information (e.g., the user is not at home) but also violate user expectations by performing undesired actions. As users often obtain these apps from unvetted sources, a malicious app can wreak havoc on a smart-home system by either violating the user's security and privacy, or creating safety hazards (e.g., turning on the oven when no one is at home). To mitigate such threats, we propose Expat which ensures that user expectations are never violated by the installed automation apps at runtime. To achieve this goal, Expat provides a platform-agnostic, formal specification language UEI for capturing user expectations of the installed automation apps' behavior. For effective authoring of these expectations (as policies) in UEI, Expat also allows a user to check the desired properties (e.g., consistency, entailment) of them; which due to their formal semantics can be easily discharged by an SMT solver. Expat then enforces UEI policies in situ with an inline reference monitor which can be realized using the same app programming interface exposed by the underlying platform. We instantiate Expat for one of the representative platforms, OpenHAB, and demonstrate it can effectively mitigate a wide array of threats by enforcing user expectations while incurring only modest performance overhead.

[1]  Gerard Jones,et al.  Honey, I'm home! , 1992 .

[2]  Srikanth V. Krishnamurthy,et al.  IotSan: fortifying the safety of IoT systems , 2018, CoNEXT.

[3]  Xiaojiang Du,et al.  Cross-App Interference Threats in Smart Homes: Categorization, Detection and Handling , 2018, 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[4]  Yuan Tian,et al.  SmartAuth: User-Centered Authorization for the Internet of Things , 2017, USENIX Security Symposium.

[5]  Terence John Parr,et al.  ANother Tool for Language Recognition , 2005 .

[6]  Qi Alfred Chen,et al.  ContexloT: Towards Providing Contextual Integrity to Appified IoT Platforms , 2017, NDSS.

[7]  Roksana Boreli,et al.  An experimental study of security and privacy risks with emerging household appliances , 2014, 2014 IEEE Conference on Communications and Network Security.

[8]  Omar Alrawi,et al.  SoK: Security Evaluation of Home-Based IoT Deployments , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[9]  Patrick D. McDaniel,et al.  Sensitive Information Tracking in Commodity IoT , 2018, USENIX Security Symposium.

[10]  Hongxin Hu,et al.  On the Safety of IoT Device Physical Interaction Control , 2018, CCS.

[11]  Srinivasan Seshan,et al.  Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the Internet-of-Things , 2015, HotNets.

[12]  Qi Wang,et al.  Fear and Logging in the Internet of Things , 2018, NDSS.

[13]  Zhiqiang Lin,et al.  IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing , 2018, NDSS.

[14]  Blase Ur,et al.  The Current State of Access Control for Smart Devices in Homes , 2013 .

[15]  Earlence Fernandes,et al.  Security Analysis of Emerging Smart Home Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[16]  Patrick D. McDaniel,et al.  IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT , 2019, NDSS.

[17]  Atul Prakash,et al.  Tyche: A Risk-Based Permission Model for Smart Homes , 2018, 2018 IEEE Cybersecurity Development (SecDev).

[18]  Atul Prakash,et al.  Decentralized Action Integrity for Trigger-Action IoT Platforms , 2018, NDSS.

[19]  Adi Shamir,et al.  IoT Goes Nuclear: Creating a ZigBee Chain Reaction , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[20]  Patrick D. McDaniel,et al.  Soteria: Automated IoT Safety and Security Analysis , 2018, USENIX Annual Technical Conference.

[21]  Adi Shamir,et al.  Extended Functionality Attacks on IoT Devices: The Case of Smart Lights , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[22]  Dawn Song,et al.  Smart Locks: Lessons for Securing Commodity Internet of Things Devices , 2016, AsiaCCS.

[23]  Ting Yu,et al.  On the modeling and analysis of obligations , 2006, CCS '06.

[24]  Atul Prakash,et al.  FlowFence: Practical Data Protection for Emerging IoT Application Frameworks , 2016, USENIX Security Symposium.

[25]  Jiwon Choi,et al.  FACT: Functionality-centric Access Control System for IoT Programming Frameworks , 2017, SACMAT.

[26]  Blase Ur,et al.  Rethinking Access Control and Authentication for the Home Internet of Things (IoT) , 2018, USENIX Security Symposium.