PatrIoT: Policy Assisted Resilient Programmable IoT System

This paper presents PatrIoT, which efficiently monitors the behavior of a programmable IoT system at runtime and suppresses contemplated actions that violate a given declarative policy. Policies in PatrIoT are specified in effectively propositional, past metric temporal logic and capture the system’s expected temporal invariants whose violation can break its desired security, privacy, and safety guarantees. PatrIoT has been instantiated for not only an industrial IoT system (EVA ICS) but also for two home representative automation platforms: one proprietary (SmartThings) and another open-source (OpenHAB). Our empirical evaluation shows that, while imposing only a moderate runtime overhead, PatrIoT can effectively detect policy violations.

[1]  Qi Alfred Chen,et al.  ContexloT: Towards Providing Contextual Integrity to Appified IoT Platforms , 2017, NDSS.

[2]  Xiaojiang Du,et al.  Cross-App Interference Threats in Smart Homes: Categorization, Detection and Handling , 2018, 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[3]  Haibo Wang,et al.  Self-addressable memory-based FSM: a scalable intrusion detection engine , 2009, IEEE Network.

[4]  Roksana Boreli,et al.  An experimental study of security and privacy risks with emerging household appliances , 2014, 2014 IEEE Conference on Communications and Network Security.

[5]  Hongxin Hu,et al.  On the Safety of IoT Device Physical Interaction Control , 2018, CCS.

[6]  Srinivasan Seshan,et al.  Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the Internet-of-Things , 2015, HotNets.

[7]  Adi Shamir,et al.  IoT Goes Nuclear: Creating a ZigBee Chain Reaction , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[8]  Jiwon Choi,et al.  FACT: Functionality-centric Access Control System for IoT Programming Frameworks , 2017, SACMAT.

[9]  Blase Ur,et al.  Rethinking Access Control and Authentication for the Home Internet of Things (IoT) , 2018, USENIX Security Symposium.

[10]  Adi Shamir,et al.  Extended Functionality Attacks on IoT Devices: The Case of Smart Lights , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[11]  Hongxia Jin,et al.  PIANO: Proximity-Based User Authentication on Voice-Powered Internet-of-Things Devices , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[12]  Qi Wang,et al.  Fear and Logging in the Internet of Things , 2018, NDSS.

[13]  Martin Leucker,et al.  Runtime Verification for LTL and TLTL , 2011, TSEM.

[14]  Patrick D. McDaniel,et al.  IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT , 2019, NDSS.

[15]  Earlence Fernandes,et al.  Security Analysis of Emerging Smart Home Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[16]  Atul Prakash,et al.  Tyche: A Risk-Based Permission Model for Smart Homes , 2018, 2018 IEEE Cybersecurity Development (SecDev).

[17]  Yi Zhou,et al.  Understanding the Mirai Botnet , 2017, USENIX Security Symposium.

[18]  G. Ro Synthesizing Dynamic Programming Algorithms from Linear Temporal Logic Formulae , 2001 .

[19]  Proyash Podder,et al.  Expat: Expectation-based Policy Analysis and Enforcement for Appified Smart-Home Platforms , 2019, SACMAT.

[20]  Blase Ur,et al.  The Current State of Access Control for Smart Devices in Homes , 2013 .

[21]  Carl A. Gunter,et al.  Charting the Attack Surface of Trigger-Action IoT Platforms , 2019, CCS.

[22]  Shan Lu,et al.  AutoTap: Synthesizing and Repairing Trigger-Action Programs Using LTL Properties , 2019, 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE).

[23]  Srikanth V. Krishnamurthy,et al.  IotSan: fortifying the safety of IoT systems , 2018, CoNEXT.

[24]  Felix Klaedtke,et al.  Policy Monitoring in First-Order Temporal Logic , 2010, CAV.

[25]  Yuan Tian,et al.  SmartAuth: User-Centered Authorization for the Internet of Things , 2017, USENIX Security Symposium.

[26]  Patrick D. McDaniel,et al.  Sensitive Information Tracking in Commodity IoT , 2018, USENIX Security Symposium.

[27]  Patrick D. McDaniel,et al.  Soteria: Automated IoT Safety and Security Analysis , 2018, USENIX Annual Technical Conference.

[28]  Dawn Song,et al.  Smart Locks: Lessons for Securing Commodity Internet of Things Devices , 2016, AsiaCCS.

[29]  Felix Klaedtke,et al.  Monitoring Metric First-Order Temporal Properties , 2015, J. ACM.

[30]  Yang Liu,et al.  Trace-Length Independent Runtime Monitoring of Quantitative Policies in LTL , 2015, FM.

[31]  G. Rosu,et al.  Synthesizing Dynamic Programming Algorithms fromLinear Temporal Logic Formulae , 2001 .

[32]  Srdjan Marinovic,et al.  Monitoring of temporal first-order properties with aggregations , 2013, Formal Methods Syst. Des..

[33]  Omar Alrawi,et al.  SoK: Security Evaluation of Home-Based IoT Deployments , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[34]  Zhiqiang Lin,et al.  IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing , 2018, NDSS.

[35]  Riccardo Focardi,et al.  WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring , 2018, USENIX Security Symposium.

[36]  Qian Zhang,et al.  Proximity based IoT device authentication , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[37]  Sven Apel,et al.  Types and modularity for implicit invocation with implicit announcement , 2010, TSEM.