TY - GEN
T1 - Expat
T2 - 24th ACM Symposium on Access Control Models and Technologies, SACMAT 2019
AU - Yahyazadeh, Moosa
AU - Podder, Proyash
AU - Hoque, Endadul
AU - Chowdhury, Omar
N1 - Publisher Copyright:
© 2019 Association for Computing Machinery.
PY - 2019/5/28
Y1 - 2019/5/28
N2 - This paper focuses on developing a security mechanism geared towards appified smart-home platforms. Such platforms often expose programming interfaces for developing automation apps that mechanize different tasks among smart sensors and actuators (e.g., automatically turning on the AC when the room temperature is above 80°F). Due to the lack of effective access control mechanisms, these automation apps can not only have unrestricted access to the user's sensitive information (e.g., the user is not at home) but also violate user expectations by performing undesired actions. As users often obtain these apps from unvetted sources, a malicious app can wreak havoc on a smart-home system by either violating the user's security and privacy, or creating safety hazards (e.g., turning on the oven when no one is at home). To mitigate such threats, we propose Expat which ensures that user expectations are never violated by the installed automation apps at runtime. To achieve this goal, Expat provides a platform-agnostic, formal specification language Uei for capturing user expectations of the installed automation apps' behavior. For effective authoring of these expectations (as policies) in Uei, Expat also allows a user to check the desired properties (e.g., consistency, entailment) of them; which due to their formal semantics can be easily discharged by an SMT solver. Expat then enforces Uei policies in situ with an inline reference monitor which can be realized using the same app programming interface exposed by the underlying platform. We instantiate Expat for one of the representative platforms, OpenHAB, and demonstrate it can effectively mitigate a wide array of threats by enforcing user expectations while incurring only modest performance overhead.
AB - This paper focuses on developing a security mechanism geared towards appified smart-home platforms. Such platforms often expose programming interfaces for developing automation apps that mechanize different tasks among smart sensors and actuators (e.g., automatically turning on the AC when the room temperature is above 80°F). Due to the lack of effective access control mechanisms, these automation apps can not only have unrestricted access to the user's sensitive information (e.g., the user is not at home) but also violate user expectations by performing undesired actions. As users often obtain these apps from unvetted sources, a malicious app can wreak havoc on a smart-home system by either violating the user's security and privacy, or creating safety hazards (e.g., turning on the oven when no one is at home). To mitigate such threats, we propose Expat which ensures that user expectations are never violated by the installed automation apps at runtime. To achieve this goal, Expat provides a platform-agnostic, formal specification language Uei for capturing user expectations of the installed automation apps' behavior. For effective authoring of these expectations (as policies) in Uei, Expat also allows a user to check the desired properties (e.g., consistency, entailment) of them; which due to their formal semantics can be easily discharged by an SMT solver. Expat then enforces Uei policies in situ with an inline reference monitor which can be realized using the same app programming interface exposed by the underlying platform. We instantiate Expat for one of the representative platforms, OpenHAB, and demonstrate it can effectively mitigate a wide array of threats by enforcing user expectations while incurring only modest performance overhead.
KW - Appified smart-home platforms
KW - Inline reference monitoring
KW - IoT security
KW - Policy enforcement
UR - http://www.scopus.com/inward/record.url?scp=85067206549&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85067206549&partnerID=8YFLogxK
U2 - 10.1145/3322431.3325107
DO - 10.1145/3322431.3325107
M3 - Conference contribution
AN - SCOPUS:85067206549
T3 - Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT
SP - 61
EP - 72
BT - SACMAT 2019 - Proceedings of the 24th ACM Symposium on Access Control Models and Technologies
PB - Association for Computing Machinery
Y2 - 3 June 2019 through 6 June 2019
ER -