skip to main content
research-article

Friendly Fire: Cross-app Interactions in IoT Platforms

Published:01 April 2021Publication History
Skip Abstract Section

Abstract

IoT platforms enable users to connect various smart devices and online services via reactive apps running on the cloud. These apps, often developed by third-parties, perform simple computations on data triggered by external information sources and actuate the results of computations on external information sinks. Recent research shows that unintended or malicious interactions between the different (even benign) apps of a user can cause severe security and safety risks. These works leverage program analysis techniques to build tools for unveiling unexpected interference across apps for specific use cases. Despite these initial efforts, we are still lacking a semantic framework for understanding interactions between IoT apps. The question of what security policy cross-app interference embodies remains largely unexplored.

This article proposes a semantic framework capturing the essence of cross-app interactions in IoT platforms. The framework generalizes and connects syntactic enforcement mechanisms to bisimulation-based notions of security, thus providing a baseline for formulating soundness criteria of these enforcement mechanisms. Specifically, we present a calculus that models the behavioral semantics of a system of apps executing concurrently, and use it to define desirable semantic policies targeting the security and safety of IoT apps. To demonstrate the usefulness of our framework, we define and implement static analyses for enforcing cross-app security and safety, and prove them sound with respect to our semantic conditions. We also leverage real-world apps to validate the practical benefits of our tools based on the proposed enforcement mechanisms.

References

  1. Ravi Akella, Han Tang, and Bruce M. McMillin. 2010. Analysis of information flow security in cyber-physical systems. Int. J. Crit. Infrast. Protect. 3, 3–4 (2010), 157--173. DOI:https://doi.org/10.1016/j.ijcip.2010.09.001Google ScholarGoogle ScholarCross RefCross Ref
  2. Omar Alrawi, Chaz Lever, Manos Antonakakis, and Fabian Monrose. 2019. SoK: Security evaluation of home-based IoT deployments. In Proceedings of the Symposium on Security and Privacy (S&P’19). IEEE Computer Society, 1362--1380. DOI:https://doi.org/10.1109/SP.2019.00013Google ScholarGoogle ScholarCross RefCross Ref
  3. Roberto M. Amadio, Ilaria Castellani, and Davide Sangiorgi. 1998. On bisimulations for the asynchronous pi-calculus. Theor. Comput. Sci. 195, 2 (1998), 291--324. DOI:https://doi.org/10.1016/S0304-3975(97)00223-5Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Aslan Askarov, Sebastian Hunt, Andrei Sabelfeld, and David Sands. 2008. Termination-insensitive noninterference leaks more than just a bit. In Proceedings of the European Symposium on Research in Computer Security (ESORICS’08) (Lecture Notes in Computer Science), Vol. 5283. Springer Berlin, 333--348. DOI:https://doi.org/10.1007/978-3-540-88313-5_22Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Musard Balliu, Iulia Bastys, and Andrei Sabelfeld. 2019. Securing IoT apps. IEEE Secur. Priv. Mag. 17, 5 (2019), 22--29. DOI:https://doi.org/10.1109/MSEC.2019.2914190Google ScholarGoogle ScholarCross RefCross Ref
  6. Musard Balliu, Massimo Merro, and Michele Pasqua. 2019. Securing cross-app interactions in IoT platforms. In Proceedings of the Computer Security Foundations Symposium (CSF’19). IEEE Computer Society, 319--334. DOI:https://doi.org/10.1109/CSF.2019.00029Google ScholarGoogle ScholarCross RefCross Ref
  7. Iulia Bastys, Musard Balliu, Tamara Rezk, and Andrei Sabelfeld. 2020. Clockwork: Tracking remote timing attacks. In Proceedings of the Computer Security Foundations Symposium (CSF’20). IEEE Computer Society, 350--365. DOI:https://doi.org/10.1109/CSF49147.2020.00032Google ScholarGoogle ScholarCross RefCross Ref
  8. Iulia Bastys, Musard Balliu, and Andrei Sabelfeld. 2018. If this then what?: Controlling flows in IoT apps. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’18). ACM, 1102--1119. DOI:https://doi.org/10.1145/3243734.3243841Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Iulia Bastys, Frank Piessens, and Andrei Sabelfeld. 2018. Tracking information flow via delayed output – Addressing privacy in IoT and emailing apps. In Proceedings of the Nordic Conference on Secure IT Systems (NordSec’18) (Lecture Notes in Computer Science), Vol. 11252. 19--37. DOI:https://doi.org/10.1007/978-3-030-03638-6_2Google ScholarGoogle ScholarCross RefCross Ref
  10. Lujo Bauer, Shaoying Cai, Limin Jia, Timothy Passaro, Michael Stroucken, and Yuan Tian. 2015. Run-time monitoring and formal analysis of information flows in chromium. In Proceedings of the 22nd Network and Distributed System Security Symposium (NDSS’15).Google ScholarGoogle ScholarCross RefCross Ref
  11. Nataliia Bielova, Dominique Devriese, Fabio Massacci, and Frank Piessens. 2011. Reactive non-interference for a browser model. In Proceedings of the International Conference on Network and System Security (NSS’11). IEEE Computer Society, 97--104. DOI:https://doi.org/10.1109/ICNSS.2011.6059965Google ScholarGoogle ScholarCross RefCross Ref
  12. Chiara Bodei, Stefano Chessa, and Letterio Galletta. 2019. Measuring security in IoT communications. Theor. Comput. Sci. 764 (2019), 100--124. DOI:https://doi.org/10.1016/j.tcs.2018.12.002Google ScholarGoogle ScholarCross RefCross Ref
  13. Chiara Bodei, Pierpaolo Degano, Gian Luigi Ferrari, and Letterio Galletta. 2017. Tracing where IoT data are collected and aggregated. Log. Meth. Comput. Sci. 13, 3 (2017). DOI:https://doi.org/10.23638/LMCS-13(3:5)2017Google ScholarGoogle Scholar
  14. Aaron Bohannon, Benjamin C. Pierce, Vilhelm Sjöberg, Stephanie Weirich, and Steve Zdancewic. 2009. Reactive noninterference. In Proceedings of the Conference on Computer and Communications Security (CCS’09). ACM, 79--90. DOI:https://doi.org/10.1145/1653662.1653673Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Brandon Bohrer and André Platzer. 2018. A hybrid, dynamic logic for hybrid-dynamic information flow. In Proceedings of the ACM/IEEE Symposium on Logic in Computer Science (LICS’18). IEEE Computer Society, 115--124. DOI:https://doi.org/10.1145/3209108.3209151Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Z. Berkay Celik, Leonardo Babun, Amit Kumar Sikder, Hidayet Aksu, Gang Tan, Patrick D. McDaniel, and A. Selcuk Uluagac. 2018. Sensitive information tracking in commodity IoT. In Proceedings of the USENIX Security Symposium (USENIX’18). USENIX Association, 1687--1704.Google ScholarGoogle Scholar
  17. Z. Berkay Celik, Earlence Fernandes, Eric Pauley, Gang Tan, and Patrick D. McDaniel. 2019. Program analysis of commodity IoT applications for security and privacy: Challenges and opportunities. ACM Comput. Surv. 52, 4 (2019), 74:1–74:30. DOI:https://doi.org/10.1145/3333501Google ScholarGoogle Scholar
  18. Z. Berkay Celik, Patrick D. McDaniel, and Gang Tan. 2018. Soteria: Automated IoT safety and security analysis. In Proceedings of the USENIX Annual Technical Conference (USENIX ATC’18). USENIX Association, 147--158.Google ScholarGoogle Scholar
  19. Z. Berkay Celik, Gang Tan, and Patrick D. McDaniel. 2019. IoTGuard: Dynamic enforcement of security and safety policy in commodity IoT. In Proceedings of the Network and Distributed System Security Symposium (NDSS’19). The Internet Society.Google ScholarGoogle Scholar
  20. Haotian Chi, Qiang Zeng, Xiaojiang Du, and Jiaping Yu. 2020. Cross-app interference threats in smart homes: Categorization, detection and handling. In Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’20). IEEE Computer Society, 411--423. DOI:https://doi.org/10.1109/DSN48063.2020.00056Google ScholarGoogle ScholarCross RefCross Ref
  21. Delphine Demange and David Sands. 2009. All secrets great and small. In Proceedings of the European Symposium on Programming Languages and Systems (ESOP’09) (Lecture Notes in Computer Science), Vol. 5502. Springer-Verlag, 207--221. DOI:https://doi.org/10.1007/978-3-642-00590-9_16Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Jose Desharnais, Radha Jagadeesan, Vineet Gupta, and Prakash Panangaden. 2002. The metric analogue of weak bisimulation for probabilistic processes. In Proceedings of the IEEE Symposium on Logic in Computer Science (LICS’02). IEEE Computer Society, 413--422. DOI:https://doi.org/10.1145/1967701.1967710Google ScholarGoogle ScholarCross RefCross Ref
  23. Wenbo Ding and Hongxin Hu. 2018. On the safety of IoT device physical interaction control. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’18). ACM, 832--846. DOI:https://doi.org/10.1145/3243734.3243865Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. dotnet. 2020. .NET - Free. Cross-platform. Open source. Retrieved from https://dotnet.microsoft.com/.Google ScholarGoogle Scholar
  25. Earlence Fernandes, Justin Paupore, Amir Rahmati, Daniel Simionato, Mauro Conti, and Atul Prakash. 2016. FlowFence: Practical data protection for emerging IoT application frameworks. In Proceedings of the USENIX Security Symposium (USENIX Security’16). IUSENIX Association, 531--548.Google ScholarGoogle Scholar
  26. Earlence Fernandes, Amir Rahmati, Jaeyeon Jung, and Atul Prakash. 2018. Decentralized action integrity for trigger-action IoT platforms. In Proceedings of the Network and Distributed System Security Symposium (NDSS’18). The Internet Society.Google ScholarGoogle ScholarCross RefCross Ref
  27. Riccardo Focardi and Roberto Gorrieri. 2000. Classification of security properties (Part I: Information flow). In Proceedings of the Conference on Foundations of Security Analysis and Design (FOSAD’00) (Lecture Notes in Computer Science), Vol. 2171. 331--396. DOI:https://doi.org/10.1007/3-540-45608-2_6Google ScholarGoogle Scholar
  28. Riccardo Focardi and Fabio Martinelli. 1999. A uniform approach for the definition of security properties. In Proceedings of the World Congress on Formal Methods (FM’99) (Lecture Notes in Computer Science), Vol. 1708. Springer, 794--813. DOI:https://doi.org/10.1007/3-540-48119-2_44Google ScholarGoogle ScholarCross RefCross Ref
  29. Kohei Honda and Mario Tokoro. 1991. An object calculus for asynchronous communication. In Proceedings of the European Conference on Object-oriented Programming (ECOOP’91) (Lecture Notes in Computer Science), Vol. 512. Springer, 133--147. DOI:https://doi.org/10.1007/BFb0057019Google ScholarGoogle ScholarCross RefCross Ref
  30. Kai-Hsiang Hsu, Yu-Hsi Chiang, and Hsu-Chun Hsiao. 2019. SafeChain: Securing trigger-action programming from attack chains. IEEE Trans. Inf. Forens. Secur. 14, 10 (2019), 2607--2622. DOI:https://doi.org/10.1109/TIFS.2019.2899758Google ScholarGoogle ScholarCross RefCross Ref
  31. Sebastian Hunt and David Sands. 2006. On flow-sensitive security types. In Proceedings of the ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’06). ACM, 79--90. DOI:https://doi.org/10.1145/1111037.1111045Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. IFTTT. 2020. IFTTT: If This Then That. Retrieved from https://ifttt.com.Google ScholarGoogle Scholar
  33. Limin Jia, Jassim Aljuraidan, Elli Fragkaki, Lujo Bauer, Michael Stroucken, Kazuhide Fukushima, Shinsaku Kiyomoto, and Yutaka Miyake. 2013. Run-time enforcement of information-flow properties on Android. In Proceedings of the European Symposium on Research in Computer Security (ESORICS’13) (Lecture Notes in Computer Science), Vol. 8134. Springer, 775--792. DOI:https://doi.org/10.1007/978-3-642-40203-6_43Google ScholarGoogle ScholarCross RefCross Ref
  34. Maxwell N. Krohn and Eran Tromer. 2009. Noninterference for a practical DIFC-based operating system. In Proceedings of the IEEE Symposium on Security and Privacy (IEEE S&P’09). IEEE Computer Society, 61--76. DOI:https://doi.org/10.1109/SP.2009.23Google ScholarGoogle Scholar
  35. Ivan Lanese, Luca Bedogni, and Marco Di Felice. 2013. Internet of things: A process calculus approach. In Proceedings of the ACM Symposium on Applied Computing (SAC’13). ACM, 1339--1346. DOI:https://doi.org/10.1145/2480362.2480615Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Ruggero Lanotte and Massimo Merro. 2018. A semantic theory of the Internet of Things. Inf. Comput. 259, 1 (2018), 72--101. DOI:https://doi.org/10.1016/j.ic.2018.01.001Google ScholarGoogle ScholarCross RefCross Ref
  37. Ruggero Lanotte, Massimo Merro, and Simone Tini. 2018. Towards a formal notion of impact metric for cyber-physical attacks. In Proceedings of the International Conference on Integrated Formal Methods (IFM’18) (Lecture Notes in Computer Science), Vol. 11023. Springer, 296--315.Google ScholarGoogle ScholarCross RefCross Ref
  38. Massimo Merro and Davide Sangiorgi. 2004. On asynchrony in name-passing calculi. Math. Struct. Comput. Sci. 14, 5 (2004), 715--767. DOI:https://doi.org/10.1017/S0960129504004323Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. MSPA. 2020. Microsoft Power Automate. Retrieved from https://flow.microsoft.com/en-us/.Google ScholarGoogle Scholar
  40. Julie L. Newcomb, Satish Chandra, Jean-Baptiste Jeannin, Cole Schlesinger, and Manu Sridharan. 2017. IOTA: A calculus for Internet of Things automation. In Proceedings of the ACM SIGPLAN International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software. ACM, 119--133. DOI:https://doi.org/10.1145/3133850.3133860Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Dang Tu Nguyen, Chengyu Song, Zhiyun Qian, Srikanth V. Krishnamurthy, Edward J. M. Colbert, and Patrick McDaniel. 2018. IotSan: Fortifying the safety of IoT systems. In Proceedings of the International Conference on Emerging Networking EXperiments and Technologies (CoNEXT’18). ACM, 191--203. DOI:https://doi.org/10.1145/3281411.3281440Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. NST. 2019. Nest Thermostat. Retrieved from https://ifttt.com/services/nest_thermostat.Google ScholarGoogle Scholar
  43. Federica Paci, Davide Bianchin, Elisa Quintarelli, and Nicola Zannone. 2020. IFTTT privacy checker. In Proceedings of the Conference on Emerging Technologies for Authorization and Authentication (ETAA’20) (Lecture Notes in Computer Science), Vol. 12515. Springer, 90--107. DOI:https://doi.org/10.1007/978-3-030-64455-0_6Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. T. Parr. 2013. The Definitive ANTLR 4 Reference (2nd ed.). Pragmatic Bookshelf, Raleigh, NC.Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Andrei Sabelfeld and Andrew C. Myers. 2003. Language-based information-flow security. J. Select. Areas Commun. 21, 1 (2003), 5--19. DOI:https://doi.org/10.1109/JSAC.2002.806121Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Andrei Sabelfeld and Andrew C. Myers. 2003. A model for delimited information release. In Proceedings of the International Symposium on Software Security (ISSS’03) (Lecture Notes in Computer Science), Vol. 3233. Springer, 174--191. DOI:https://doi.org/10.1007/978-3-540-37621-7_9Google ScholarGoogle Scholar
  47. Andrei Sabelfeld and David Sands. 2009. Declassification: Dimensions and principles. J. Comput. Secur. 17, 5 (2009), 517--548. DOI:https://doi.org/10.3233/JCS-2009-0352Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. smt. 2020. SmartThings. Retrieved from https://ifttt.com/smartthings.Google ScholarGoogle Scholar
  49. Milijana Surbatovich, Jassim Aljuraidan, Lujo Bauer, Anupam Das, and Limin Jia. 2017. Some recipes can do more than spoil your appetite: Analyzing the security and privacy risks of IFTTT recipes. In Proceedings of the International Conference on World Wide Web (WWW’17). ACM, 1501--1510. DOI:https://doi.org/10.1145/3038912.3052709Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. Katja Tuma, Musard Balliu, and Riccardo Scandariato. 2019. Flaws in flows: Unveiling design flaws via information flow analysis. In Proceedings of the IEEE International Conference on Software Architecture (ICSA’19). IEEE Computer Society, 191--200. DOI:https://doi.org/10.1109/ICSA.2019.00028Google ScholarGoogle ScholarCross RefCross Ref
  51. Dennis M. Volpano, Cynthia E. Irvine, and Geoffrey Smith. 1996. A sound type system for secure flow analysis. J. Comput. Secur. 4, 2/3 (1996), 167--188. DOI:https://doi.org/10.3233/JCS-1996-42-304Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. Jingming Wang and Huiqun Yu. 2014. Analysis of the composition of non-deducibility in cyber-physical systems. Appl. Math. Inf. 8, 6 (2014), 3137--3143. DOI:https://doi.org/10.12785/amis/080655Google ScholarGoogle ScholarCross RefCross Ref
  53. Zapier. 2020. Zapier. Retrieved from https://zapier.com.Google ScholarGoogle Scholar

Index Terms

  1. Friendly Fire: Cross-app Interactions in IoT Platforms

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Published in

          cover image ACM Transactions on Privacy and Security
          ACM Transactions on Privacy and Security  Volume 24, Issue 3
          August 2021
          286 pages
          ISSN:2471-2566
          EISSN:2471-2574
          DOI:10.1145/3450360
          Issue’s Table of Contents

          Copyright © 2021 ACM

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 1 April 2021
          • Accepted: 1 December 2020
          • Revised: 1 October 2020
          • Received: 1 July 2020
          Published in tops Volume 24, Issue 3

          Permissions

          Request permissions about this article.

          Request Permissions

          Check for updates

          Qualifiers

          • research-article
          • Research
          • Refereed

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        HTML Format

        View this article in HTML Format .

        View HTML Format
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!