| 1. |
- Balliu, Musard, et al.
(author)
-
Friendly Fire : Cross-App Interactions in IoT Platforms
- 2021
-
In: ACM Transactions on Privacy and Security (TOPS). - : Association for Computing Machinery (ACM). - 2471-2566 .- 2471-2574. ; 24:3, s. 1-40
-
Journal article (peer-reviewed)abstract
- IoT platforms enable users to connect various smart devices and online services via reactive apps running onthe cloud. These apps, often developed by third-parties, perform simple computations on data triggered byexternal information sources and actuate the results of computations on external information sinks. Recentresearch shows that unintended or malicious interactions between the different (even benign) apps of a usercan cause severe security and safety risks. These works leverage program analysis techniques to build toolsfor unveiling unexpected interference across apps for specific use cases. Despite these initial efforts, we arestill lacking a semantic framework for understanding interactions between IoT apps. The question of whatsecurity policy cross-app interference embodies remains largely unexplored.This paper proposes a semantic framework capturing the essence of cross-app interactions in IoT platforms.The framework generalizes and connects syntactic enforcement mechanisms to bisimulation-based notionsof security, thus providing a baseline for formulating soundness criteria of these enforcement mechanisms.Specifically, we present a calculus that models the behavioral semantics of a system of apps executingconcurrently, and use it to define desirable semantic policies targeting the security and safety of IoT apps.To demonstrate the usefulness of our framework, we define and implement static analyses for enforcingcross-app security and safety, and prove them sound with respect to our semantic conditions. We also leveragereal-world apps to validate the practical benefits of our tools based on the proposed enforcement mechanisms.
|
|
| 2. |
- Balliu, Musard, et al.
(author)
-
Friendly Fire: Cross-App Interactions in IoT Platforms
- 2020
-
In: https://www.cambridge.org/core/what-we-publish/textbooks#.
-
Conference paper (peer-reviewed)abstract
- IoT platforms enable users to connect various smart devices and online services viareactive apps running on the cloud. These apps, often developed by third-parties, performsimple computations on data triggered by external information sources and actuate theresults of computation on external information sinks. Recent research shows that unin-tended or malicious interactions between the dierent (even benign) apps of a user cancause severe security and safety risks. These works leverage program analysis techniquesto build tools for unveiling unexpected interference across apps for specic use cases.We propose a calculus that models the behavioral semantics of a system of apps ex-ecuting concurrently, and use it to dene desirable semantic policies in the security andsafety context of IoT apps. To demonstrate the usefulness of our framework, we denestatic mechanisms for enforcing cross-app security and safety, and prove them sound withrespect to our semantic conditions. Finally, we leverage real-world apps to validate thepractical benets of our policy framework.
|
|
| 3. |
- Balliu, Musard, et al.
(author)
-
Securing Cross-App Interactions in IoT Platforms
- 2019
-
In: 2019 IEEE 32nd Computer Security Foundations Symposium (CSF). - : IEEE Computer Society. - 9781728114064 ; , s. 319-334
-
Conference paper (peer-reviewed)abstract
- IoT platforms enable users to connect various smart devices and online services via reactive apps running on the cloud. These apps, often developed by third-parties, perform simple computations on data triggered by external information sources and actuate the results of computation on external information sinks. Recent research shows that unintended or malicious interactions between the different (even benign) apps of a user can cause severe security and safety risks. These works leverage program analysis techniques to build tools for unveiling unexpected interference across apps for specific use cases. Despite these initial efforts, we are still lacking a semantic framework for understanding interactions between IoT apps. The question of what security policy cross-app interference embodies remains largely unexplored. This paper proposes a semantic framework capturing the essence of cross-app interactions in IoT platforms. The framework generalizes and connects syntactic enforcement mechanisms to bisimulation-based notions of security, thus providing a baseline for formulating soundness criteria of these enforcement mechanisms. Specifically, we present a calculus that models the behavioral semantics of a system of apps executing concurrently, and use it to define desirable semantic policies in the security and safety context of IoT apps. To demonstrate the usefulness of our framework, we define static mechanisms for enforcing crossapp security and safety, and prove them sound with respect to our semantic conditions. Finally, we leverage real-world apps to validate the practical benefits of our policy framework.
|
|
