TY - GEN
T1 - IotSan
T2 - 14th International Conference on Emerging Networking EXperiments and Technologies, CoNEXT 2018
AU - Nguyen, Dang Tu
AU - Song, Chengyu
AU - Qian, Zhiyun
AU - Krishnamurthy, Srikanth V.
AU - Colbert, Edward J.M.
AU - McDaniel, Patrick
N1 - Publisher Copyright:
© 2018 Association for Computing Machinery.
PY - 2018/12/4
Y1 - 2018/12/4
N2 - Today’s IoT systems include event-driven smart applications (apps) that interact with sensors and actuators. A problem specific to IoT systems is that buggy apps, unforeseen bad app interactions, or device/communication failures, can cause unsafe and dangerous physical states. Detecting flaws that lead to such states, requires a holistic view of installed apps, component devices, their configurations, and more importantly, how they interact. In this paper, we design IotSan, a novel practical system that uses model checking as a building block to reveal “interaction-level” flaws by identifying events that can lead the system to unsafe states. In building IotSan, we design novel techniques tailored to IoT systems, to alleviate the state explosion associated with model checking. IotSan also automatically translates IoT apps into a format amenable to model checking. Finally, to understand the root cause of a detected vulnerability, we design an attribution mechanism to identify problematic and potentially malicious apps. We evaluate IotSan on the Samsung SmartThings platform. From 76 manually configured systems, IotSan detects 147 vulnerabilities. We also evaluate IotSan with malicious SmartThings apps from a previous effort. IotSan detects the potential safety violations and also effectively attributes these apps as malicious.
AB - Today’s IoT systems include event-driven smart applications (apps) that interact with sensors and actuators. A problem specific to IoT systems is that buggy apps, unforeseen bad app interactions, or device/communication failures, can cause unsafe and dangerous physical states. Detecting flaws that lead to such states, requires a holistic view of installed apps, component devices, their configurations, and more importantly, how they interact. In this paper, we design IotSan, a novel practical system that uses model checking as a building block to reveal “interaction-level” flaws by identifying events that can lead the system to unsafe states. In building IotSan, we design novel techniques tailored to IoT systems, to alleviate the state explosion associated with model checking. IotSan also automatically translates IoT apps into a format amenable to model checking. Finally, to understand the root cause of a detected vulnerability, we design an attribution mechanism to identify problematic and potentially malicious apps. We evaluate IotSan on the Samsung SmartThings platform. From 76 manually configured systems, IotSan detects 147 vulnerabilities. We also evaluate IotSan with malicious SmartThings apps from a previous effort. IotSan detects the potential safety violations and also effectively attributes these apps as malicious.
UR - http://www.scopus.com/inward/record.url?scp=85060399835&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85060399835&partnerID=8YFLogxK
U2 - 10.1145/3281411.3281440
DO - 10.1145/3281411.3281440
M3 - Conference contribution
AN - SCOPUS:85060399835
T3 - CoNEXT 2018 - Proceedings of the 14th International Conference on Emerging Networking EXperiments and Technologies
SP - 191
EP - 203
BT - CoNEXT 2018 - Proceedings of the 14th International Conference on Emerging Networking EXperiments and Technologies
PB - Association for Computing Machinery, Inc
Y2 - 4 December 2018 through 7 December 2018
ER -