SOTERIA: Automated IoT safety and security analysis

Z. Berkay Celik, Patrick McDaniel, Gang Tan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

189 Scopus citations

Abstract

Broadly defined as the Internet of Things (IoT), the growth of commodity devices that integrate physical processes with digital systems have changed the way we live, play and work. Yet existing IoT platforms cannot evaluate whether an IoT app or environment is safe, secure, and operates correctly. In this paper, we present SOTERIA, a static analysis system for validating whether an IoT app or IoT environment (collection of apps working in concert) adheres to identified safety, security, and functional properties. SOTERIA operates in three phases; (a) translation of platform-specific IoT source code into an intermediate representation (IR), (b) extracting a state model from the IR, (c) applying model checking to verify desired properties. We evaluate SOTERIA on 65 SmartThings market apps through 35 properties and find nine (14%) individual apps violate ten (29%) properties. Further, our study of combined app environments uncovered eleven property violations not exhibited in the isolated apps. Lastly, we demonstrate SOTERIA on MALIOT, a novel open-source test suite containing 17 apps with 20 unique violations.

Original languageEnglish (US)
Title of host publicationProceedings of the 2018 USENIX Annual Technical Conference, USENIX ATC 2018
PublisherUSENIX Association
Pages147-158
Number of pages12
ISBN (Electronic)9781939133021
StatePublished - Jan 1 2020
Event2018 USENIX Annual Technical Conference, USENIX ATC 2018 - Boston, United States
Duration: Jul 11 2018Jul 13 2018

Publication series

NameProceedings of the 2018 USENIX Annual Technical Conference, USENIX ATC 2018

Conference

Conference2018 USENIX Annual Technical Conference, USENIX ATC 2018
Country/TerritoryUnited States
CityBoston
Period7/11/187/13/18

All Science Journal Classification (ASJC) codes

  • General Computer Science

Fingerprint

Dive into the research topics of 'SOTERIA: Automated IoT safety and security analysis'. Together they form a unique fingerprint.

Cite this