Abstract
Recent advances in Internet of Things (IoT) have enabled myriad domains such as smart homes, personal monitoring devices, and enhanced manufacturing. IoT is now pervasive—new applications are being used in nearly every conceivable environment, which leads to the adoption of device-based interaction and automation. However, IoT has also raised issues about the security and privacy of these digitally augmented spaces. Program analysis is crucial in identifying those issues, yet the application and scope of program analysis in IoT remains largely unexplored by the technical community. In this article, we study privacy and security issues in IoT that require program-analysis techniques with an emphasis on identified attacks against these systems and defenses implemented so far. Based on a study of five IoT programming platforms, we identify the key insights that result from research efforts in both the program analysis and security communities and relate the efficacy of program-analysis techniques to security and privacy issues. We conclude by studying recent IoT analysis systems and exploring their implementations. Through these explorations, we highlight key challenges and opportunities in calibrating for the environments in which IoT systems will be used.
- Abbas Acar, Hossein Fereidooni, Tigist Abera, Amit Kumar Sikder, Markus Miettinen, Hidayet Aksu, Mauro Conti, Ahmad-Reza Sadeghi, and A Selcuk Uluagac. 2018. Peek-a-Boo: I see your smart home activities, even encrypted! Retrieved from: Arxiv Preprint:1808.02741.Google Scholar
- SmartThings Inc. 2018. Samsung SmartThings add a little smartness to your things. Retrieved from: https://www.smartthings.com/.Google Scholar
- Cedric Adjih, Emmanuel Baccelli, Eric Fleury, Gaetan Harter, Nathalie Mitton, Thomas Noel, Roger Pissard-Gibollet, Frederic Saint-Marcel, Guillaume Schreiner, Julien Vandaele et al. 2015. FIT IoT-LAB: A large-scale open experimental IoT testbed. In Proceedings of the 2nd IEEE World Forum on Internet of Things (WF-IoT’15). Google ScholarDigital Library
- Alfred V. Aho, Ravi Sethi, and Jeffrey D. Ullman. 1986. Compilers, Principles, Techniques. Addison Wesley. Google ScholarDigital Library
- O. Alrawi, C. Lever, M. Antonakakis, and F. Monrose. 2019. SoK: Security evaluation of home-based IoT deployments. In IEEE Symposium on Security and Privacy (SP’19).Google Scholar
- Android Things. 2018. Retrieved from: https://developer.android.com/things/.Google Scholar
- IFTTT Santa Detector App. 2018. Retrieved from: https://ifttt.com/applets/170037p-santa-detector.Google Scholar
- Apple’s HomeKit. 2018. Retrieved from: https://www.apple.com/ios/home/.Google Scholar
- Apple’s HomeKit App Market. 2018. Retrieved from: https://support.apple.com/en-us/HT204893.Google Scholar
- Android Things Official Apps. 2018. Retrieved from: https://github.com/androidthings.Google Scholar
- Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. FlowDroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM SIGPLAN Notices 49, 6 (2014). Google ScholarDigital Library
- Leonardo Babun, Amit Kumar Sikder, Abbas Acar, and A. Selcuk Uluagac. 2018. IoTDots: A Digital Forensics Framework for Smart Environments. Retrieved from: arXiv:arXiv:1809.00745.Google Scholar
- Roberto Baldoni, Emilio Coppa, Daniele Cono D’elia, Camil Demetrescu, and Irene Finocchi. 2018. A survey of symbolic execution techniques. ACM Comput. Surv. 51, 3 (2018). Google ScholarDigital Library
- Alexandre Bartel, Jacques Klein, Yves Le Traon, and Martin Monperrus. 2012. Dexpler: Converting Android Dalvik bytecode to Jimple for static analysis with Soot. In Proceedings of the ACM SIGPLAN Workshop on State of the Art in Java Program Analysis. Google ScholarDigital Library
- Iulia Bastys, Musard Balliu, and Andrei Sabelfeld. 2018. If this then what? Controlling flows in IoT apps. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’18). Google ScholarDigital Library
- Eric Bodden. 2012. Inter-procedural data-flow analysis with IFDS/IDE and Soot. In Proceedings of the ACM International Workshop on State of the Art in Java Program Analysis. Google ScholarDigital Library
- Cristian Cadar, Patrice Godefroid, Sarfraz Khurshid, Corina S Păsăreanu, Koushik Sen, Nikolai Tillmann, and Willem Visser. 2011. Symbolic execution for software testing in practice: Preliminary assessment. In Proceedings of the International Conference on Software Engineering. Google ScholarDigital Library
- Patrick Carter, Collin Mulliner, Martina Lindorfer, William Robertson, and Engin Kirda. 2016. CuriousDroid: Automated user interface interaction for Android application analysis sandboxes. In Proceedings of the International Conference on Financial Cryptography and Data Security.Google Scholar
- Z. Berkay Celik, Leonardo Babun, Amit K. Sikder, Hidayet Aksu, Gang Tan, Patrick McDaniel, and A. Selcuk Uluagac. 2018. Sensitive information tracking in commodity IoT. In Proceedings of the USENIX Security Symposium. Google ScholarDigital Library
- Z. Berkay Celik, Patrick McDaniel, and Gang Tan. 2018. Soteria: Automated IoT safety and security analysis. In Proceedings of the USENIX Technical Conference (USENIX ATC’18). Google ScholarDigital Library
- Z. Berkay Celik, Gang Tan, and Patrick McDaniel. 2019. IoTGuard: Dynamic enforcement of security and safety policy in commodity IoT. In Proceedings of the Network and Distributed System Security Symposium (NDSS’19).Google ScholarCross Ref
- Jiongyi Chen, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang, and Kehuan Zhang. 2018. IoTFuzzer: Discovering memory corruptions in IoT through app-based fuzzing. In Proceedings of the Network and Distributed System Security Symposium (NDSS’18).Google ScholarCross Ref
- Haotian Chi, Qiang Zeng, Xiaojiang Du, and Jiaping Yu. 2018. Cross-app threats in smart homes: Categorization, detection and handling. Retrieved from: Arxiv Preprint:1808.02125.Google Scholar
- Shauvik Roy Choudhary, Alessandra Gorla, and Alessandro Orso. 2015. Automated test input generation for Android: Are we there yet? Retrieved from: Arxiv Preprint:1503.07217.Google Scholar
- Edmund M. Clarke and E. Allen Emerson. 1981. Design and synthesis of synchronization skeletons using branching time temporal logic. In Proceedings of the Workshop on Logic of Programs. Google ScholarDigital Library
- James Clause, Wanchun Li, and Alessandro Orso. 2007. Dytan: A generic dynamic taint analysis framework. In Proceedings of the ACM International Symposium on Software Testing and Analysis. Google ScholarDigital Library
- Paul Comitz and Aaron Kersch. 2016. Aviation analytics and the internet of things. In Integrated Communications Navigation and Surveillance, 2016.Google ScholarCross Ref
- Gabriele D’Angelo, Stefano Ferretti, and Vittorio Ghini. 2016. Simulation of the internet of things. In Proceedings of the IEEE International Conference on High Performance Computing 8 Simulation (HPCS’16).Google ScholarCross Ref
- Tamara Denning, Tadayoshi Kohno, and Henry M. Levy. 2013. Computer security and the modern home. ACM Commun. 56, 1 (2013). Google ScholarDigital Library
- Wenbo Ding and Hongxin Hu. 2018. On the safety of IoT device physical interaction control. In Proceedings of the ACM Computer and Communications Security Conference (CCS’18). Google ScholarDigital Library
- Android Sensor API Documentation. 2018. Retrieved from: https://developer.android.com/guide/topics/sensors/sensors_overview.html.Google Scholar
- Eclipse Kura Documentation. 2018. Retrieved from: http://eclipse.github.io/kura/.Google Scholar
- Google Fit Developer Documentation. 2018. Retrieved from: https://developers.google.com/fit/.Google Scholar
- Sven Efftinge, Moritz Eysholdt, Jan Köhnlein, Sebastian Zarnekow, Robert von Massow, Wilhelm Hasselbring, and Michael Hanus. 2012. Xbase: Implementing domain-specific languages for Java. In ACM SIGPLAN Notices, Vol. 48. Google ScholarDigital Library
- Leverett Eireann, Richard Clayton, and Ross Anderson. 2017. Standardisation and certification of the internet of things. In Proceedings of the Workshop on the Economics of Information Security (WEIS’17).Google Scholar
- William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. 2014. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. 32, 2 (2014). Google ScholarDigital Library
- Michael D. Ernst. 2003. Static and dynamic analysis: Synergy and duality. In Proceedings of the Workshop on Dynamic Analysis.Google Scholar
- UI/Application Exerciser. 2018. Retrieved from: https://developer.android.com/studio/test/monkey.Google Scholar
- Earlence Fernandes, Jaeyeon Jung, and Atul Prakash. 2016. Security analysis of emerging smart home applications. In Proceedings of the IEEE Symposium on Security and Privacy (S8P’16).Google ScholarCross Ref
- Earlence Fernandes, Justin Paupore, Amir Rahmati, Daniel Simionato, Mauro Conti, and Atul Prakash. 2016. FlowFence: Practical data protection for emerging IoT application frameworks. In Proceedings of the USENIX Security Symposium. Google ScholarDigital Library
- Earlence Fernandes, Amir Rahmati, Kevin Eykholt, and Atul Prakash. 2017. Internet of things security research: A rehash of old ideas or new intellectual challenges? Proceedings of the IEEE Symposium on Security 8 Privacy (S8P’17).Google ScholarDigital Library
- Earlence Fernandes, Amir Rahmati, Jaeyeon Jung, and Atul Prakash. 2018. Decentralized action integrity for trigger-action IoT platforms. In Proceedings of the Network and Distributed Systems Symposium (NDSS’18).Google ScholarCross Ref
- OpenHAB: Open Source Automation Software for Home. 2018. Retrieved from: https://www.openhab.org/.Google Scholar
- SmartThings Community Forum for Third-party Apps. 2018. Retrieved from: https://community.smartthings.com/.Google Scholar
- B. Gu, X. Li, G. Li, A. C. Champion, Z. Chen, F. Qin, and D. Xuan. 2013. D2Taint: Differentiated and dynamic information flow tracking on smartphones for numerous data sources. In Proceedings of the IEEE International Conference on Computer Communications (INFOCOM’13).Google Scholar
- SmartThings Code Review Guidelines and Best Practices. 2018. Retrieved from: http://docs.smartthings.com/en/latest/code-review-guidelines.html.Google Scholar
- Son N. Han, Gyu Myoung Lee, Noel Crespi, Kyongwoo Heo, Nguyen Van Luong, Mihaela Brut, and Patrick Gatellier. 2014. Dpwsim: A simulation toolkit for IoT applications using devices profile for web services. In Proceedings of the IEEE World Forum on Internet of Things (WF-IoT’14).Google ScholarCross Ref
- Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus Dürmuth, Earlence Fernandes, and Blase Ur. 2018. Rethinking access control and authentication for the home internet of things (IoT). In Proceedings of the USENIX Security Symposium. Google ScholarDigital Library
- Grant Ho, Derek Leung, Pratyush Mishra, Ashkan Hosseini, Dawn Song, and David Wagner. 2016. Smart locks: Lessons for securing commodity Internet of Things devices. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. Google ScholarDigital Library
- IFTTT (if this then that). 2018. Retrieved from: https://ifttt.com/.Google Scholar
- PTC Industrial IoT. 2018. Retrieved from: https://www.ptc.com/en/about.Google Scholar
- Alex Jablokow. 2015. How the IoT helps keep oil and gas pipelines safe, PTC. Accessed on Feb. 15, 2019 from https://www.ptc.com/en/product-lifecycle-report/how-the-iot-helps-keep-oil-and-gas-pipelines-safe.Google Scholar
- Ranjit Jhala and Rupak Majumdar. 2009. Software model checking. ACM Comput. Surv. 41, 4 (2009). Google ScholarDigital Library
- Yunhan Jack Jia, Qi Alfred Chen, Shiqi Wang, Amir Rahmati, Earlence Fernandes, Z. Morley Mao, Atul Prakash, and Shanghai JiaoTong Unviersity. 2017. ContexIoT: Towards providing contextual integrity to appified IoT platforms. In Proceedings of the Network and Distributed Systems Symposium (NDSS’17).Google ScholarCross Ref
- Qi Jing, Athanasios V. Vasilakos, Jiafu Wan, Jingwei Lu, and Dechao Qiu. 2014. Security of the Internet of Things: Perspectives and challenges. Wireless Netw. 20, 8 (2014). Google ScholarDigital Library
- Gabor Kecskemeti, Giuliano Casale, Devki Nandan Jha, Justin Lyon, and Rajiv Ranjan. 2017. Modelling and simulation challenges in internet of things. IEEE Cloud Comput. 4, 1 (2017).Google Scholar
- Richard Kirk. 2015. Cars of the future: The internet of things in the automotive industry. Netw. Sec. 2015, 9 (2015). Google ScholarDigital Library
- Sylvain Kubler, Kary Främling, and Andrea Buda. 2015. A standardized approach to deal with firewall and mobility policies in the IoT. Pervas. Mob. Comput. 20 (2015). https://www.sciencedirect.com/science/article/pii/S1574119214001588. Google ScholarDigital Library
- Patrick Lam, Eric Bodden, Ondrej Lhoták, and Laurie Hendren. 2011. The Soot Framework for Java program analysis: A retrospective. In Proceedings of the Cetus Users and Compiler Infrastructure Workshop.Google Scholar
- Chris Lattner. 2012. LLVM Compiler Infrastructure Project. The architecture of open source applications PTC. Accessed on Feb. 15, 2019 from https://www.aosabook.org/en/llvm.html.Google Scholar
- Maria Lazarte. 2016. Are we safe in the Internet of Things? International Organization for Standardization (September 2016). Retrieved from: https://www.iso.org/news/2016/09/Ref2113.html.Google Scholar
- Edward A. Lee, Mehrdad Niknami, Thierry S. Nouidui, and Michael Wetter. 2015. Modeling and simulating cyber-physical systems using CyPhySim. In Proceedings of the International Conference on Embedded Software. Google ScholarDigital Library
- Sanghak Lee, Jiwon Choi, Jihun Kim, Beumjin Cho, Sangho Lee, Hanjun Kim, and Jong Kim. 2017. FACT: Functionality-centric access control system for IoT programming frameworks. In Proceedings of the Symposium on Access Control Models and Technologies. Google ScholarDigital Library
- Oded Leiba, Yechiav Yitzchak, Ron Bitton, Asaf Nadler, and Asaf Shabtai. 2018. Incentivized delivery network of IoT software updates based on trustless proof-of-distribution. Retrieved from: Arxiv Preprint:1805.04282.Google Scholar
- Ondřej Lhoták and Laurie Hendren. 2003. Scaling Java points-to analysis using S park. In Proceedings of the International Conference on Compiler Construction. Springer. Google ScholarDigital Library
- Watson Android libraries for Android application analysis. 2018. Retrieved from: https://github.com/wala/WALA.Google Scholar
- Ke Mao, Mark Harman, and Yue Jia. 2016. Sapienz: Multi-objective automated testing for Android applications. In Proceedings of the ACM International Symposium on Software Testing and Analysis. Google ScholarDigital Library
- IFTTT Platform Size Metrics. 2018. Retrieved from: https://platform.ifttt.com/pricing.Google Scholar
- IoTBench A micro-benchmark suite to assess the effectiveness of tools designed for IoT apps. 2018. Retrieved from: https://github.com/IoTBench.Google Scholar
- Nicholas Nethercote. 2004. Dynamic Binary Analysis and Instrumentation. Technical Report. University of Cambridge, Computer Laboratory.Google Scholar
- Dang Tu Nguyen, Chengyu Song, Zhiyun Qian, Srikanth V. Krishnamurthy, Edward J. M. Colbert, and Patrick McDaniel. 2018. IoTSan: Fortifying the safety of IoT systems. In Proceedings of the ACM International Conference on emerging Networking EXperiments and Technologies (CoNEXT’18). Google ScholarDigital Library
- Flemming Nielson, Hanne R. Nielson, and Chris Hankin. 2015. Principles of Program Analysis. Springer. Google Scholar
- GroovyCodeVisitor An Implementation of the Groovy Visitor Patterns. 2018. Retrieved from: http://docs.groovy-lang.org/docs.Google Scholar
- Temitope Oluwafemi, Tadayoshi Kohno, Sidhant Gupta, and Shwetak Patel. 2013. Experimental security analyses of non-networked compact fluorescent lamps: A case study of home automation security. In Proceedings of the USENIX LASER Workshop.Google Scholar
- Mike Orcutt. 2016. Security experts warn congress that the internet of things could kill people. MIT Technol. Rev. (2016). Accessed on Feb. 15, 2019 from https://www.technologyreview.com/s/603015/security-experts-warn-congress-that-the-internet-of-things-could-kill-people.Google Scholar
- OpenHAB IoT App Market (Eclipse Market Place). 2018. Retrieved from: https://github.com/openhab/openhab1-addons/wiki/Samples-Rules.Google Scholar
- OpenHAB IoT App Market (Eclipse Market Place). 2018. Retrieved from: http://docs.openhab.org/eclipseiotmarket.Google Scholar
- Microsoft Flow Automate processes and tasks. 2018. Retrieved from: https://flow.microsoft.com/.Google Scholar
- Vaibhav Rastogi, Yan Chen, and William Enck. 2013. AppsPlayground: Automatic security analysis of smartphone applications. In Proceedings of the ACM Conference on Data and Application Security and Privacy. Google ScholarDigital Library
- Partha Pratim Ray. 2016. A survey of IoT cloud platforms. Fut. Comput. Inform. J. 1, 1--2 (2016), 35--46.Google ScholarCross Ref
- Bradley Reaves, Jasmine Bowers, Sigmund Albert Gorski III, Olabode Anise, Rahul Bobhate, Raymond Cho, Hiranava Das, Sharique Hussain, Hamza Karachiwala, Nolen Scaife et al. 2016. *droid: Assessment and evaluation of Android application analysis tools. ACM Comput. Surv. 49, 3 (2016). Google ScholarDigital Library
- SmartThings Official App Repository. 2018. Retrieved from: https://github.com/SmartThingsCommunity.Google Scholar
- Rodrigo Roman, Jianying Zhou, and Javier Lopez. 2013. On the features and challenges of security and privacy in distributed Internet of Things. Comput. Netw. 57, 10 (2013). Google ScholarDigital Library
- E. Ronen and A. Shamir. 2016. Extended functionality attacks on IoT devices: The case of smart lights. In Proceedings of the IEEE European Symposium on Security and Privacy (Euro S8P’16).Google Scholar
- Eyal Ronen, Adi Shamir, Achi-Or Weingarten, and Colin O’Flynn. 2017. IoT goes nuclear: Creating a ZigBee chain reaction. In Proceedings of the IEEE Symposium on Security and Privacy (S8P’17).Google ScholarCross Ref
- Edward J. Schwartz, Thanassis Avgerinos, and David Brumley. 2010. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In Proceedings of the IEEE Symposium on Security and Privacy (S8P’10). Google ScholarDigital Library
- SmartThings Web service App Overview. 2017. Retrieved from: http://docs.smartthings.com/en/latest/smartapp-web-services-developers-guide/overview.html.Google Scholar
- M. Sharir and A. Pnueli. 1981. Two Approaches to Inter-procedural Dataflow Analysis. Computer Science Department, New York University.Google Scholar
- Vijay Sivaraman, Hassan Habibi Gharakheili, Arun Vishwanath, Roksana Boreli, and Olivier Mehani. 2015. Network-level security and privacy control for smart-home IoT devices. In Proceedings of the International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob’15).Google ScholarCross Ref
- SmartThings Official Developer Documentation. 2018. Retrieved from: http://docs.smartthings.com.Google Scholar
- Saleh Soltan, Prateek Mittal, and H. Vincent Poor. 2018. BlackIoT: IoT botnet of high wattage devices can disrupt the power grid. In Proceedings of the USENIX Security Symposium. Google ScholarDigital Library
- Manu Sridharan, Satish Chandra, Julian Dolby, Stephen J. Fink, and Eran Yahav. 2013. Alias analysis for object-oriented programs. In Aliasing in Object-Oriented Programming: Types, Analysis and Verification. Springer, 196--232. Google ScholarDigital Library
- Milijana Surbatovich, Jassim Aljuraidan, Lujo Bauer, Anupam Das, and Limin Jia. 2017. Some recipes can do more than spoil your appetite: Analyzing the security and privacy risks of IFTTT recipes. In Proceedings of the International Conference on World Wide Web. Google ScholarDigital Library
- Harriet Taylor. 2016. How the internet of things could be fatal. Retrieved from: CNBC (March 2016). https://www.cnbc.com/2016/03/04/how-the-internet-of-things-could-be-fatal.html.Google Scholar
- IoT Platform Comparison: How the 450 providers stack up. 2018. Retrieved from: https://iot-analytics.com/iot-platform-comparison-how-providers-stack-up/.Google Scholar
- The Internet of Things with AWS. 2018. Retrieved from: https://aws.amazon.com/iot/.Google Scholar
- Yuan Tian, Nan Zhang, Yueh-Hsun Lin, XiaoFeng Wang, Blase Ur, XianZheng Guo, and Patrick Tague. 2017. SmartAuth: User-centered authorization for the internet of things. In Proceedings of the USENIX Security Symposium. Google ScholarDigital Library
- Raja Vallée-Rai, Phong Co, Etienne Gagnon, Laurie Hendren, Patrick Lam, and Vijay Sundaresan. 1999. Soot: A Java bytecode optimization framework. In Proceedings of the 1999 Conference of the Centre for Advanced Studies on Collaborative Research (CASCON'99). IBM Press, 13 pages. http://dl.acm.org/citation.cfm?id=781995.782008. Google ScholarDigital Library
- Deepak Vasisht, Zerina Kapetanovic, Jongho Won, Xinxin Jin, Ranveer Chandra, Sudipta N. Sinha, Ashish Kapoor, Madhusudhan Sudarshan, and Sean Stratman. 2017. FarmBeats: An IoT platform for data-driven agriculture. In Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI’17). Google ScholarDigital Library
- G. Veerendra. 2016. Hacking Internet of Things (IoT): A Case Study on DTH Vulnerabilities. Technical Report. SecPod.Google Scholar
- Timothy Vidas, Jiaqi Tan, Jay Nahata, Chaur Lih Tan, Nicolas Christin, and Patrick Tague. 2014. A5: Automated analysis of adversarial Android applications. In Proceedings of the ACM Workshop on Security and Privacy in Smartphones 8 Mobile Devices. Google ScholarDigital Library
- Qi Wang, Wajih Ul Hassan, Adam Bates, and Carl Gunter. 2018. Fear and logging in the internet of things. In Proceedings of the Network and Distributed Systems Symposium (NDSS’18).Google ScholarCross Ref
- Olivia Waxman. 2014. Stranger hacks into baby monitor and screams at child. Time Magazine (April 2014).Google Scholar
- SmartThings web-based simulator for testing SmartThings apps with virtual devices. 2018. Retrieved from: https://goo.gl/rfTB7e.Google Scholar
- Mark Weiser. 1981. Program slicing. In Proceedings of the 5th International Conference on Software Engineering (ICSE'81). IEEE Press, 439--449. http://dl.acm.org/citation.cfm?id=800078.802557 Google ScholarDigital Library
- Zapier Automate Workflows. 2018. Retrieved from: https://zapier.com/.Google Scholar
- Teng Xu, James B. Wendt, and Miodrag Potkonjak. 2014. Security of IoT systems: Design challenges and opportunities. In Proceedings of the 2014 IEEE/ACM International Conference on Computer-Aided Design. IEEE Press, 417--423. Google ScholarDigital Library
- Geng Yang, Li Xie, Matti Mäntysalo, Xiaolin Zhou, Zhibo Pang, Li Da Xu, Sharon Kao-Walter, Qiang Chen, and Li-Rong Zheng. 2014. A health-IoT platform based on the integration of intelligent packaging, unobtrusive bio-sensor, and intelligent medicine box. IEEE Trans. Industr. Inform. 10, 4 (2014).Google Scholar
- Apiant Connect your apps automate your business. 2018. Retrieved from: https://apiant.com/.Google Scholar
- Tianlong Yu, Vyas Sekar, Srinivasan Seshan, Yuvraj Agarwal, and Chenren Xu. 2015. Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the Internet of Things. In Proceedings of the ACM Workshop on Hot Topics in Networks. Google ScholarDigital Library
- Andrea Zanella, Nicola Bui, Angelo Castellani, Lorenzo Vangelista, and Michele Zorzi. 2014. Internet of Things for smart cities. IEEE Int. Things J. 1, 1 (2014), 22--32.Google ScholarCross Ref
- Bruno Bogaz Zarpelão, Rodrigo Sanches Miani, Cláudio Toshio Kawakani, and Sean Carlisto de Alvarenga. 2017. A survey of intrusion detection in Internet of Things. J. Netw. Comput. Appl. 84 (2017). Google ScholarDigital Library
- Nan Zhang, Soteris Demetriou, Xianghang Mi, Wenrui Diao, Kan Yuan, Peiyuan Zong, Feng Qian, XiaoFeng Wang, Kai Chen, Yuan Tian et al. 2017. Understanding IoT security through the data crystal ball: Where we are now and where we are going to be. Retrieved from: Arxiv Preprint:1703.09809.Google Scholar
- David (Yu) Zhu, Jaeyeon Jung, Dawn Song, Tadayoshi Kohno, and David Wetherall. 2011. TaintEraser: Protecting sensitive data leaks using application-level taint tracking. SIGOPS Op. Syst. Rev. 45, 1 (2011). Google ScholarDigital Library
- Jan Henrik Ziegeldorf, Oscar Garcia Morchon, and Klaus Wehrle. 2014. Privacy in the Internet of Things: Threats and challenges. Sec. Commun. Netw. (2014).Google Scholar
Index Terms
- Program Analysis of Commodity IoT Applications for Security and Privacy: Challenges and Opportunities
Recommendations
IoT Security & Privacy: Threats and Challenges
IoTPTS '15: Proceedings of the 1st ACM Workshop on IoT Privacy, Trust, and SecurityThe era of the Internet of Things (IoT) has already started and it will profoundly change our way of life. While IoT provides us many valuable benefits, IoT also exposes us to many different types of security threats in our daily life. Before the advent ...
Towards Secure and Reliable IoT Applications
IoT S&P'19: Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-ThingsThe growth of commodity IoT devices that integrate physical processes with digital systems have changed the way we live, play, and work. Yet existing IoT platforms cannot help programmers evaluate whether their IoT applications are safe and secure, nor ...
Comments