Program Analysis of Commodity IoT Applications for Security and Privacy: Challenges and Opportunities

Authors:
Z. Berkay Celik

Penn State University

Penn State University

0000-0001-7362-8905
View Profile

,
Earlence Fernandes

University of Washington

University of Washington
View Profile

,
Eric Pauley

Penn State University, PA

Penn State University, PA
View Profile

,
Gang Tan

Penn State University, PA

Penn State University, PA
View Profile

,
Patrick McDaniel

Penn State University, PA

Penn State University, PA
View Profile

Authors Info & Claims

ACM Computing Surveys Volume 52 Issue 4Article No.: 74pp 1–30https://doi.org/10.1145/3333501

Published:30 August 2019Publication History

ACM Computing Surveys

Abstract

Recent advances in Internet of Things (IoT) have enabled myriad domains such as smart homes, personal monitoring devices, and enhanced manufacturing. IoT is now pervasive—new applications are being used in nearly every conceivable environment, which leads to the adoption of device-based interaction and automation. However, IoT has also raised issues about the security and privacy of these digitally augmented spaces. Program analysis is crucial in identifying those issues, yet the application and scope of program analysis in IoT remains largely unexplored by the technical community. In this article, we study privacy and security issues in IoT that require program-analysis techniques with an emphasis on identified attacks against these systems and defenses implemented so far. Based on a study of five IoT programming platforms, we identify the key insights that result from research efforts in both the program analysis and security communities and relate the efficacy of program-analysis techniques to security and privacy issues. We conclude by studying recent IoT analysis systems and exploring their implementations. Through these explorations, we highlight key challenges and opportunities in calibrating for the environments in which IoT systems will be used.

References

Abbas Acar, Hossein Fereidooni, Tigist Abera, Amit Kumar Sikder, Markus Miettinen, Hidayet Aksu, Mauro Conti, Ahmad-Reza Sadeghi, and A Selcuk Uluagac. 2018. Peek-a-Boo: I see your smart home activities, even encrypted! Retrieved from: Arxiv Preprint:1808.02741.Google Scholar
SmartThings Inc. 2018. Samsung SmartThings add a little smartness to your things. Retrieved from: https://www.smartthings.com/.Google Scholar
Cedric Adjih, Emmanuel Baccelli, Eric Fleury, Gaetan Harter, Nathalie Mitton, Thomas Noel, Roger Pissard-Gibollet, Frederic Saint-Marcel, Guillaume Schreiner, Julien Vandaele et al. 2015. FIT IoT-LAB: A large-scale open experimental IoT testbed. In Proceedings of the 2nd IEEE World Forum on Internet of Things (WF-IoT’15). Google ScholarDigital Library
Alfred V. Aho, Ravi Sethi, and Jeffrey D. Ullman. 1986. Compilers, Principles, Techniques. Addison Wesley. Google ScholarDigital Library
O. Alrawi, C. Lever, M. Antonakakis, and F. Monrose. 2019. SoK: Security evaluation of home-based IoT deployments. In IEEE Symposium on Security and Privacy (SP’19).Google Scholar
Android Things. 2018. Retrieved from: https://developer.android.com/things/.Google Scholar
IFTTT Santa Detector App. 2018. Retrieved from: https://ifttt.com/applets/170037p-santa-detector.Google Scholar
Apple’s HomeKit. 2018. Retrieved from: https://www.apple.com/ios/home/.Google Scholar
Apple’s HomeKit App Market. 2018. Retrieved from: https://support.apple.com/en-us/HT204893.Google Scholar
Android Things Official Apps. 2018. Retrieved from: https://github.com/androidthings.Google Scholar
Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. FlowDroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM SIGPLAN Notices 49, 6 (2014). Google ScholarDigital Library
Leonardo Babun, Amit Kumar Sikder, Abbas Acar, and A. Selcuk Uluagac. 2018. IoTDots: A Digital Forensics Framework for Smart Environments. Retrieved from: arXiv:arXiv:1809.00745.Google Scholar
Roberto Baldoni, Emilio Coppa, Daniele Cono D’elia, Camil Demetrescu, and Irene Finocchi. 2018. A survey of symbolic execution techniques. ACM Comput. Surv. 51, 3 (2018). Google ScholarDigital Library
Alexandre Bartel, Jacques Klein, Yves Le Traon, and Martin Monperrus. 2012. Dexpler: Converting Android Dalvik bytecode to Jimple for static analysis with Soot. In Proceedings of the ACM SIGPLAN Workshop on State of the Art in Java Program Analysis. Google ScholarDigital Library
Iulia Bastys, Musard Balliu, and Andrei Sabelfeld. 2018. If this then what? Controlling flows in IoT apps. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’18). Google ScholarDigital Library
Eric Bodden. 2012. Inter-procedural data-flow analysis with IFDS/IDE and Soot. In Proceedings of the ACM International Workshop on State of the Art in Java Program Analysis. Google ScholarDigital Library
Cristian Cadar, Patrice Godefroid, Sarfraz Khurshid, Corina S Păsăreanu, Koushik Sen, Nikolai Tillmann, and Willem Visser. 2011. Symbolic execution for software testing in practice: Preliminary assessment. In Proceedings of the International Conference on Software Engineering. Google ScholarDigital Library
Patrick Carter, Collin Mulliner, Martina Lindorfer, William Robertson, and Engin Kirda. 2016. CuriousDroid: Automated user interface interaction for Android application analysis sandboxes. In Proceedings of the International Conference on Financial Cryptography and Data Security.Google Scholar
Z. Berkay Celik, Leonardo Babun, Amit K. Sikder, Hidayet Aksu, Gang Tan, Patrick McDaniel, and A. Selcuk Uluagac. 2018. Sensitive information tracking in commodity IoT. In Proceedings of the USENIX Security Symposium. Google ScholarDigital Library
Z. Berkay Celik, Patrick McDaniel, and Gang Tan. 2018. Soteria: Automated IoT safety and security analysis. In Proceedings of the USENIX Technical Conference (USENIX ATC’18). Google ScholarDigital Library
Z. Berkay Celik, Gang Tan, and Patrick McDaniel. 2019. IoTGuard: Dynamic enforcement of security and safety policy in commodity IoT. In Proceedings of the Network and Distributed System Security Symposium (NDSS’19).Google ScholarCross Ref
Jiongyi Chen, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang, and Kehuan Zhang. 2018. IoTFuzzer: Discovering memory corruptions in IoT through app-based fuzzing. In Proceedings of the Network and Distributed System Security Symposium (NDSS’18).Google ScholarCross Ref
Haotian Chi, Qiang Zeng, Xiaojiang Du, and Jiaping Yu. 2018. Cross-app threats in smart homes: Categorization, detection and handling. Retrieved from: Arxiv Preprint:1808.02125.Google Scholar
Shauvik Roy Choudhary, Alessandra Gorla, and Alessandro Orso. 2015. Automated test input generation for Android: Are we there yet? Retrieved from: Arxiv Preprint:1503.07217.Google Scholar
Edmund M. Clarke and E. Allen Emerson. 1981. Design and synthesis of synchronization skeletons using branching time temporal logic. In Proceedings of the Workshop on Logic of Programs. Google ScholarDigital Library
James Clause, Wanchun Li, and Alessandro Orso. 2007. Dytan: A generic dynamic taint analysis framework. In Proceedings of the ACM International Symposium on Software Testing and Analysis. Google ScholarDigital Library
Paul Comitz and Aaron Kersch. 2016. Aviation analytics and the internet of things. In Integrated Communications Navigation and Surveillance, 2016.Google ScholarCross Ref
Gabriele D’Angelo, Stefano Ferretti, and Vittorio Ghini. 2016. Simulation of the internet of things. In Proceedings of the IEEE International Conference on High Performance Computing 8 Simulation (HPCS’16).Google ScholarCross Ref
Tamara Denning, Tadayoshi Kohno, and Henry M. Levy. 2013. Computer security and the modern home. ACM Commun. 56, 1 (2013). Google ScholarDigital Library
Wenbo Ding and Hongxin Hu. 2018. On the safety of IoT device physical interaction control. In Proceedings of the ACM Computer and Communications Security Conference (CCS’18). Google ScholarDigital Library
Android Sensor API Documentation. 2018. Retrieved from: https://developer.android.com/guide/topics/sensors/sensors_overview.html.Google Scholar
Eclipse Kura Documentation. 2018. Retrieved from: http://eclipse.github.io/kura/.Google Scholar
Google Fit Developer Documentation. 2018. Retrieved from: https://developers.google.com/fit/.Google Scholar
Sven Efftinge, Moritz Eysholdt, Jan Köhnlein, Sebastian Zarnekow, Robert von Massow, Wilhelm Hasselbring, and Michael Hanus. 2012. Xbase: Implementing domain-specific languages for Java. In ACM SIGPLAN Notices, Vol. 48. Google ScholarDigital Library
Leverett Eireann, Richard Clayton, and Ross Anderson. 2017. Standardisation and certification of the internet of things. In Proceedings of the Workshop on the Economics of Information Security (WEIS’17).Google Scholar
William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. 2014. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. 32, 2 (2014). Google ScholarDigital Library
Michael D. Ernst. 2003. Static and dynamic analysis: Synergy and duality. In Proceedings of the Workshop on Dynamic Analysis.Google Scholar
UI/Application Exerciser. 2018. Retrieved from: https://developer.android.com/studio/test/monkey.Google Scholar
Earlence Fernandes, Jaeyeon Jung, and Atul Prakash. 2016. Security analysis of emerging smart home applications. In Proceedings of the IEEE Symposium on Security and Privacy (S8P’16).Google ScholarCross Ref
Earlence Fernandes, Justin Paupore, Amir Rahmati, Daniel Simionato, Mauro Conti, and Atul Prakash. 2016. FlowFence: Practical data protection for emerging IoT application frameworks. In Proceedings of the USENIX Security Symposium. Google ScholarDigital Library
Earlence Fernandes, Amir Rahmati, Kevin Eykholt, and Atul Prakash. 2017. Internet of things security research: A rehash of old ideas or new intellectual challenges? Proceedings of the IEEE Symposium on Security 8 Privacy (S8P’17).Google ScholarDigital Library
Earlence Fernandes, Amir Rahmati, Jaeyeon Jung, and Atul Prakash. 2018. Decentralized action integrity for trigger-action IoT platforms. In Proceedings of the Network and Distributed Systems Symposium (NDSS’18).Google ScholarCross Ref
OpenHAB: Open Source Automation Software for Home. 2018. Retrieved from: https://www.openhab.org/.Google Scholar
SmartThings Community Forum for Third-party Apps. 2018. Retrieved from: https://community.smartthings.com/.Google Scholar
B. Gu, X. Li, G. Li, A. C. Champion, Z. Chen, F. Qin, and D. Xuan. 2013. D2Taint: Differentiated and dynamic information flow tracking on smartphones for numerous data sources. In Proceedings of the IEEE International Conference on Computer Communications (INFOCOM’13).Google Scholar
SmartThings Code Review Guidelines and Best Practices. 2018. Retrieved from: http://docs.smartthings.com/en/latest/code-review-guidelines.html.Google Scholar
Son N. Han, Gyu Myoung Lee, Noel Crespi, Kyongwoo Heo, Nguyen Van Luong, Mihaela Brut, and Patrick Gatellier. 2014. Dpwsim: A simulation toolkit for IoT applications using devices profile for web services. In Proceedings of the IEEE World Forum on Internet of Things (WF-IoT’14).Google ScholarCross Ref
Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus Dürmuth, Earlence Fernandes, and Blase Ur. 2018. Rethinking access control and authentication for the home internet of things (IoT). In Proceedings of the USENIX Security Symposium. Google ScholarDigital Library
Grant Ho, Derek Leung, Pratyush Mishra, Ashkan Hosseini, Dawn Song, and David Wagner. 2016. Smart locks: Lessons for securing commodity Internet of Things devices. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. Google ScholarDigital Library
IFTTT (if this then that). 2018. Retrieved from: https://ifttt.com/.Google Scholar
PTC Industrial IoT. 2018. Retrieved from: https://www.ptc.com/en/about.Google Scholar
Alex Jablokow. 2015. How the IoT helps keep oil and gas pipelines safe, PTC. Accessed on Feb. 15, 2019 from https://www.ptc.com/en/product-lifecycle-report/how-the-iot-helps-keep-oil-and-gas-pipelines-safe.Google Scholar
Ranjit Jhala and Rupak Majumdar. 2009. Software model checking. ACM Comput. Surv. 41, 4 (2009). Google ScholarDigital Library
Yunhan Jack Jia, Qi Alfred Chen, Shiqi Wang, Amir Rahmati, Earlence Fernandes, Z. Morley Mao, Atul Prakash, and Shanghai JiaoTong Unviersity. 2017. ContexIoT: Towards providing contextual integrity to appified IoT platforms. In Proceedings of the Network and Distributed Systems Symposium (NDSS’17).Google ScholarCross Ref
Qi Jing, Athanasios V. Vasilakos, Jiafu Wan, Jingwei Lu, and Dechao Qiu. 2014. Security of the Internet of Things: Perspectives and challenges. Wireless Netw. 20, 8 (2014). Google ScholarDigital Library
Gabor Kecskemeti, Giuliano Casale, Devki Nandan Jha, Justin Lyon, and Rajiv Ranjan. 2017. Modelling and simulation challenges in internet of things. IEEE Cloud Comput. 4, 1 (2017).Google Scholar
Richard Kirk. 2015. Cars of the future: The internet of things in the automotive industry. Netw. Sec. 2015, 9 (2015). Google ScholarDigital Library
Sylvain Kubler, Kary Främling, and Andrea Buda. 2015. A standardized approach to deal with firewall and mobility policies in the IoT. Pervas. Mob. Comput. 20 (2015). https://www.sciencedirect.com/science/article/pii/S1574119214001588. Google ScholarDigital Library
Patrick Lam, Eric Bodden, Ondrej Lhoták, and Laurie Hendren. 2011. The Soot Framework for Java program analysis: A retrospective. In Proceedings of the Cetus Users and Compiler Infrastructure Workshop.Google Scholar
Chris Lattner. 2012. LLVM Compiler Infrastructure Project. The architecture of open source applications PTC. Accessed on Feb. 15, 2019 from https://www.aosabook.org/en/llvm.html.Google Scholar
Maria Lazarte. 2016. Are we safe in the Internet of Things? International Organization for Standardization (September 2016). Retrieved from: https://www.iso.org/news/2016/09/Ref2113.html.Google Scholar
Edward A. Lee, Mehrdad Niknami, Thierry S. Nouidui, and Michael Wetter. 2015. Modeling and simulating cyber-physical systems using CyPhySim. In Proceedings of the International Conference on Embedded Software. Google ScholarDigital Library
Sanghak Lee, Jiwon Choi, Jihun Kim, Beumjin Cho, Sangho Lee, Hanjun Kim, and Jong Kim. 2017. FACT: Functionality-centric access control system for IoT programming frameworks. In Proceedings of the Symposium on Access Control Models and Technologies. Google ScholarDigital Library
Oded Leiba, Yechiav Yitzchak, Ron Bitton, Asaf Nadler, and Asaf Shabtai. 2018. Incentivized delivery network of IoT software updates based on trustless proof-of-distribution. Retrieved from: Arxiv Preprint:1805.04282.Google Scholar
Ondřej Lhoták and Laurie Hendren. 2003. Scaling Java points-to analysis using S park. In Proceedings of the International Conference on Compiler Construction. Springer. Google ScholarDigital Library
Watson Android libraries for Android application analysis. 2018. Retrieved from: https://github.com/wala/WALA.Google Scholar
Ke Mao, Mark Harman, and Yue Jia. 2016. Sapienz: Multi-objective automated testing for Android applications. In Proceedings of the ACM International Symposium on Software Testing and Analysis. Google ScholarDigital Library
IFTTT Platform Size Metrics. 2018. Retrieved from: https://platform.ifttt.com/pricing.Google Scholar
IoTBench A micro-benchmark suite to assess the effectiveness of tools designed for IoT apps. 2018. Retrieved from: https://github.com/IoTBench.Google Scholar
Nicholas Nethercote. 2004. Dynamic Binary Analysis and Instrumentation. Technical Report. University of Cambridge, Computer Laboratory.Google Scholar
Dang Tu Nguyen, Chengyu Song, Zhiyun Qian, Srikanth V. Krishnamurthy, Edward J. M. Colbert, and Patrick McDaniel. 2018. IoTSan: Fortifying the safety of IoT systems. In Proceedings of the ACM International Conference on emerging Networking EXperiments and Technologies (CoNEXT’18). Google ScholarDigital Library
Flemming Nielson, Hanne R. Nielson, and Chris Hankin. 2015. Principles of Program Analysis. Springer. Google Scholar
GroovyCodeVisitor An Implementation of the Groovy Visitor Patterns. 2018. Retrieved from: http://docs.groovy-lang.org/docs.Google Scholar
Temitope Oluwafemi, Tadayoshi Kohno, Sidhant Gupta, and Shwetak Patel. 2013. Experimental security analyses of non-networked compact fluorescent lamps: A case study of home automation security. In Proceedings of the USENIX LASER Workshop.Google Scholar
Mike Orcutt. 2016. Security experts warn congress that the internet of things could kill people. MIT Technol. Rev. (2016). Accessed on Feb. 15, 2019 from https://www.technologyreview.com/s/603015/security-experts-warn-congress-that-the-internet-of-things-could-kill-people.Google Scholar
OpenHAB IoT App Market (Eclipse Market Place). 2018. Retrieved from: https://github.com/openhab/openhab1-addons/wiki/Samples-Rules.Google Scholar
OpenHAB IoT App Market (Eclipse Market Place). 2018. Retrieved from: http://docs.openhab.org/eclipseiotmarket.Google Scholar
Microsoft Flow Automate processes and tasks. 2018. Retrieved from: https://flow.microsoft.com/.Google Scholar
Vaibhav Rastogi, Yan Chen, and William Enck. 2013. AppsPlayground: Automatic security analysis of smartphone applications. In Proceedings of the ACM Conference on Data and Application Security and Privacy. Google ScholarDigital Library
Partha Pratim Ray. 2016. A survey of IoT cloud platforms. Fut. Comput. Inform. J. 1, 1--2 (2016), 35--46.Google ScholarCross Ref
Bradley Reaves, Jasmine Bowers, Sigmund Albert Gorski III, Olabode Anise, Rahul Bobhate, Raymond Cho, Hiranava Das, Sharique Hussain, Hamza Karachiwala, Nolen Scaife et al. 2016. *droid: Assessment and evaluation of Android application analysis tools. ACM Comput. Surv. 49, 3 (2016). Google ScholarDigital Library
SmartThings Official App Repository. 2018. Retrieved from: https://github.com/SmartThingsCommunity.Google Scholar
Rodrigo Roman, Jianying Zhou, and Javier Lopez. 2013. On the features and challenges of security and privacy in distributed Internet of Things. Comput. Netw. 57, 10 (2013). Google ScholarDigital Library
E. Ronen and A. Shamir. 2016. Extended functionality attacks on IoT devices: The case of smart lights. In Proceedings of the IEEE European Symposium on Security and Privacy (Euro S8P’16).Google Scholar
Eyal Ronen, Adi Shamir, Achi-Or Weingarten, and Colin O’Flynn. 2017. IoT goes nuclear: Creating a ZigBee chain reaction. In Proceedings of the IEEE Symposium on Security and Privacy (S8P’17).Google ScholarCross Ref
Edward J. Schwartz, Thanassis Avgerinos, and David Brumley. 2010. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In Proceedings of the IEEE Symposium on Security and Privacy (S8P’10). Google ScholarDigital Library
SmartThings Web service App Overview. 2017. Retrieved from: http://docs.smartthings.com/en/latest/smartapp-web-services-developers-guide/overview.html.Google Scholar
M. Sharir and A. Pnueli. 1981. Two Approaches to Inter-procedural Dataflow Analysis. Computer Science Department, New York University.Google Scholar
Vijay Sivaraman, Hassan Habibi Gharakheili, Arun Vishwanath, Roksana Boreli, and Olivier Mehani. 2015. Network-level security and privacy control for smart-home IoT devices. In Proceedings of the International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob’15).Google ScholarCross Ref
SmartThings Official Developer Documentation. 2018. Retrieved from: http://docs.smartthings.com.Google Scholar
Saleh Soltan, Prateek Mittal, and H. Vincent Poor. 2018. BlackIoT: IoT botnet of high wattage devices can disrupt the power grid. In Proceedings of the USENIX Security Symposium. Google ScholarDigital Library
Manu Sridharan, Satish Chandra, Julian Dolby, Stephen J. Fink, and Eran Yahav. 2013. Alias analysis for object-oriented programs. In Aliasing in Object-Oriented Programming: Types, Analysis and Verification. Springer, 196--232. Google ScholarDigital Library
Milijana Surbatovich, Jassim Aljuraidan, Lujo Bauer, Anupam Das, and Limin Jia. 2017. Some recipes can do more than spoil your appetite: Analyzing the security and privacy risks of IFTTT recipes. In Proceedings of the International Conference on World Wide Web. Google ScholarDigital Library
Harriet Taylor. 2016. How the internet of things could be fatal. Retrieved from: CNBC (March 2016). https://www.cnbc.com/2016/03/04/how-the-internet-of-things-could-be-fatal.html.Google Scholar
IoT Platform Comparison: How the 450 providers stack up. 2018. Retrieved from: https://iot-analytics.com/iot-platform-comparison-how-providers-stack-up/.Google Scholar
The Internet of Things with AWS. 2018. Retrieved from: https://aws.amazon.com/iot/.Google Scholar
Yuan Tian, Nan Zhang, Yueh-Hsun Lin, XiaoFeng Wang, Blase Ur, XianZheng Guo, and Patrick Tague. 2017. SmartAuth: User-centered authorization for the internet of things. In Proceedings of the USENIX Security Symposium. Google ScholarDigital Library
Raja Vallée-Rai, Phong Co, Etienne Gagnon, Laurie Hendren, Patrick Lam, and Vijay Sundaresan. 1999. Soot: A Java bytecode optimization framework. In Proceedings of the 1999 Conference of the Centre for Advanced Studies on Collaborative Research (CASCON'99). IBM Press, 13 pages. http://dl.acm.org/citation.cfm?id=781995.782008. Google ScholarDigital Library
Deepak Vasisht, Zerina Kapetanovic, Jongho Won, Xinxin Jin, Ranveer Chandra, Sudipta N. Sinha, Ashish Kapoor, Madhusudhan Sudarshan, and Sean Stratman. 2017. FarmBeats: An IoT platform for data-driven agriculture. In Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI’17). Google ScholarDigital Library
G. Veerendra. 2016. Hacking Internet of Things (IoT): A Case Study on DTH Vulnerabilities. Technical Report. SecPod.Google Scholar
Timothy Vidas, Jiaqi Tan, Jay Nahata, Chaur Lih Tan, Nicolas Christin, and Patrick Tague. 2014. A5: Automated analysis of adversarial Android applications. In Proceedings of the ACM Workshop on Security and Privacy in Smartphones 8 Mobile Devices. Google ScholarDigital Library
Qi Wang, Wajih Ul Hassan, Adam Bates, and Carl Gunter. 2018. Fear and logging in the internet of things. In Proceedings of the Network and Distributed Systems Symposium (NDSS’18).Google ScholarCross Ref
Olivia Waxman. 2014. Stranger hacks into baby monitor and screams at child. Time Magazine (April 2014).Google Scholar
SmartThings web-based simulator for testing SmartThings apps with virtual devices. 2018. Retrieved from: https://goo.gl/rfTB7e.Google Scholar
Mark Weiser. 1981. Program slicing. In Proceedings of the 5th International Conference on Software Engineering (ICSE'81). IEEE Press, 439--449. http://dl.acm.org/citation.cfm?id=800078.802557 Google ScholarDigital Library
Zapier Automate Workflows. 2018. Retrieved from: https://zapier.com/.Google Scholar
Teng Xu, James B. Wendt, and Miodrag Potkonjak. 2014. Security of IoT systems: Design challenges and opportunities. In Proceedings of the 2014 IEEE/ACM International Conference on Computer-Aided Design. IEEE Press, 417--423. Google ScholarDigital Library
Geng Yang, Li Xie, Matti Mäntysalo, Xiaolin Zhou, Zhibo Pang, Li Da Xu, Sharon Kao-Walter, Qiang Chen, and Li-Rong Zheng. 2014. A health-IoT platform based on the integration of intelligent packaging, unobtrusive bio-sensor, and intelligent medicine box. IEEE Trans. Industr. Inform. 10, 4 (2014).Google Scholar
Apiant Connect your apps automate your business. 2018. Retrieved from: https://apiant.com/.Google Scholar
Tianlong Yu, Vyas Sekar, Srinivasan Seshan, Yuvraj Agarwal, and Chenren Xu. 2015. Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the Internet of Things. In Proceedings of the ACM Workshop on Hot Topics in Networks. Google ScholarDigital Library
Andrea Zanella, Nicola Bui, Angelo Castellani, Lorenzo Vangelista, and Michele Zorzi. 2014. Internet of Things for smart cities. IEEE Int. Things J. 1, 1 (2014), 22--32.Google ScholarCross Ref
Bruno Bogaz Zarpelão, Rodrigo Sanches Miani, Cláudio Toshio Kawakani, and Sean Carlisto de Alvarenga. 2017. A survey of intrusion detection in Internet of Things. J. Netw. Comput. Appl. 84 (2017). Google ScholarDigital Library
Nan Zhang, Soteris Demetriou, Xianghang Mi, Wenrui Diao, Kan Yuan, Peiyuan Zong, Feng Qian, XiaoFeng Wang, Kai Chen, Yuan Tian et al. 2017. Understanding IoT security through the data crystal ball: Where we are now and where we are going to be. Retrieved from: Arxiv Preprint:1703.09809.Google Scholar
David (Yu) Zhu, Jaeyeon Jung, Dawn Song, Tadayoshi Kohno, and David Wetherall. 2011. TaintEraser: Protecting sensitive data leaks using application-level taint tracking. SIGOPS Op. Syst. Rev. 45, 1 (2011). Google ScholarDigital Library
Jan Henrik Ziegeldorf, Oscar Garcia Morchon, and Klaus Wehrle. 2014. Privacy in the Internet of Things: Threats and challenges. Sec. Commun. Netw. (2014).Google Scholar

Index Terms

Program Analysis of Commodity IoT Applications for Security and Privacy: Challenges and Opportunities
1. Security and privacy
  1. Software and application security
2. Software and its engineering
  1. Software organization and properties
    1. Software functional properties
      1. Formal methods
        Automated static analysis
        Dynamic analysis

Recommendations

IoT Security & Privacy: Threats and Challenges
IoTPTS '15: Proceedings of the 1st ACM Workshop on IoT Privacy, Trust, and Security

The era of the Internet of Things (IoT) has already started and it will profoundly change our way of life. While IoT provides us many valuable benefits, IoT also exposes us to many different types of security threats in our daily life. Before the advent ...
Read More
Towards Secure and Reliable IoT Applications
IoT S&P'19: Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-Things

The growth of commodity IoT devices that integrate physical processes with digital systems have changed the way we live, play, and work. Yet existing IoT platforms cannot help programmers evaluate whether their IoT applications are safe and secure, nor ...
Read More
IoT Security: Practical guide book
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Computing Surveys Volume 52, Issue 4
July 2020
769 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/3359984
Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering
Issue’s Table of Contents
Copyright © 2019 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 30 August 2019
- Revised: 1 May 2019
- Accepted: 1 May 2019
- Received: 1 November 2018
Published in csur Volume 52, Issue 4

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
IoT programming platforms
IoT security and privacy
program analysis
Qualifiers
- survey
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 75
  Total Citations
  View Citations
- 4,051
  Total Downloads
- Downloads (Last 12 months)689
- Downloads (Last 6 weeks)87
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

Program Analysis of Commodity IoT Applications for Security and Privacy: Challenges and Opportunities

ACM Computing Surveys

Abstract

References

Cited By

Index Terms

Recommendations

IoT Security & Privacy: Threats and Challenges

Towards Secure and Reliable IoT Applications

IoT Security: Practical guide book