[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
survey
Public Access

Program Analysis of Commodity IoT Applications for Security and Privacy: Challenges and Opportunities

Published: 30 August 2019 Publication History

Abstract

Recent advances in Internet of Things (IoT) have enabled myriad domains such as smart homes, personal monitoring devices, and enhanced manufacturing. IoT is now pervasive—new applications are being used in nearly every conceivable environment, which leads to the adoption of device-based interaction and automation. However, IoT has also raised issues about the security and privacy of these digitally augmented spaces. Program analysis is crucial in identifying those issues, yet the application and scope of program analysis in IoT remains largely unexplored by the technical community. In this article, we study privacy and security issues in IoT that require program-analysis techniques with an emphasis on identified attacks against these systems and defenses implemented so far. Based on a study of five IoT programming platforms, we identify the key insights that result from research efforts in both the program analysis and security communities and relate the efficacy of program-analysis techniques to security and privacy issues. We conclude by studying recent IoT analysis systems and exploring their implementations. Through these explorations, we highlight key challenges and opportunities in calibrating for the environments in which IoT systems will be used.

References

[1]
Abbas Acar, Hossein Fereidooni, Tigist Abera, Amit Kumar Sikder, Markus Miettinen, Hidayet Aksu, Mauro Conti, Ahmad-Reza Sadeghi, and A Selcuk Uluagac. 2018. Peek-a-Boo: I see your smart home activities, even encrypted! Retrieved from: Arxiv Preprint:1808.02741.
[2]
SmartThings Inc. 2018. Samsung SmartThings add a little smartness to your things. Retrieved from: https://www.smartthings.com/.
[3]
Cedric Adjih, Emmanuel Baccelli, Eric Fleury, Gaetan Harter, Nathalie Mitton, Thomas Noel, Roger Pissard-Gibollet, Frederic Saint-Marcel, Guillaume Schreiner, Julien Vandaele et al. 2015. FIT IoT-LAB: A large-scale open experimental IoT testbed. In Proceedings of the 2nd IEEE World Forum on Internet of Things (WF-IoT’15).
[4]
Alfred V. Aho, Ravi Sethi, and Jeffrey D. Ullman. 1986. Compilers, Principles, Techniques. Addison Wesley.
[5]
O. Alrawi, C. Lever, M. Antonakakis, and F. Monrose. 2019. SoK: Security evaluation of home-based IoT deployments. In IEEE Symposium on Security and Privacy (SP’19).
[6]
Android Things. 2018. Retrieved from: https://developer.android.com/things/.
[7]
IFTTT Santa Detector App. 2018. Retrieved from: https://ifttt.com/applets/170037p-santa-detector.
[8]
Apple’s HomeKit. 2018. Retrieved from: https://www.apple.com/ios/home/.
[9]
Apple’s HomeKit App Market. 2018. Retrieved from: https://support.apple.com/en-us/HT204893.
[10]
Android Things Official Apps. 2018. Retrieved from: https://github.com/androidthings.
[11]
Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. FlowDroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM SIGPLAN Notices 49, 6 (2014).
[12]
Leonardo Babun, Amit Kumar Sikder, Abbas Acar, and A. Selcuk Uluagac. 2018. IoTDots: A Digital Forensics Framework for Smart Environments. Retrieved from: arXiv:arXiv:1809.00745.
[13]
Roberto Baldoni, Emilio Coppa, Daniele Cono D’elia, Camil Demetrescu, and Irene Finocchi. 2018. A survey of symbolic execution techniques. ACM Comput. Surv. 51, 3 (2018).
[14]
Alexandre Bartel, Jacques Klein, Yves Le Traon, and Martin Monperrus. 2012. Dexpler: Converting Android Dalvik bytecode to Jimple for static analysis with Soot. In Proceedings of the ACM SIGPLAN Workshop on State of the Art in Java Program Analysis.
[15]
Iulia Bastys, Musard Balliu, and Andrei Sabelfeld. 2018. If this then what? Controlling flows in IoT apps. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’18).
[16]
Eric Bodden. 2012. Inter-procedural data-flow analysis with IFDS/IDE and Soot. In Proceedings of the ACM International Workshop on State of the Art in Java Program Analysis.
[17]
Cristian Cadar, Patrice Godefroid, Sarfraz Khurshid, Corina S Păsăreanu, Koushik Sen, Nikolai Tillmann, and Willem Visser. 2011. Symbolic execution for software testing in practice: Preliminary assessment. In Proceedings of the International Conference on Software Engineering.
[18]
Patrick Carter, Collin Mulliner, Martina Lindorfer, William Robertson, and Engin Kirda. 2016. CuriousDroid: Automated user interface interaction for Android application analysis sandboxes. In Proceedings of the International Conference on Financial Cryptography and Data Security.
[19]
Z. Berkay Celik, Leonardo Babun, Amit K. Sikder, Hidayet Aksu, Gang Tan, Patrick McDaniel, and A. Selcuk Uluagac. 2018. Sensitive information tracking in commodity IoT. In Proceedings of the USENIX Security Symposium.
[20]
Z. Berkay Celik, Patrick McDaniel, and Gang Tan. 2018. Soteria: Automated IoT safety and security analysis. In Proceedings of the USENIX Technical Conference (USENIX ATC’18).
[21]
Z. Berkay Celik, Gang Tan, and Patrick McDaniel. 2019. IoTGuard: Dynamic enforcement of security and safety policy in commodity IoT. In Proceedings of the Network and Distributed System Security Symposium (NDSS’19).
[22]
Jiongyi Chen, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang, and Kehuan Zhang. 2018. IoTFuzzer: Discovering memory corruptions in IoT through app-based fuzzing. In Proceedings of the Network and Distributed System Security Symposium (NDSS’18).
[23]
Haotian Chi, Qiang Zeng, Xiaojiang Du, and Jiaping Yu. 2018. Cross-app threats in smart homes: Categorization, detection and handling. Retrieved from: Arxiv Preprint:1808.02125.
[24]
Shauvik Roy Choudhary, Alessandra Gorla, and Alessandro Orso. 2015. Automated test input generation for Android: Are we there yet? Retrieved from: Arxiv Preprint:1503.07217.
[25]
Edmund M. Clarke and E. Allen Emerson. 1981. Design and synthesis of synchronization skeletons using branching time temporal logic. In Proceedings of the Workshop on Logic of Programs.
[26]
James Clause, Wanchun Li, and Alessandro Orso. 2007. Dytan: A generic dynamic taint analysis framework. In Proceedings of the ACM International Symposium on Software Testing and Analysis.
[27]
Paul Comitz and Aaron Kersch. 2016. Aviation analytics and the internet of things. In Integrated Communications Navigation and Surveillance, 2016.
[28]
Gabriele D’Angelo, Stefano Ferretti, and Vittorio Ghini. 2016. Simulation of the internet of things. In Proceedings of the IEEE International Conference on High Performance Computing 8 Simulation (HPCS’16).
[29]
Tamara Denning, Tadayoshi Kohno, and Henry M. Levy. 2013. Computer security and the modern home. ACM Commun. 56, 1 (2013).
[30]
Wenbo Ding and Hongxin Hu. 2018. On the safety of IoT device physical interaction control. In Proceedings of the ACM Computer and Communications Security Conference (CCS’18).
[31]
Android Sensor API Documentation. 2018. Retrieved from: https://developer.android.com/guide/topics/sensors/sensors_overview.html.
[32]
Eclipse Kura Documentation. 2018. Retrieved from: http://eclipse.github.io/kura/.
[33]
Google Fit Developer Documentation. 2018. Retrieved from: https://developers.google.com/fit/.
[34]
Sven Efftinge, Moritz Eysholdt, Jan Köhnlein, Sebastian Zarnekow, Robert von Massow, Wilhelm Hasselbring, and Michael Hanus. 2012. Xbase: Implementing domain-specific languages for Java. In ACM SIGPLAN Notices, Vol. 48.
[35]
Leverett Eireann, Richard Clayton, and Ross Anderson. 2017. Standardisation and certification of the internet of things. In Proceedings of the Workshop on the Economics of Information Security (WEIS’17).
[36]
William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. 2014. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. 32, 2 (2014).
[37]
Michael D. Ernst. 2003. Static and dynamic analysis: Synergy and duality. In Proceedings of the Workshop on Dynamic Analysis.
[38]
UI/Application Exerciser. 2018. Retrieved from: https://developer.android.com/studio/test/monkey.
[39]
Earlence Fernandes, Jaeyeon Jung, and Atul Prakash. 2016. Security analysis of emerging smart home applications. In Proceedings of the IEEE Symposium on Security and Privacy (S8P’16).
[40]
Earlence Fernandes, Justin Paupore, Amir Rahmati, Daniel Simionato, Mauro Conti, and Atul Prakash. 2016. FlowFence: Practical data protection for emerging IoT application frameworks. In Proceedings of the USENIX Security Symposium.
[41]
Earlence Fernandes, Amir Rahmati, Kevin Eykholt, and Atul Prakash. 2017. Internet of things security research: A rehash of old ideas or new intellectual challenges? Proceedings of the IEEE Symposium on Security 8 Privacy (S8P’17).
[42]
Earlence Fernandes, Amir Rahmati, Jaeyeon Jung, and Atul Prakash. 2018. Decentralized action integrity for trigger-action IoT platforms. In Proceedings of the Network and Distributed Systems Symposium (NDSS’18).
[43]
OpenHAB: Open Source Automation Software for Home. 2018. Retrieved from: https://www.openhab.org/.
[44]
SmartThings Community Forum for Third-party Apps. 2018. Retrieved from: https://community.smartthings.com/.
[45]
B. Gu, X. Li, G. Li, A. C. Champion, Z. Chen, F. Qin, and D. Xuan. 2013. D2Taint: Differentiated and dynamic information flow tracking on smartphones for numerous data sources. In Proceedings of the IEEE International Conference on Computer Communications (INFOCOM’13).
[46]
SmartThings Code Review Guidelines and Best Practices. 2018. Retrieved from: http://docs.smartthings.com/en/latest/code-review-guidelines.html.
[47]
Son N. Han, Gyu Myoung Lee, Noel Crespi, Kyongwoo Heo, Nguyen Van Luong, Mihaela Brut, and Patrick Gatellier. 2014. Dpwsim: A simulation toolkit for IoT applications using devices profile for web services. In Proceedings of the IEEE World Forum on Internet of Things (WF-IoT’14).
[48]
Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus Dürmuth, Earlence Fernandes, and Blase Ur. 2018. Rethinking access control and authentication for the home internet of things (IoT). In Proceedings of the USENIX Security Symposium.
[49]
Grant Ho, Derek Leung, Pratyush Mishra, Ashkan Hosseini, Dawn Song, and David Wagner. 2016. Smart locks: Lessons for securing commodity Internet of Things devices. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security.
[50]
IFTTT (if this then that). 2018. Retrieved from: https://ifttt.com/.
[51]
PTC Industrial IoT. 2018. Retrieved from: https://www.ptc.com/en/about.
[52]
Alex Jablokow. 2015. How the IoT helps keep oil and gas pipelines safe, PTC. Accessed on Feb. 15, 2019 from https://www.ptc.com/en/product-lifecycle-report/how-the-iot-helps-keep-oil-and-gas-pipelines-safe.
[53]
Ranjit Jhala and Rupak Majumdar. 2009. Software model checking. ACM Comput. Surv. 41, 4 (2009).
[54]
Yunhan Jack Jia, Qi Alfred Chen, Shiqi Wang, Amir Rahmati, Earlence Fernandes, Z. Morley Mao, Atul Prakash, and Shanghai JiaoTong Unviersity. 2017. ContexIoT: Towards providing contextual integrity to appified IoT platforms. In Proceedings of the Network and Distributed Systems Symposium (NDSS’17).
[55]
Qi Jing, Athanasios V. Vasilakos, Jiafu Wan, Jingwei Lu, and Dechao Qiu. 2014. Security of the Internet of Things: Perspectives and challenges. Wireless Netw. 20, 8 (2014).
[56]
Gabor Kecskemeti, Giuliano Casale, Devki Nandan Jha, Justin Lyon, and Rajiv Ranjan. 2017. Modelling and simulation challenges in internet of things. IEEE Cloud Comput. 4, 1 (2017).
[57]
Richard Kirk. 2015. Cars of the future: The internet of things in the automotive industry. Netw. Sec. 2015, 9 (2015).
[58]
Sylvain Kubler, Kary Främling, and Andrea Buda. 2015. A standardized approach to deal with firewall and mobility policies in the IoT. Pervas. Mob. Comput. 20 (2015). https://www.sciencedirect.com/science/article/pii/S1574119214001588.
[59]
Patrick Lam, Eric Bodden, Ondrej Lhoták, and Laurie Hendren. 2011. The Soot Framework for Java program analysis: A retrospective. In Proceedings of the Cetus Users and Compiler Infrastructure Workshop.
[60]
Chris Lattner. 2012. LLVM Compiler Infrastructure Project. The architecture of open source applications PTC. Accessed on Feb. 15, 2019 from https://www.aosabook.org/en/llvm.html.
[61]
Maria Lazarte. 2016. Are we safe in the Internet of Things? International Organization for Standardization (September 2016). Retrieved from: https://www.iso.org/news/2016/09/Ref2113.html.
[62]
Edward A. Lee, Mehrdad Niknami, Thierry S. Nouidui, and Michael Wetter. 2015. Modeling and simulating cyber-physical systems using CyPhySim. In Proceedings of the International Conference on Embedded Software.
[63]
Sanghak Lee, Jiwon Choi, Jihun Kim, Beumjin Cho, Sangho Lee, Hanjun Kim, and Jong Kim. 2017. FACT: Functionality-centric access control system for IoT programming frameworks. In Proceedings of the Symposium on Access Control Models and Technologies.
[64]
Oded Leiba, Yechiav Yitzchak, Ron Bitton, Asaf Nadler, and Asaf Shabtai. 2018. Incentivized delivery network of IoT software updates based on trustless proof-of-distribution. Retrieved from: Arxiv Preprint:1805.04282.
[65]
Ondřej Lhoták and Laurie Hendren. 2003. Scaling Java points-to analysis using S park. In Proceedings of the International Conference on Compiler Construction. Springer.
[66]
Watson Android libraries for Android application analysis. 2018. Retrieved from: https://github.com/wala/WALA.
[67]
Ke Mao, Mark Harman, and Yue Jia. 2016. Sapienz: Multi-objective automated testing for Android applications. In Proceedings of the ACM International Symposium on Software Testing and Analysis.
[68]
IFTTT Platform Size Metrics. 2018. Retrieved from: https://platform.ifttt.com/pricing.
[69]
IoTBench A micro-benchmark suite to assess the effectiveness of tools designed for IoT apps. 2018. Retrieved from: https://github.com/IoTBench.
[70]
Nicholas Nethercote. 2004. Dynamic Binary Analysis and Instrumentation. Technical Report. University of Cambridge, Computer Laboratory.
[71]
Dang Tu Nguyen, Chengyu Song, Zhiyun Qian, Srikanth V. Krishnamurthy, Edward J. M. Colbert, and Patrick McDaniel. 2018. IoTSan: Fortifying the safety of IoT systems. In Proceedings of the ACM International Conference on emerging Networking EXperiments and Technologies (CoNEXT’18).
[72]
Flemming Nielson, Hanne R. Nielson, and Chris Hankin. 2015. Principles of Program Analysis. Springer.
[73]
GroovyCodeVisitor An Implementation of the Groovy Visitor Patterns. 2018. Retrieved from: http://docs.groovy-lang.org/docs.
[74]
Temitope Oluwafemi, Tadayoshi Kohno, Sidhant Gupta, and Shwetak Patel. 2013. Experimental security analyses of non-networked compact fluorescent lamps: A case study of home automation security. In Proceedings of the USENIX LASER Workshop.
[75]
Mike Orcutt. 2016. Security experts warn congress that the internet of things could kill people. MIT Technol. Rev. (2016). Accessed on Feb. 15, 2019 from https://www.technologyreview.com/s/603015/security-experts-warn-congress-that-the-internet-of-things-could-kill-people.
[76]
OpenHAB IoT App Market (Eclipse Market Place). 2018. Retrieved from: https://github.com/openhab/openhab1-addons/wiki/Samples-Rules.
[77]
OpenHAB IoT App Market (Eclipse Market Place). 2018. Retrieved from: http://docs.openhab.org/eclipseiotmarket.
[78]
Microsoft Flow Automate processes and tasks. 2018. Retrieved from: https://flow.microsoft.com/.
[79]
Vaibhav Rastogi, Yan Chen, and William Enck. 2013. AppsPlayground: Automatic security analysis of smartphone applications. In Proceedings of the ACM Conference on Data and Application Security and Privacy.
[80]
Partha Pratim Ray. 2016. A survey of IoT cloud platforms. Fut. Comput. Inform. J. 1, 1--2 (2016), 35--46.
[81]
Bradley Reaves, Jasmine Bowers, Sigmund Albert Gorski III, Olabode Anise, Rahul Bobhate, Raymond Cho, Hiranava Das, Sharique Hussain, Hamza Karachiwala, Nolen Scaife et al. 2016. *droid: Assessment and evaluation of Android application analysis tools. ACM Comput. Surv. 49, 3 (2016).
[82]
SmartThings Official App Repository. 2018. Retrieved from: https://github.com/SmartThingsCommunity.
[83]
Rodrigo Roman, Jianying Zhou, and Javier Lopez. 2013. On the features and challenges of security and privacy in distributed Internet of Things. Comput. Netw. 57, 10 (2013).
[84]
E. Ronen and A. Shamir. 2016. Extended functionality attacks on IoT devices: The case of smart lights. In Proceedings of the IEEE European Symposium on Security and Privacy (Euro S8P’16).
[85]
Eyal Ronen, Adi Shamir, Achi-Or Weingarten, and Colin O’Flynn. 2017. IoT goes nuclear: Creating a ZigBee chain reaction. In Proceedings of the IEEE Symposium on Security and Privacy (S8P’17).
[86]
Edward J. Schwartz, Thanassis Avgerinos, and David Brumley. 2010. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In Proceedings of the IEEE Symposium on Security and Privacy (S8P’10).
[87]
SmartThings Web service App Overview. 2017. Retrieved from: http://docs.smartthings.com/en/latest/smartapp-web-services-developers-guide/overview.html.
[88]
M. Sharir and A. Pnueli. 1981. Two Approaches to Inter-procedural Dataflow Analysis. Computer Science Department, New York University.
[89]
Vijay Sivaraman, Hassan Habibi Gharakheili, Arun Vishwanath, Roksana Boreli, and Olivier Mehani. 2015. Network-level security and privacy control for smart-home IoT devices. In Proceedings of the International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob’15).
[90]
SmartThings Official Developer Documentation. 2018. Retrieved from: http://docs.smartthings.com.
[91]
Saleh Soltan, Prateek Mittal, and H. Vincent Poor. 2018. BlackIoT: IoT botnet of high wattage devices can disrupt the power grid. In Proceedings of the USENIX Security Symposium.
[92]
Manu Sridharan, Satish Chandra, Julian Dolby, Stephen J. Fink, and Eran Yahav. 2013. Alias analysis for object-oriented programs. In Aliasing in Object-Oriented Programming: Types, Analysis and Verification. Springer, 196--232.
[93]
Milijana Surbatovich, Jassim Aljuraidan, Lujo Bauer, Anupam Das, and Limin Jia. 2017. Some recipes can do more than spoil your appetite: Analyzing the security and privacy risks of IFTTT recipes. In Proceedings of the International Conference on World Wide Web.
[94]
Harriet Taylor. 2016. How the internet of things could be fatal. Retrieved from: CNBC (March 2016). https://www.cnbc.com/2016/03/04/how-the-internet-of-things-could-be-fatal.html.
[95]
IoT Platform Comparison: How the 450 providers stack up. 2018. Retrieved from: https://iot-analytics.com/iot-platform-comparison-how-providers-stack-up/.
[96]
The Internet of Things with AWS. 2018. Retrieved from: https://aws.amazon.com/iot/.
[97]
Yuan Tian, Nan Zhang, Yueh-Hsun Lin, XiaoFeng Wang, Blase Ur, XianZheng Guo, and Patrick Tague. 2017. SmartAuth: User-centered authorization for the internet of things. In Proceedings of the USENIX Security Symposium.
[98]
Raja Vallée-Rai, Phong Co, Etienne Gagnon, Laurie Hendren, Patrick Lam, and Vijay Sundaresan. 1999. Soot: A Java bytecode optimization framework. In Proceedings of the 1999 Conference of the Centre for Advanced Studies on Collaborative Research (CASCON'99). IBM Press, 13 pages. http://dl.acm.org/citation.cfm?id=781995.782008.
[99]
Deepak Vasisht, Zerina Kapetanovic, Jongho Won, Xinxin Jin, Ranveer Chandra, Sudipta N. Sinha, Ashish Kapoor, Madhusudhan Sudarshan, and Sean Stratman. 2017. FarmBeats: An IoT platform for data-driven agriculture. In Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI’17).
[100]
G. Veerendra. 2016. Hacking Internet of Things (IoT): A Case Study on DTH Vulnerabilities. Technical Report. SecPod.
[101]
Timothy Vidas, Jiaqi Tan, Jay Nahata, Chaur Lih Tan, Nicolas Christin, and Patrick Tague. 2014. A5: Automated analysis of adversarial Android applications. In Proceedings of the ACM Workshop on Security and Privacy in Smartphones 8 Mobile Devices.
[102]
Qi Wang, Wajih Ul Hassan, Adam Bates, and Carl Gunter. 2018. Fear and logging in the internet of things. In Proceedings of the Network and Distributed Systems Symposium (NDSS’18).
[103]
Olivia Waxman. 2014. Stranger hacks into baby monitor and screams at child. Time Magazine (April 2014).
[104]
SmartThings web-based simulator for testing SmartThings apps with virtual devices. 2018. Retrieved from: https://goo.gl/rfTB7e.
[105]
Mark Weiser. 1981. Program slicing. In Proceedings of the 5th International Conference on Software Engineering (ICSE'81). IEEE Press, 439--449. http://dl.acm.org/citation.cfm?id=800078.802557
[106]
Zapier Automate Workflows. 2018. Retrieved from: https://zapier.com/.
[107]
Teng Xu, James B. Wendt, and Miodrag Potkonjak. 2014. Security of IoT systems: Design challenges and opportunities. In Proceedings of the 2014 IEEE/ACM International Conference on Computer-Aided Design. IEEE Press, 417--423.
[108]
Geng Yang, Li Xie, Matti Mäntysalo, Xiaolin Zhou, Zhibo Pang, Li Da Xu, Sharon Kao-Walter, Qiang Chen, and Li-Rong Zheng. 2014. A health-IoT platform based on the integration of intelligent packaging, unobtrusive bio-sensor, and intelligent medicine box. IEEE Trans. Industr. Inform. 10, 4 (2014).
[109]
Apiant Connect your apps automate your business. 2018. Retrieved from: https://apiant.com/.
[110]
Tianlong Yu, Vyas Sekar, Srinivasan Seshan, Yuvraj Agarwal, and Chenren Xu. 2015. Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the Internet of Things. In Proceedings of the ACM Workshop on Hot Topics in Networks.
[111]
Andrea Zanella, Nicola Bui, Angelo Castellani, Lorenzo Vangelista, and Michele Zorzi. 2014. Internet of Things for smart cities. IEEE Int. Things J. 1, 1 (2014), 22--32.
[112]
Bruno Bogaz Zarpelão, Rodrigo Sanches Miani, Cláudio Toshio Kawakani, and Sean Carlisto de Alvarenga. 2017. A survey of intrusion detection in Internet of Things. J. Netw. Comput. Appl. 84 (2017).
[113]
Nan Zhang, Soteris Demetriou, Xianghang Mi, Wenrui Diao, Kan Yuan, Peiyuan Zong, Feng Qian, XiaoFeng Wang, Kai Chen, Yuan Tian et al. 2017. Understanding IoT security through the data crystal ball: Where we are now and where we are going to be. Retrieved from: Arxiv Preprint:1703.09809.
[114]
David (Yu) Zhu, Jaeyeon Jung, Dawn Song, Tadayoshi Kohno, and David Wetherall. 2011. TaintEraser: Protecting sensitive data leaks using application-level taint tracking. SIGOPS Op. Syst. Rev. 45, 1 (2011).
[115]
Jan Henrik Ziegeldorf, Oscar Garcia Morchon, and Klaus Wehrle. 2014. Privacy in the Internet of Things: Threats and challenges. Sec. Commun. Netw. (2014).

Cited By

View all
  • (2024)IOT SECURITY AND SOFTWARE TESTINGYalvaç Akademi Dergisi10.57120/yalvac.14375719:1(26-32)Online publication date: 25-Mar-2024
  • (2024)TXAI-ADV: Trustworthy XAI for Defending AI Models against Adversarial Attacks in Realistic CIoTElectronics10.3390/electronics1309176913:9(1769)Online publication date: 3-May-2024
  • (2024)Security and Privacy Concerns in the Adoption of IoT Smart Homes: A User-Centric AnalysisAmerican Journal of Information Science and Technology10.11648/j.ajist.20240801.118:1(1-14)Online publication date: 19-Mar-2024
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Computing Surveys
ACM Computing Surveys  Volume 52, Issue 4
July 2020
769 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/3359984
  • Editor:
  • Sartaj Sahni
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 August 2019
Accepted: 01 May 2019
Revised: 01 May 2019
Received: 01 November 2018
Published in CSUR Volume 52, Issue 4

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. IoT programming platforms
  2. IoT security and privacy
  3. program analysis

Qualifiers

  • Survey
  • Research
  • Refereed

Funding Sources

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)577
  • Downloads (Last 6 weeks)49
Reflects downloads up to 03 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2024)IOT SECURITY AND SOFTWARE TESTINGYalvaç Akademi Dergisi10.57120/yalvac.14375719:1(26-32)Online publication date: 25-Mar-2024
  • (2024)TXAI-ADV: Trustworthy XAI for Defending AI Models against Adversarial Attacks in Realistic CIoTElectronics10.3390/electronics1309176913:9(1769)Online publication date: 3-May-2024
  • (2024)Security and Privacy Concerns in the Adoption of IoT Smart Homes: A User-Centric AnalysisAmerican Journal of Information Science and Technology10.11648/j.ajist.20240801.118:1(1-14)Online publication date: 19-Mar-2024
  • (2024)IoTWarden: A Deep Reinforcement Learning Based Real-Time Defense System to Mitigate Trigger-Action IoT Attacks2024 IEEE Wireless Communications and Networking Conference (WCNC)10.1109/WCNC57260.2024.10570786(1-6)Online publication date: 21-Apr-2024
  • (2024)Dissecting Operational Cellular IoT Service Security: Attacks and DefensesIEEE/ACM Transactions on Networking10.1109/TNET.2023.331355732:2(1229-1244)Online publication date: Apr-2024
  • (2024)TapChecker: A Lightweight SMT-Based Conflict Analysis for Trigger-Action ProgrammingIEEE Internet of Things Journal10.1109/JIOT.2024.337455611:12(21411-21426)Online publication date: 15-Jun-2024
  • (2024)A Survey on Verification of Security and Safety in IoT SystemsIEEE Access10.1109/ACCESS.2024.341307112(138627-138645)Online publication date: 2024
  • (2024)Behavioral equivalences for AbUTheoretical Computer Science10.1016/j.tcs.2024.114537998:COnline publication date: 1-Jun-2024
  • (2024)Riding the Data Storms: Specifying and Analysing IoT Security Requirements with SURFINGLeveraging Applications of Formal Methods, Verification and Validation. REoCAS Colloquium in Honor of Rocco De Nicola10.1007/978-3-031-73709-1_24(392-408)Online publication date: 27-Oct-2024
  • (2024)Coverage Criteria Based Testing of IoT ApplicationsDistributed Computing and Intelligent Technology10.1007/978-3-031-50583-6_7(101-116)Online publication date: 17-Jan-2024
  • Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Login options

Full Access

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media