More Web Proxy on the site http://driver.im/

survey

Public Access

Program Analysis of Commodity IoT Applications for Security and Privacy: Challenges and Opportunities

Authors:

Z. Berkay Celik,

Earlence Fernandes,

Patrick McDanielAuthors Info & Claims

ACM Computing Surveys (CSUR), Volume 52, Issue 4

Article No.: 74, Pages 1 - 30

https://doi.org/10.1145/3333501

Published: 30 August 2019 Publication History

All formats PDF

Abstract

Recent advances in Internet of Things (IoT) have enabled myriad domains such as smart homes, personal monitoring devices, and enhanced manufacturing. IoT is now pervasive—new applications are being used in nearly every conceivable environment, which leads to the adoption of device-based interaction and automation. However, IoT has also raised issues about the security and privacy of these digitally augmented spaces. Program analysis is crucial in identifying those issues, yet the application and scope of program analysis in IoT remains largely unexplored by the technical community. In this article, we study privacy and security issues in IoT that require program-analysis techniques with an emphasis on identified attacks against these systems and defenses implemented so far. Based on a study of five IoT programming platforms, we identify the key insights that result from research efforts in both the program analysis and security communities and relate the efficacy of program-analysis techniques to security and privacy issues. We conclude by studying recent IoT analysis systems and exploring their implementations. Through these explorations, we highlight key challenges and opportunities in calibrating for the environments in which IoT systems will be used.

References

[1]

Abbas Acar, Hossein Fereidooni, Tigist Abera, Amit Kumar Sikder, Markus Miettinen, Hidayet Aksu, Mauro Conti, Ahmad-Reza Sadeghi, and A Selcuk Uluagac. 2018. Peek-a-Boo: I see your smart home activities, even encrypted! Retrieved from: Arxiv Preprint:1808.02741.

[2]

SmartThings Inc. 2018. Samsung SmartThings add a little smartness to your things. Retrieved from: https://www.smartthings.com/.

[3]

Cedric Adjih, Emmanuel Baccelli, Eric Fleury, Gaetan Harter, Nathalie Mitton, Thomas Noel, Roger Pissard-Gibollet, Frederic Saint-Marcel, Guillaume Schreiner, Julien Vandaele et al. 2015. FIT IoT-LAB: A large-scale open experimental IoT testbed. In Proceedings of the 2nd IEEE World Forum on Internet of Things (WF-IoT’15).

Digital Library

[4]

Alfred V. Aho, Ravi Sethi, and Jeffrey D. Ullman. 1986. Compilers, Principles, Techniques. Addison Wesley.

Digital Library

[5]

O. Alrawi, C. Lever, M. Antonakakis, and F. Monrose. 2019. SoK: Security evaluation of home-based IoT deployments. In IEEE Symposium on Security and Privacy (SP’19).

[6]

Android Things. 2018. Retrieved from: https://developer.android.com/things/.

[7]

IFTTT Santa Detector App. 2018. Retrieved from: https://ifttt.com/applets/170037p-santa-detector.

[8]

Apple’s HomeKit. 2018. Retrieved from: https://www.apple.com/ios/home/.

[9]

Apple’s HomeKit App Market. 2018. Retrieved from: https://support.apple.com/en-us/HT204893.

[10]

Android Things Official Apps. 2018. Retrieved from: https://github.com/androidthings.

[11]

Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. FlowDroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM SIGPLAN Notices 49, 6 (2014).

Digital Library

[12]

Leonardo Babun, Amit Kumar Sikder, Abbas Acar, and A. Selcuk Uluagac. 2018. IoTDots: A Digital Forensics Framework for Smart Environments. Retrieved from: arXiv:arXiv:1809.00745.

[13]

Roberto Baldoni, Emilio Coppa, Daniele Cono D’elia, Camil Demetrescu, and Irene Finocchi. 2018. A survey of symbolic execution techniques. ACM Comput. Surv. 51, 3 (2018).

Digital Library

[14]

Alexandre Bartel, Jacques Klein, Yves Le Traon, and Martin Monperrus. 2012. Dexpler: Converting Android Dalvik bytecode to Jimple for static analysis with Soot. In Proceedings of the ACM SIGPLAN Workshop on State of the Art in Java Program Analysis.

Digital Library

[15]

Iulia Bastys, Musard Balliu, and Andrei Sabelfeld. 2018. If this then what? Controlling flows in IoT apps. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’18).

Digital Library

[16]

Eric Bodden. 2012. Inter-procedural data-flow analysis with IFDS/IDE and Soot. In Proceedings of the ACM International Workshop on State of the Art in Java Program Analysis.

Digital Library

[17]

Cristian Cadar, Patrice Godefroid, Sarfraz Khurshid, Corina S Păsăreanu, Koushik Sen, Nikolai Tillmann, and Willem Visser. 2011. Symbolic execution for software testing in practice: Preliminary assessment. In Proceedings of the International Conference on Software Engineering.

Digital Library

[18]

Patrick Carter, Collin Mulliner, Martina Lindorfer, William Robertson, and Engin Kirda. 2016. CuriousDroid: Automated user interface interaction for Android application analysis sandboxes. In Proceedings of the International Conference on Financial Cryptography and Data Security.

[19]

Z. Berkay Celik, Leonardo Babun, Amit K. Sikder, Hidayet Aksu, Gang Tan, Patrick McDaniel, and A. Selcuk Uluagac. 2018. Sensitive information tracking in commodity IoT. In Proceedings of the USENIX Security Symposium.

Digital Library

[20]

Z. Berkay Celik, Patrick McDaniel, and Gang Tan. 2018. Soteria: Automated IoT safety and security analysis. In Proceedings of the USENIX Technical Conference (USENIX ATC’18).

Digital Library

[21]

Z. Berkay Celik, Gang Tan, and Patrick McDaniel. 2019. IoTGuard: Dynamic enforcement of security and safety policy in commodity IoT. In Proceedings of the Network and Distributed System Security Symposium (NDSS’19).

[22]

Jiongyi Chen, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang, and Kehuan Zhang. 2018. IoTFuzzer: Discovering memory corruptions in IoT through app-based fuzzing. In Proceedings of the Network and Distributed System Security Symposium (NDSS’18).

[23]

Haotian Chi, Qiang Zeng, Xiaojiang Du, and Jiaping Yu. 2018. Cross-app threats in smart homes: Categorization, detection and handling. Retrieved from: Arxiv Preprint:1808.02125.

[24]

Shauvik Roy Choudhary, Alessandra Gorla, and Alessandro Orso. 2015. Automated test input generation for Android: Are we there yet? Retrieved from: Arxiv Preprint:1503.07217.

[25]

Edmund M. Clarke and E. Allen Emerson. 1981. Design and synthesis of synchronization skeletons using branching time temporal logic. In Proceedings of the Workshop on Logic of Programs.

Digital Library

[26]

James Clause, Wanchun Li, and Alessandro Orso. 2007. Dytan: A generic dynamic taint analysis framework. In Proceedings of the ACM International Symposium on Software Testing and Analysis.

Digital Library

[27]

Paul Comitz and Aaron Kersch. 2016. Aviation analytics and the internet of things. In Integrated Communications Navigation and Surveillance, 2016.

[28]

Gabriele D’Angelo, Stefano Ferretti, and Vittorio Ghini. 2016. Simulation of the internet of things. In Proceedings of the IEEE International Conference on High Performance Computing 8 Simulation (HPCS’16).

[29]

Tamara Denning, Tadayoshi Kohno, and Henry M. Levy. 2013. Computer security and the modern home. ACM Commun. 56, 1 (2013).

Digital Library

[30]

Wenbo Ding and Hongxin Hu. 2018. On the safety of IoT device physical interaction control. In Proceedings of the ACM Computer and Communications Security Conference (CCS’18).

Digital Library

[31]

Android Sensor API Documentation. 2018. Retrieved from: https://developer.android.com/guide/topics/sensors/sensors_overview.html.

[32]

Eclipse Kura Documentation. 2018. Retrieved from: http://eclipse.github.io/kura/.

[33]

Google Fit Developer Documentation. 2018. Retrieved from: https://developers.google.com/fit/.

[34]

Sven Efftinge, Moritz Eysholdt, Jan Köhnlein, Sebastian Zarnekow, Robert von Massow, Wilhelm Hasselbring, and Michael Hanus. 2012. Xbase: Implementing domain-specific languages for Java. In ACM SIGPLAN Notices, Vol. 48.

Digital Library

[35]

Leverett Eireann, Richard Clayton, and Ross Anderson. 2017. Standardisation and certification of the internet of things. In Proceedings of the Workshop on the Economics of Information Security (WEIS’17).

[36]

William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. 2014. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. 32, 2 (2014).

Digital Library

[37]

Michael D. Ernst. 2003. Static and dynamic analysis: Synergy and duality. In Proceedings of the Workshop on Dynamic Analysis.

[38]

UI/Application Exerciser. 2018. Retrieved from: https://developer.android.com/studio/test/monkey.

[39]

Earlence Fernandes, Jaeyeon Jung, and Atul Prakash. 2016. Security analysis of emerging smart home applications. In Proceedings of the IEEE Symposium on Security and Privacy (S8P’16).

[40]

Earlence Fernandes, Justin Paupore, Amir Rahmati, Daniel Simionato, Mauro Conti, and Atul Prakash. 2016. FlowFence: Practical data protection for emerging IoT application frameworks. In Proceedings of the USENIX Security Symposium.

Digital Library

[41]

Earlence Fernandes, Amir Rahmati, Kevin Eykholt, and Atul Prakash. 2017. Internet of things security research: A rehash of old ideas or new intellectual challenges? Proceedings of the IEEE Symposium on Security 8 Privacy (S8P’17).

Digital Library

[42]

Earlence Fernandes, Amir Rahmati, Jaeyeon Jung, and Atul Prakash. 2018. Decentralized action integrity for trigger-action IoT platforms. In Proceedings of the Network and Distributed Systems Symposium (NDSS’18).

[43]

OpenHAB: Open Source Automation Software for Home. 2018. Retrieved from: https://www.openhab.org/.

[44]

SmartThings Community Forum for Third-party Apps. 2018. Retrieved from: https://community.smartthings.com/.

[45]

B. Gu, X. Li, G. Li, A. C. Champion, Z. Chen, F. Qin, and D. Xuan. 2013. D2Taint: Differentiated and dynamic information flow tracking on smartphones for numerous data sources. In Proceedings of the IEEE International Conference on Computer Communications (INFOCOM’13).

[46]

SmartThings Code Review Guidelines and Best Practices. 2018. Retrieved from: http://docs.smartthings.com/en/latest/code-review-guidelines.html.

[47]

Son N. Han, Gyu Myoung Lee, Noel Crespi, Kyongwoo Heo, Nguyen Van Luong, Mihaela Brut, and Patrick Gatellier. 2014. Dpwsim: A simulation toolkit for IoT applications using devices profile for web services. In Proceedings of the IEEE World Forum on Internet of Things (WF-IoT’14).

[48]

Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus Dürmuth, Earlence Fernandes, and Blase Ur. 2018. Rethinking access control and authentication for the home internet of things (IoT). In Proceedings of the USENIX Security Symposium.

Digital Library

[49]

Grant Ho, Derek Leung, Pratyush Mishra, Ashkan Hosseini, Dawn Song, and David Wagner. 2016. Smart locks: Lessons for securing commodity Internet of Things devices. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security.

Digital Library

[50]

IFTTT (if this then that). 2018. Retrieved from: https://ifttt.com/.

[51]

PTC Industrial IoT. 2018. Retrieved from: https://www.ptc.com/en/about.

[52]

Alex Jablokow. 2015. How the IoT helps keep oil and gas pipelines safe, PTC. Accessed on Feb. 15, 2019 from https://www.ptc.com/en/product-lifecycle-report/how-the-iot-helps-keep-oil-and-gas-pipelines-safe.

[53]

Ranjit Jhala and Rupak Majumdar. 2009. Software model checking. ACM Comput. Surv. 41, 4 (2009).

Digital Library

[54]

Yunhan Jack Jia, Qi Alfred Chen, Shiqi Wang, Amir Rahmati, Earlence Fernandes, Z. Morley Mao, Atul Prakash, and Shanghai JiaoTong Unviersity. 2017. ContexIoT: Towards providing contextual integrity to appified IoT platforms. In Proceedings of the Network and Distributed Systems Symposium (NDSS’17).

[55]

Qi Jing, Athanasios V. Vasilakos, Jiafu Wan, Jingwei Lu, and Dechao Qiu. 2014. Security of the Internet of Things: Perspectives and challenges. Wireless Netw. 20, 8 (2014).

Digital Library

[56]

Gabor Kecskemeti, Giuliano Casale, Devki Nandan Jha, Justin Lyon, and Rajiv Ranjan. 2017. Modelling and simulation challenges in internet of things. IEEE Cloud Comput. 4, 1 (2017).

[57]

Richard Kirk. 2015. Cars of the future: The internet of things in the automotive industry. Netw. Sec. 2015, 9 (2015).

Digital Library

[58]

Sylvain Kubler, Kary Främling, and Andrea Buda. 2015. A standardized approach to deal with firewall and mobility policies in the IoT. Pervas. Mob. Comput. 20 (2015). https://www.sciencedirect.com/science/article/pii/S1574119214001588.

Digital Library

[59]

Patrick Lam, Eric Bodden, Ondrej Lhoták, and Laurie Hendren. 2011. The Soot Framework for Java program analysis: A retrospective. In Proceedings of the Cetus Users and Compiler Infrastructure Workshop.

[60]

Chris Lattner. 2012. LLVM Compiler Infrastructure Project. The architecture of open source applications PTC. Accessed on Feb. 15, 2019 from https://www.aosabook.org/en/llvm.html.

[61]

Maria Lazarte. 2016. Are we safe in the Internet of Things? International Organization for Standardization (September 2016). Retrieved from: https://www.iso.org/news/2016/09/Ref2113.html.

[62]

Edward A. Lee, Mehrdad Niknami, Thierry S. Nouidui, and Michael Wetter. 2015. Modeling and simulating cyber-physical systems using CyPhySim. In Proceedings of the International Conference on Embedded Software.

Digital Library

[63]

Sanghak Lee, Jiwon Choi, Jihun Kim, Beumjin Cho, Sangho Lee, Hanjun Kim, and Jong Kim. 2017. FACT: Functionality-centric access control system for IoT programming frameworks. In Proceedings of the Symposium on Access Control Models and Technologies.

Digital Library

[64]

Oded Leiba, Yechiav Yitzchak, Ron Bitton, Asaf Nadler, and Asaf Shabtai. 2018. Incentivized delivery network of IoT software updates based on trustless proof-of-distribution. Retrieved from: Arxiv Preprint:1805.04282.

[65]

Ondřej Lhoták and Laurie Hendren. 2003. Scaling Java points-to analysis using S park. In Proceedings of the International Conference on Compiler Construction. Springer.

Digital Library

[66]

Watson Android libraries for Android application analysis. 2018. Retrieved from: https://github.com/wala/WALA.

[67]

Ke Mao, Mark Harman, and Yue Jia. 2016. Sapienz: Multi-objective automated testing for Android applications. In Proceedings of the ACM International Symposium on Software Testing and Analysis.

Digital Library

[68]

IFTTT Platform Size Metrics. 2018. Retrieved from: https://platform.ifttt.com/pricing.

[69]

IoTBench A micro-benchmark suite to assess the effectiveness of tools designed for IoT apps. 2018. Retrieved from: https://github.com/IoTBench.

[70]

Nicholas Nethercote. 2004. Dynamic Binary Analysis and Instrumentation. Technical Report. University of Cambridge, Computer Laboratory.

[71]

Dang Tu Nguyen, Chengyu Song, Zhiyun Qian, Srikanth V. Krishnamurthy, Edward J. M. Colbert, and Patrick McDaniel. 2018. IoTSan: Fortifying the safety of IoT systems. In Proceedings of the ACM International Conference on emerging Networking EXperiments and Technologies (CoNEXT’18).

Digital Library

[72]

Flemming Nielson, Hanne R. Nielson, and Chris Hankin. 2015. Principles of Program Analysis. Springer.

[73]

GroovyCodeVisitor An Implementation of the Groovy Visitor Patterns. 2018. Retrieved from: http://docs.groovy-lang.org/docs.

[74]

Temitope Oluwafemi, Tadayoshi Kohno, Sidhant Gupta, and Shwetak Patel. 2013. Experimental security analyses of non-networked compact fluorescent lamps: A case study of home automation security. In Proceedings of the USENIX LASER Workshop.

[75]

Mike Orcutt. 2016. Security experts warn congress that the internet of things could kill people. MIT Technol. Rev. (2016). Accessed on Feb. 15, 2019 from https://www.technologyreview.com/s/603015/security-experts-warn-congress-that-the-internet-of-things-could-kill-people.

[76]

OpenHAB IoT App Market (Eclipse Market Place). 2018. Retrieved from: https://github.com/openhab/openhab1-addons/wiki/Samples-Rules.

[77]

OpenHAB IoT App Market (Eclipse Market Place). 2018. Retrieved from: http://docs.openhab.org/eclipseiotmarket.

[78]

Microsoft Flow Automate processes and tasks. 2018. Retrieved from: https://flow.microsoft.com/.

[79]

Vaibhav Rastogi, Yan Chen, and William Enck. 2013. AppsPlayground: Automatic security analysis of smartphone applications. In Proceedings of the ACM Conference on Data and Application Security and Privacy.

Digital Library

[80]

Partha Pratim Ray. 2016. A survey of IoT cloud platforms. Fut. Comput. Inform. J. 1, 1--2 (2016), 35--46.

[81]

Bradley Reaves, Jasmine Bowers, Sigmund Albert Gorski III, Olabode Anise, Rahul Bobhate, Raymond Cho, Hiranava Das, Sharique Hussain, Hamza Karachiwala, Nolen Scaife et al. 2016. *droid: Assessment and evaluation of Android application analysis tools. ACM Comput. Surv. 49, 3 (2016).

Digital Library

[82]

SmartThings Official App Repository. 2018. Retrieved from: https://github.com/SmartThingsCommunity.

[83]

Rodrigo Roman, Jianying Zhou, and Javier Lopez. 2013. On the features and challenges of security and privacy in distributed Internet of Things. Comput. Netw. 57, 10 (2013).

Digital Library

[84]

E. Ronen and A. Shamir. 2016. Extended functionality attacks on IoT devices: The case of smart lights. In Proceedings of the IEEE European Symposium on Security and Privacy (Euro S8P’16).

[85]

Eyal Ronen, Adi Shamir, Achi-Or Weingarten, and Colin O’Flynn. 2017. IoT goes nuclear: Creating a ZigBee chain reaction. In Proceedings of the IEEE Symposium on Security and Privacy (S8P’17).

[86]

Edward J. Schwartz, Thanassis Avgerinos, and David Brumley. 2010. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In Proceedings of the IEEE Symposium on Security and Privacy (S8P’10).

Digital Library

[87]

SmartThings Web service App Overview. 2017. Retrieved from: http://docs.smartthings.com/en/latest/smartapp-web-services-developers-guide/overview.html.

[88]

M. Sharir and A. Pnueli. 1981. Two Approaches to Inter-procedural Dataflow Analysis. Computer Science Department, New York University.

[89]

Vijay Sivaraman, Hassan Habibi Gharakheili, Arun Vishwanath, Roksana Boreli, and Olivier Mehani. 2015. Network-level security and privacy control for smart-home IoT devices. In Proceedings of the International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob’15).

[90]

SmartThings Official Developer Documentation. 2018. Retrieved from: http://docs.smartthings.com.

[91]

Saleh Soltan, Prateek Mittal, and H. Vincent Poor. 2018. BlackIoT: IoT botnet of high wattage devices can disrupt the power grid. In Proceedings of the USENIX Security Symposium.

Digital Library

[92]

Manu Sridharan, Satish Chandra, Julian Dolby, Stephen J. Fink, and Eran Yahav. 2013. Alias analysis for object-oriented programs. In Aliasing in Object-Oriented Programming: Types, Analysis and Verification. Springer, 196--232.

Digital Library

[93]

Milijana Surbatovich, Jassim Aljuraidan, Lujo Bauer, Anupam Das, and Limin Jia. 2017. Some recipes can do more than spoil your appetite: Analyzing the security and privacy risks of IFTTT recipes. In Proceedings of the International Conference on World Wide Web.

Digital Library

[94]

Harriet Taylor. 2016. How the internet of things could be fatal. Retrieved from: CNBC (March 2016). https://www.cnbc.com/2016/03/04/how-the-internet-of-things-could-be-fatal.html.

[95]

IoT Platform Comparison: How the 450 providers stack up. 2018. Retrieved from: https://iot-analytics.com/iot-platform-comparison-how-providers-stack-up/.

[96]

The Internet of Things with AWS. 2018. Retrieved from: https://aws.amazon.com/iot/.

[97]

Yuan Tian, Nan Zhang, Yueh-Hsun Lin, XiaoFeng Wang, Blase Ur, XianZheng Guo, and Patrick Tague. 2017. SmartAuth: User-centered authorization for the internet of things. In Proceedings of the USENIX Security Symposium.

Digital Library

[98]

Raja Vallée-Rai, Phong Co, Etienne Gagnon, Laurie Hendren, Patrick Lam, and Vijay Sundaresan. 1999. Soot: A Java bytecode optimization framework. In Proceedings of the 1999 Conference of the Centre for Advanced Studies on Collaborative Research (CASCON'99). IBM Press, 13 pages. http://dl.acm.org/citation.cfm?id=781995.782008.

Digital Library

[99]

Deepak Vasisht, Zerina Kapetanovic, Jongho Won, Xinxin Jin, Ranveer Chandra, Sudipta N. Sinha, Ashish Kapoor, Madhusudhan Sudarshan, and Sean Stratman. 2017. FarmBeats: An IoT platform for data-driven agriculture. In Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI’17).

Digital Library

[100]

G. Veerendra. 2016. Hacking Internet of Things (IoT): A Case Study on DTH Vulnerabilities. Technical Report. SecPod.

[101]

Timothy Vidas, Jiaqi Tan, Jay Nahata, Chaur Lih Tan, Nicolas Christin, and Patrick Tague. 2014. A5: Automated analysis of adversarial Android applications. In Proceedings of the ACM Workshop on Security and Privacy in Smartphones 8 Mobile Devices.

Digital Library

[102]

Qi Wang, Wajih Ul Hassan, Adam Bates, and Carl Gunter. 2018. Fear and logging in the internet of things. In Proceedings of the Network and Distributed Systems Symposium (NDSS’18).

[103]

Olivia Waxman. 2014. Stranger hacks into baby monitor and screams at child. Time Magazine (April 2014).

[104]

SmartThings web-based simulator for testing SmartThings apps with virtual devices. 2018. Retrieved from: https://goo.gl/rfTB7e.

[105]

Mark Weiser. 1981. Program slicing. In Proceedings of the 5th International Conference on Software Engineering (ICSE'81). IEEE Press, 439--449. http://dl.acm.org/citation.cfm?id=800078.802557

Digital Library

[106]

Zapier Automate Workflows. 2018. Retrieved from: https://zapier.com/.

[107]

Teng Xu, James B. Wendt, and Miodrag Potkonjak. 2014. Security of IoT systems: Design challenges and opportunities. In Proceedings of the 2014 IEEE/ACM International Conference on Computer-Aided Design. IEEE Press, 417--423.

Digital Library

[108]

Geng Yang, Li Xie, Matti Mäntysalo, Xiaolin Zhou, Zhibo Pang, Li Da Xu, Sharon Kao-Walter, Qiang Chen, and Li-Rong Zheng. 2014. A health-IoT platform based on the integration of intelligent packaging, unobtrusive bio-sensor, and intelligent medicine box. IEEE Trans. Industr. Inform. 10, 4 (2014).

[109]

Apiant Connect your apps automate your business. 2018. Retrieved from: https://apiant.com/.

[110]

Tianlong Yu, Vyas Sekar, Srinivasan Seshan, Yuvraj Agarwal, and Chenren Xu. 2015. Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the Internet of Things. In Proceedings of the ACM Workshop on Hot Topics in Networks.

Digital Library

[111]

Andrea Zanella, Nicola Bui, Angelo Castellani, Lorenzo Vangelista, and Michele Zorzi. 2014. Internet of Things for smart cities. IEEE Int. Things J. 1, 1 (2014), 22--32.

[112]

Bruno Bogaz Zarpelão, Rodrigo Sanches Miani, Cláudio Toshio Kawakani, and Sean Carlisto de Alvarenga. 2017. A survey of intrusion detection in Internet of Things. J. Netw. Comput. Appl. 84 (2017).

Digital Library

[113]

Nan Zhang, Soteris Demetriou, Xianghang Mi, Wenrui Diao, Kan Yuan, Peiyuan Zong, Feng Qian, XiaoFeng Wang, Kai Chen, Yuan Tian et al. 2017. Understanding IoT security through the data crystal ball: Where we are now and where we are going to be. Retrieved from: Arxiv Preprint:1703.09809.

[114]

David (Yu) Zhu, Jaeyeon Jung, Dawn Song, Tadayoshi Kohno, and David Wetherall. 2011. TaintEraser: Protecting sensitive data leaks using application-level taint tracking. SIGOPS Op. Syst. Rev. 45, 1 (2011).

Digital Library

[115]

Jan Henrik Ziegeldorf, Oscar Garcia Morchon, and Klaus Wehrle. 2014. Privacy in the Internet of Things: Threats and challenges. Sec. Commun. Netw. (2014).

Cited By

Çetlenbik OSüzen ADuman B(2024)IOT SECURITY AND SOFTWARE TESTINGYalvaç Akademi Dergisi10.57120/yalvac.14375719:1(26-32)Online publication date: 25-Mar-2024
https://doi.org/10.57120/yalvac.1437571
Ojo SKrichen MAlamro MMihoub A(2024)TXAI-ADV: Trustworthy XAI for Defending AI Models against Adversarial Attacks in Realistic CIoTElectronics10.3390/electronics1309176913:9(1769)Online publication date: 3-May-2024
https://doi.org/10.3390/electronics13091769
Magara TZhou Y(2024)Security and Privacy Concerns in the Adoption of IoT Smart Homes: A User-Centric AnalysisAmerican Journal of Information Science and Technology10.11648/j.ajist.20240801.118:1(1-14)Online publication date: 19-Mar-2024
https://doi.org/10.11648/j.ajist.20240801.11
Show More Cited By

Index Terms

Program Analysis of Commodity IoT Applications for Security and Privacy: Challenges and Opportunities
1. Security and privacy
  1. Software and application security
2. Software and its engineering
  1. Software organization and properties
    1. Software functional properties
      1. Formal methods
        Automated static analysis
        Dynamic analysis

Recommendations

IoT Security & Privacy: Threats and Challenges
IoTPTS '15: Proceedings of the 1st ACM Workshop on IoT Privacy, Trust, and Security

The era of the Internet of Things (IoT) has already started and it will profoundly change our way of life. While IoT provides us many valuable benefits, IoT also exposes us to many different types of security threats in our daily life. Before the advent ...
Towards Secure and Reliable IoT Applications
IoT S&P'19: Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-Things

The growth of commodity IoT devices that integrate physical processes with digital systems have changed the way we live, play, and work. Yet existing IoT platforms cannot help programmers evaluate whether their IoT applications are safe and secure, nor ...
IoT Security: Practical guide book

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Computing Surveys

ACM Computing Surveys Volume 52, Issue 4

July 2020

769 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/3359984

Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering

Issue’s Table of Contents

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 August 2019

Accepted: 01 May 2019

Revised: 01 May 2019

Received: 01 November 2018

Published in CSUR Volume 52, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Survey
Research
Refereed

Funding Sources

National Science Foundation
Army Research Laboratory
University of Washington Tech Policy Lab and the MacArthur Foundation.

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

81
Total Citations
View Citations
4,351
Total Downloads

Downloads (Last 12 months)576
Downloads (Last 6 weeks)52

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Çetlenbik OSüzen ADuman B(2024)IOT SECURITY AND SOFTWARE TESTINGYalvaç Akademi Dergisi10.57120/yalvac.14375719:1(26-32)Online publication date: 25-Mar-2024
https://doi.org/10.57120/yalvac.1437571
Ojo SKrichen MAlamro MMihoub A(2024)TXAI-ADV: Trustworthy XAI for Defending AI Models against Adversarial Attacks in Realistic CIoTElectronics10.3390/electronics1309176913:9(1769)Online publication date: 3-May-2024
https://doi.org/10.3390/electronics13091769
Magara TZhou Y(2024)Security and Privacy Concerns in the Adoption of IoT Smart Homes: A User-Centric AnalysisAmerican Journal of Information Science and Technology10.11648/j.ajist.20240801.118:1(1-14)Online publication date: 19-Mar-2024
https://doi.org/10.11648/j.ajist.20240801.11
Alam MJahan IWang W(2024)IoTWarden: A Deep Reinforcement Learning Based Real-Time Defense System to Mitigate Trigger-Action IoT Attacks2024 IEEE Wireless Communications and Networking Conference (WCNC)10.1109/WCNC57260.2024.10570786(1-6)Online publication date: 21-Apr-2024
https://doi.org/10.1109/WCNC57260.2024.10570786
Wang SXie TChen MTu GLi CLei XChou PHsieh FHu YXiao LPeng C(2024)Dissecting Operational Cellular IoT Service Security: Attacks and DefensesIEEE/ACM Transactions on Networking10.1109/TNET.2023.331355732:2(1229-1244)Online publication date: Apr-2024
https://doi.org/10.1109/TNET.2023.3313557
Chen LWang CChen CHuang CChen XZhang M(2024)TapChecker: A Lightweight SMT-Based Conflict Analysis for Trigger-Action ProgrammingIEEE Internet of Things Journal10.1109/JIOT.2024.337455611:12(21411-21426)Online publication date: 15-Jun-2024
https://doi.org/10.1109/JIOT.2024.3374556
Abuserrieh LAlalfi M(2024)A Survey on Verification of Security and Safety in IoT SystemsIEEE Access10.1109/ACCESS.2024.341307112(138627-138645)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3413071
Pasqua MMiculan M(2024)Behavioral equivalences for AbUTheoretical Computer Science10.1016/j.tcs.2024.114537998:COnline publication date: 1-Jun-2024
https://dl.acm.org/doi/10.1016/j.tcs.2024.114537
Rubino FBodei CFerrari G(2024)Riding the Data Storms: Specifying and Analysing IoT Security Requirements with SURFINGLeveraging Applications of Formal Methods, Verification and Validation. REoCAS Colloquium in Honor of Rocco De Nicola10.1007/978-3-031-73709-1_24(392-408)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1007/978-3-031-73709-1_24
Nagalakshmi SD’Souza M(2024)Coverage Criteria Based Testing of IoT ApplicationsDistributed Computing and Intelligent Technology10.1007/978-3-031-50583-6_7(101-116)Online publication date: 17-Jan-2024
https://dl.acm.org/doi/10.1007/978-3-031-50583-6_7
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents