Securing IoT Apps with Fine-grained Control of Information Flows

by   Davino Mauro Junior, et al.

Internet of Things is growing rapidly, with many connected devices now available to consumers. With this growth, the IoT apps that manage the devices from smartphones raise significant security concerns. Typically, these apps are secured via sensitive credentials such as email and password that need to be validated through specific servers, thus requiring permissions to access the Internet. Unfortunately, even when developers are well-intentioned, such apps can be non-trivial to secure so as to guarantee that user's credentials do not leak to unauthorized servers on the Internet. For example, if the app relies on third-party libraries, as many do, those libraries can potentially capture and leak sensitive credentials. Bugs in the applications can also result in exploitable vulnerabilities that leak credentials. This paper presents our work in-progress on a prototype that enables developers to control how information flows within the app from sensitive UI data to specific servers. We extend FlowFence to enforce fine-grained information flow policies on sensitive UI data.



There are no comments yet.


page 3


Sensitive Information Tracking in Commodity IoT

Broadly defined as the Internet of Things (IoT), the growth of commodity...

Beware of the App! On the Vulnerability Surface of Smart Devices through their Companion Apps

Internet of Things (IoT) devices are becoming increasingly important. Th...

Pyronia: Intra-Process Access Control for IoT Applications

Third-party code plays a critical role in IoT applications, which genera...

AnFlo: Detecting Anomalous Sensitive Information Flows in Android Apps

Smartphone apps usually have access to sensitive user data such as conta...

Pyronia: Redesigning Least Privilege and Isolation for the Age of IoT

Third-party modules play a critical role in IoT applications, which gene...

An Automated Approach for Privacy Leakage Identification in IoT Apps

This paper presents a fully automated static analysis approach and a too...

Droplet: Decentralized Authorization for IoT Data Streams

This paper presents Droplet, a decentralized data access control service...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.