Securing IoT Apps with Fine-grained Control of Information Flows

10/31/2018
by   Davino Mauro Junior, et al.
0

Internet of Things is growing rapidly, with many connected devices now available to consumers. With this growth, the IoT apps that manage the devices from smartphones raise significant security concerns. Typically, these apps are secured via sensitive credentials such as email and password that need to be validated through specific servers, thus requiring permissions to access the Internet. Unfortunately, even when developers are well-intentioned, such apps can be non-trivial to secure so as to guarantee that user's credentials do not leak to unauthorized servers on the Internet. For example, if the app relies on third-party libraries, as many do, those libraries can potentially capture and leak sensitive credentials. Bugs in the applications can also result in exploitable vulnerabilities that leak credentials. This paper presents our work in-progress on a prototype that enables developers to control how information flows within the app from sensitive UI data to specific servers. We extend FlowFence to enforce fine-grained information flow policies on sensitive UI data.

READ FULL TEXT
research
02/22/2018

Sensitive Information Tracking in Commodity IoT

Broadly defined as the Internet of Things (IoT), the growth of commodity...
research
01/29/2019

Beware of the App! On the Vulnerability Surface of Smart Devices through their Companion Apps

Internet of Things (IoT) devices are becoming increasingly important. Th...
research
03/05/2019

Pyronia: Intra-Process Access Control for IoT Applications

Third-party code plays a critical role in IoT applications, which genera...
research
12/19/2018

AnFlo: Detecting Anomalous Sensitive Information Flows in Android Apps

Smartphone apps usually have access to sensitive user data such as conta...
research
03/05/2019

Pyronia: Redesigning Least Privilege and Isolation for the Age of IoT

Third-party modules play a critical role in IoT applications, which gene...
research
02/07/2022

An Automated Approach for Privacy Leakage Identification in IoT Apps

This paper presents a fully automated static analysis approach and a too...
research
06/06/2018

Droplet: Decentralized Authorization for IoT Data Streams

This paper presents Droplet, a decentralized data access control service...

Please sign up or login with your details

Forgot password? Click here to reset