TAPInspector: Safety and Liveness Verification of Concurrent Trigger-Action IoT Systems

02/02/2021
by   Yinbo Yu, et al.
0

Trigger-action programming (TAP) is a popular end-user programming framework that can simplify the Internet of Things (IoT) automation with simple trigger-action rules. However, it also introduces new security and safety threats. A lot of advanced techniques have been proposed to address this problem. Rigorously reasoning about the security of a TAP-based IoT system requires a well-defined model and verification method both against rule semantics and physical-world states, e.g., concurrency, rule latency, and connection-based interactions, which has been missing until now. This paper presents TAPInspector, a novel system to detect vulnerabilities in concurrent TAP-based IoT systems using model checking. It automatically extracts TAP rules from IoT apps, translates them into a hybrid model with model slicing and state compression, and performs model checking with various safety and liveness properties. Our experiments corroborate that TAPInspector is effective: it identifies 533 violations with 9 new types of violations from 1108 real-world market IoT apps and is 60000 times faster than the baseline without optimization at least.

READ FULL TEXT
research
03/09/2019

SAFECHAIN: Securing Trigger-Action Programming from Attack Chains (Extended Technical Report)

The proliferation of Internet of Things (IoT) is reshaping our lifestyle...
research
10/22/2018

IoTSan: Fortifying the Safety of IoT Systems

Today's IoT systems include event-driven smart applications (apps) that ...
research
07/24/2022

On the Validation of Multi-Level Personalised Health Condition Model

This paper presents a verification-based methodology to validate the mod...
research
05/22/2018

Soteria: Automated IoT Safety and Security Analysis

Broadly defined as the Internet of Things (IoT), the growth of commodity...
research
07/31/2019

VISCR: Intuitive Conflict-free Automation for Securing the Dynamic Consumer IoT Infrastructures

Consumer IoT is characterized by heterogeneous devices with diverse func...
research
12/10/2020

Data Privacy in Trigger-Action IoT Systems

Trigger-action platforms (TAPs) allow users to connect independent IoT o...
research
03/21/2021

EBF: A Hybrid Verification Tool for Finding Software Vulnerabilities in IoT Cryptographic Protocols

Internet of Things (IoT) consists of a large number of smart devices con...

Please sign up or login with your details

Forgot password? Click here to reset