Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
167 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

EnvGuard: Guaranteeing Environment-Centric Safety and Security Properties in Web of Things (2312.03373v2)

Published 6 Dec 2023 in cs.SE

Abstract: Web of Things (WoT) technology facilitates the standardized integration of IoT devices ubiquitously deployed in daily environments, promoting diverse WoT applications to automatically sense and regulate the environment. In WoT environment, heterogeneous applications, user activities, and environment changes collectively influence device behaviors, posing risks of unexpected violations of safety and security properties. Existing work on violation identification primarily focuses on the analysis of automated applications, lacking consideration of the intricate interactions in the environment. Moreover, users' intention for violation resolving strategy is much less investigated. To address these limitations, we introduce EnvGuard, an environment-centric approach for property customizing, violation identification and resolution execution in WoT environment. We evaluated EnvGuard in two typical WoT environments. By conducting user studies and analyzing collected real-world environment data, we assess the performance of EnvGuard, and construct a dataset from the collected data to support environment-level violation identification. The results demonstrate the superiority of EnvGuard compared to previous state-of-the-art work, and confirm its usability, feasibility and runtime efficiency.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (59)
  1. IoTCom: Dissecting Interaction Threats in IoT Systems. IEEE Transactions on Software Engineering 49 (2023), 1523–1539. https://api.semanticscholar.org/CorpusID:249265370
  2. SoK: Security Evaluation of Home-Based IoT Deployments. 2019 IEEE Symposium on Security and Privacy (SP) (2019), 1362–1380. https://api.semanticscholar.org/CorpusID:52065542
  3. Aligning Qualitative, Real-Time, and Probabilistic Property Specification Patterns Using a Structured English Grammar. IEEE Transactions on Software Engineering 41 (2015), 620–638. https://api.semanticscholar.org/CorpusID:1221483
  4. Systematically Ensuring the Confidence of Real-Time Home Automation IoT Systems. ACM Transactions on Cyber-Physical Systems 2 (2018), 1 – 23. https://api.semanticscholar.org/CorpusID:49299914
  5. IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT. Proceedings 2019 Network and Distributed System Security Symposium (2019). https://api.semanticscholar.org/CorpusID:141048877
  6. Dipankar Chaki and Athman Bouguettaya. 2020. Fine-grained Conflict Detection of IoT Services. 2020 IEEE International Conference on Services Computing (SCC) (2020), 321–328. https://api.semanticscholar.org/CorpusID:220769055
  7. A Conflict Detection Framework for IoT Services in Multi-resident Smart Homes. 2020 IEEE International Conference on Web Services (ICWS) (2020), 224–231. https://api.semanticscholar.org/CorpusID:216553085
  8. An application of IIoT framework in system design, performance monitoring and control for industrial process heater. International Journal on Interactive Design and Manufacturing (IJIDeM) (2023), 1–17. https://api.semanticscholar.org/CorpusID:257088483
  9. Multi-Platform Application Interaction Extraction for IoT Devices. 2019 IEEE 25th International Conference on Parallel and Distributed Systems (ICPADS) (2019), 990–995. https://api.semanticscholar.org/CorpusID:210994949
  10. Detecting and Handling IoT Interaction Threats in Multi-Platform Multi-Control-Channel Smart Homes. In USENIX Security Symposium. https://api.semanticscholar.org/CorpusID:259855362
  11. Cross-App Interference Threats in Smart Homes: Categorization, Detection and Handling. 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) (2018), 411–423. https://api.semanticscholar.org/CorpusID:52110931
  12. Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Trans. Program. Lang. Syst. 8 (1986), 244–263. https://api.semanticscholar.org/CorpusID:52853200
  13. Systematically Exploring the Behavior of Control Programs. In USENIX Annual Technical Conference. https://api.semanticscholar.org/CorpusID:2505529
  14. IoTSafe: Enforcing Safety and Security Policy with Real IoT Physical Interaction Discovery. Proceedings 2021 Network and Distributed System Security Symposium (2021). https://api.semanticscholar.org/CorpusID:231877934
  15. A Model-Driven Approach to Offline Trace Checking of Temporal Properties with OCL. https://api.semanticscholar.org/CorpusID:59980463
  16. From Spot 2.0 to Spot 2.10: What’s New? ArXiv abs/2206.11366 (2022). https://api.semanticscholar.org/CorpusID:249953892
  17. EnvGuard. 2023. https://envguard-2023.github.io/. (2023).
  18. Security Analysis of Emerging Smart Home Applications. 2016 IEEE Symposium on Security and Privacy (SP) (2016), 636–654. https://api.semanticscholar.org/CorpusID:206579105
  19. Paul Gastin and Denis Oddoux. 2001. Fast LTL to Büchi Automata Translation. In International Conference on Computer Aided Verification. https://api.semanticscholar.org/CorpusID:37171124
  20. From the Internet of Things to the Web of Things: Resource-oriented Architecture and Best Practices. In Architecting the Internet of Things. https://api.semanticscholar.org/CorpusID:2245478
  21. SafeChain: Securing Trigger-Action Programming From Attack Chains. IEEE Transactions on Information Forensics and Security 14 (2019), 2607–2622. https://api.semanticscholar.org/CorpusID:73728528
  22. Conflict Detection in IoT-based Smart Homes. 2021 IEEE International Conference on Web Services (ICWS) (2021), 303–313. https://api.semanticscholar.org/CorpusID:236469241
  23. A conflicts’ classification for IoT-based services: a comparative survey. PeerJ Computer Science 7 (2021). https://api.semanticscholar.org/CorpusID:234475117
  24. IFTTT. 2022. https://ifttt.com/. (2022).
  25. Azure IoT. 2023a. https://docs.microsoft.com/azure/iot-hub/iot-hub-devguide-device-twins. (2023).
  26. AWS IoT. 2023b. https://aws.amazon.com/cn/iot/. (2023).
  27. ContexloT: Towards Providing Contextual Integrity to Appified IoT Platforms. In Network and Distributed System Security Symposium. https://api.semanticscholar.org/CorpusID:1068005
  28. Listing the ingredients for IFTTT recipes. 2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) (2022), 1376–1383. https://api.semanticscholar.org/CorpusID:257662125
  29. Real-Time Execution of Trigger-Action Connection for Home Internet-of-Things. IEEE INFOCOM 2022 - IEEE Conference on Computer Communications (2022), 1489–1498. https://api.semanticscholar.org/CorpusID:249909615
  30. Systematically Debugging IoT Control System Correctness for Building Automation. Proceedings of the 3rd ACM International Conference on Systems for Energy-Efficient Built Environments (2016). https://api.semanticscholar.org/CorpusID:10063747
  31. SIFT: building an internet of safe things. Proceedings of the 14th International Conference on Information Processing in Sensor Networks (2015). https://api.semanticscholar.org/CorpusID:6219760
  32. Enhancing IoT Data and Semantic Interoperability Based on Entity Tree Embedding Under an Edge–Cloud Framework. IEEE Internet of Things Journal 10, 4 (2023), 3322–3338. https://doi.org/10.1109/JIOT.2022.3192259
  33. PSPWizard: machine-assisted definition of temporal logical properties with specification patterns. In ESEC/FSE ’11. https://api.semanticscholar.org/CorpusID:15801616
  34. Tony Mason and Doug Brown. 1992. Lex & Yacc. https://api.semanticscholar.org/CorpusID:196108182
  35. Stephan Merz. 2000. Model Checking. https://api.semanticscholar.org/CorpusID:1968512
  36. An empirical characterization of IFTTT: ecosystem, usage, and performance. Proceedings of the 2017 Internet Measurement Conference (2017). https://api.semanticscholar.org/CorpusID:10840208
  37. Sirajum Munir and John A. Stankovic. 2014. DepSys: Dependency aware integration of cyber-physical systems for smart homes. 2014 ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS) (2014), 127–138. https://api.semanticscholar.org/CorpusID:10807958
  38. IotSan: fortifying the safety of IoT systems. Proceedings of the 14th International Conference on emerging Networking EXperiments and Technologies (2018). https://api.semanticscholar.org/CorpusID:53040259
  39. Shantanu Pal and Zahra Jadidi. 2021. Analysis of Security Issues and Countermeasures for the Industrial Internet of Things. Applied Sciences (2021). https://api.semanticscholar.org/CorpusID:241985664
  40. Automating Conflict Detection and Mitigation in Large-Scale IoT Systems. 2021 IEEE/ACM 21st International Symposium on Cluster, Cloud and Internet Computing (CCGrid) (2021), 535–544. https://api.semanticscholar.org/CorpusID:235419986
  41. Conflict Detection in Rule Based IoT Systems. 2019 IEEE 10th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON) (2019), 0276–0284. https://api.semanticscholar.org/CorpusID:209459977
  42. Schemas for IoT Interoperability for Smart Cities. In Proceedings of the 4th ACM International Conference on Systems for Energy-Efficient Built Environments (Delft, Netherlands) (BuildSys ’17). Association for Computing Machinery, New York, NY, USA, Article 45, 2 pages. https://doi.org/10.1145/3137133.3141466
  43. Limit-Deterministic Büchi Automata for Linear Temporal Logic. In International Conference on Computer Aided Verification. https://api.semanticscholar.org/CorpusID:33787163
  44. SCTAP: Supporting Scenario-Centric Trigger-Action Programming based on Software-Defined Physical Environments. Proceedings of the ACM Web Conference 2023 (2023). https://api.semanticscholar.org/CorpusID:258333767
  45. Towards a systematic survey of industrial IoT security requirements: research method and quantitative analysis. Proceedings of the Workshop on Fog Computing and the IoT (2019). https://api.semanticscholar.org/CorpusID:85518718
  46. SmartAuth: User-Centered Authorization for the Internet of Things. In USENIX Security Symposium. https://api.semanticscholar.org/CorpusID:33664900
  47. Trigger-Action Programming in the Wild: An Analysis of 200,000 IFTTT Recipes. Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (2016). https://api.semanticscholar.org/CorpusID:10883440
  48. W3C. 2023. https://www.w3.org/ecosystems/web-of-things/. (2023).
  49. Charting the Attack Surface of Trigger-Action IoT Platforms. Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (2019). https://api.semanticscholar.org/CorpusID:207960450
  50. A3ID: An Automatic and Interpretable Implicit Interference Detection Method for Smart Home via Knowledge Graph. IEEE Internet of Things Journal 7 (2020), 2197–2211. https://api.semanticscholar.org/CorpusID:213183588
  51. Privacy Leakage in Smart Homes and Its Mitigation: IFTTT as a Case Study. IEEE Access 7 (2019), 63457–63471. https://api.semanticscholar.org/CorpusID:59842862
  52. An Application Conflict Detection and Resolution System for Smart Homes. 2015 IEEE/ACM 1st International Workshop on Software Engineering for Smart Cyber-Physical Systems (2015), 33–39. https://api.semanticscholar.org/CorpusID:17427215
  53. Analysis of IFTTT Recipes to Study How Humans Use Internet-of-Things (IoT) Devices. Proceedings of the 19th ACM Conference on Embedded Networked Sensor Systems (2021). https://api.semanticscholar.org/CorpusID:238253178
  54. Yinbo Yu and Jiajia Liu. 2021. TAPInspector: Safety and Liveness Verification of Concurrent Trigger-Action IoT Systems. IEEE Transactions on Information Forensics and Security 17 (2021), 3773–3788. https://api.semanticscholar.org/CorpusID:231749562
  55. Zapier. 2023. https://help.zapier.com/. (2023).
  56. AutoTap: Synthesizing and Repairing Trigger-Action Programs Using LTL Properties. 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE) (2019), 281–291. https://api.semanticscholar.org/CorpusID:174800661
  57. Luying Zhou and Huaqun Guo. 2018. Anomaly Detection Methods for IIoT Networks. 2018 IEEE International Conference on Service Operations and Logistics, and Informatics (SOLI) (2018), 214–219. https://api.semanticscholar.org/CorpusID:52915937
  58. Seamless Integration of RESTful Web Services with the Web of Things. 2022 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops) (2022), 427–432. https://api.semanticscholar.org/CorpusID:248546564
  59. Sensitive Information Tracking in Commodity IoT. In USENIX Security Symposium. https://api.semanticscholar.org/CorpusID:3523597

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now