Skip to main content
We gratefully acknowledge support from the Simons Foundation, member institutions, and all contributors. Donate
arXiv logo
Cornell University Logo

Computer Science > Cryptography and Security

arXiv:1808.02125 (cs)
[Submitted on 6 Aug 2018 (v1), last revised 24 Jan 2021 (this version, v5)]

Title:Cross-App Interference Threats in Smart Homes: Categorization, Detection and Handling

Authors:Haotian Chi, Qiang Zeng, Xiaojiang Du, Jiaping Yu
View PDF
Abstract:A number of Internet of Things (IoTs) platforms have emerged to enable various IoT apps developed by third-party developers to automate smart homes. Prior research mostly concerns the overprivilege problem in the permission model. Our work, however, reveals that even IoT apps that follow the principle of least privilege, when they interplay, can cause unique types of threats, named Cross-App Interference (CAI) threats. We describe and categorize the new threats, showing that unexpected automation, security and privacy issues may be caused by such threats, which cannot be handled by existing IoT security mechanisms. To address this problem, we present HOMEGUARD, a system for appified IoT platforms to detect and cope with CAI threats. A symbolic executor module is built to precisely extract the automation semantics from IoT apps. The semantics of different IoT apps are then considered collectively to evaluate their interplay and discover CAI threats systematically. A user interface is presented to users during IoT app installation, interpreting the discovered threats to help them make decisions. We evaluate HOMEGUARD via a proof-of-concept implementation on Samsung SmartThings and discover many threat instances among apps in the SmartThings public repository. The evaluation shows that it is precise, effective and efficient.
Comments: An earlier version of this paper was submitted to ACM CCS'18 on May 9th, 2018. This version contains some minor modifications based on that submission. A newer version of this work has been published in IEEE/IFIP DSN 2020
Subjects: Cryptography and Security (cs.CR)
Cite as: arXiv:1808.02125 [cs.CR]
  (or arXiv:1808.02125v5 [cs.CR] for this version)
  https://doi.org/10.48550/arXiv.1808.02125

Submission history

From: Haotian Chi [view email]
[v1] Mon, 6 Aug 2018 21:27:44 UTC (1,139 KB)
[v2] Wed, 8 Aug 2018 22:10:46 UTC (1,130 KB)
[v3] Tue, 28 Aug 2018 16:27:13 UTC (1,130 KB)
[v4] Wed, 10 Oct 2018 15:59:24 UTC (1,130 KB)
[v5] Sun, 24 Jan 2021 04:44:33 UTC (1,130 KB)
Full-text links:

Access Paper:

  • View PDF
  • TeX Source
  • Other Formats
view license
Current browse context:
cs.CR
< prev   |   next >
new | recent | 2018-08
Change to browse by:
cs

References & Citations

DBLP - CS Bibliography

listing | bibtex
Haotian Chi
Qiang Zeng
Xiaojiang Du
Jiaping Yu
export BibTeX citation

Bookmark

BibSonomy logo Reddit logo

Bibliographic and Citation Tools

Bibliographic Explorer (What is the Explorer?)
Connected Papers (What is Connected Papers?)
Litmaps (What is Litmaps?)
scite Smart Citations (What are Smart Citations?)

Code, Data and Media Associated with this Article

alphaXiv (What is alphaXiv?)
CatalyzeX Code Finder for Papers (What is CatalyzeX?)
DagsHub (What is DagsHub?)
Gotit.pub (What is GotitPub?)
Hugging Face (What is Huggingface?)
Papers with Code (What is Papers with Code?)
ScienceCast (What is ScienceCast?)

Demos

Replicate (What is Replicate?)
Hugging Face Spaces (What is Spaces?)
TXYZ.AI (What is TXYZ.AI?)

Recommenders and Search Tools

Influence Flower (What are Influence Flowers?)
CORE Recommender (What is CORE?)

arXivLabs: experimental projects with community collaborators

arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.

Both individuals and organizations that work with arXivLabs have embraced and accepted our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners that adhere to them.

Have an idea for a project that will add value for arXiv's community? Learn more about arXivLabs.

Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)