Friendly Fire: Cross-App Interactions in IoT Platforms

IoT platforms enable users to connect various smart devices and online services via reactive apps running on the cloud. These apps, often developed by third-parties, perform simple computations on data triggered by external information sources and actuate the results of computation on external information sinks. Recent research shows that unin- tended or malicious interactions between the dierent (even benign) apps of a user can cause severe security and safety risks. These works leverage program analysis techniques to build tools for unveiling unexpected interference across apps for specic use cases. We propose a calculus that models the behavioral semantics of a system of apps ex- ecuting concurrently, and use it to dene desirable semantic policies in the security and safety context of IoT apps. To demonstrate the usefulness of our framework, we dene static mechanisms for enforcing cross-app security and safety, and prove them sound with respect to our semantic conditions. Finally, we leverage real-world apps to validate the practical benets of our policy framework.