IoT platforms enable users to connect various smart devices and online services via reactive apps running on the cloud. These apps, often developed by third-parties, perform simple computations on data triggered by external information sources and actuate the results of computation on external information sinks. Recent research shows that unin- tended or malicious interactions between the dierent (even benign) apps of a user can cause severe security and safety risks. These works leverage program analysis techniques to build tools for unveiling unexpected interference across apps for specic use cases. We propose a calculus that models the behavioral semantics of a system of apps ex- ecuting concurrently, and use it to dene desirable semantic policies in the security and safety context of IoT apps. To demonstrate the usefulness of our framework, we dene static mechanisms for enforcing cross-app security and safety, and prove them sound with respect to our semantic conditions. Finally, we leverage real-world apps to validate the practical benets of our policy framework.

Friendly Fire: Cross-App Interactions in IoT Platforms

Balliu, Musard;Merro, Massimo
;
Pasqua, Michele
2020-01-01

Abstract

IoT platforms enable users to connect various smart devices and online services via reactive apps running on the cloud. These apps, often developed by third-parties, perform simple computations on data triggered by external information sources and actuate the results of computation on external information sinks. Recent research shows that unin- tended or malicious interactions between the dierent (even benign) apps of a user can cause severe security and safety risks. These works leverage program analysis techniques to build tools for unveiling unexpected interference across apps for specic use cases. We propose a calculus that models the behavioral semantics of a system of apps ex- ecuting concurrently, and use it to dene desirable semantic policies in the security and safety context of IoT apps. To demonstrate the usefulness of our framework, we dene static mechanisms for enforcing cross-app security and safety, and prove them sound with respect to our semantic conditions. Finally, we leverage real-world apps to validate the practical benets of our policy framework.
2020
IoT platforms
Cross-app interactions
Safety
Security
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11562/1024912
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? 5
social impact