TY - GEN
T1 - Charting the atack surface of trigger-action IoT platforms
AU - Wang, Qi
AU - Datta, Pubali
AU - Yang, Wei
AU - Liu, Si
AU - Bates, Adam
AU - Gunter, Carl A.
N1 - Publisher Copyright:
© 2019 Association for Computing Machinery.
PY - 2019/11/6
Y1 - 2019/11/6
N2 - Internet of Things (IoT) deployments are becoming increasingly automated and vastly more complex. Facilitated by programming abstractions such as trigger-action rules, end-users can now easily create new functionalities by interconnecting their devices and other online services. However, when multiple rules are simultaneously enabled, complex system behaviors arise that are diicult to understand or diagnose. While history tells us that such conditions are ripe for exploitation, at present the security states of trigger-action IoT deployments are largely unknown. In this work, we conduct a comprehensive analysis of the interactions between trigger-action rules in order to identify their security risks. Using IFTTT as an exemplar platform, we irst enumerate the space of inter-rule vulnerabilities that exist within trigger-action platforms. To aid users in the identiication of these dangers, we go on to present iRuler, a system that performs Satisiability Modulo Theories (SMT) solving and model checking to discover inter-rule vulnerabilities within IoT deployments. iRuler operates over an abstracted information low model that represents the attack surface of an IoT deployment, but we discover in practice that such models are diicult to obtain given the closed nature of IoT platforms. To address this, we develop methods that assist in inferring trigger-action information lows based on Natural Language Processing. We develop a novel evaluative methodology for approximating plausible real-world IoT deployments based on the installation counts of 315,393 IFTTT applets, determining that 66% of the synthetic deployments in the IFTTT ecosystem exhibit the potential for inter-rule vulnerabilities. Combined, these eforts provide the insight into the real-world dangers of IoT deployment misconigurations.
AB - Internet of Things (IoT) deployments are becoming increasingly automated and vastly more complex. Facilitated by programming abstractions such as trigger-action rules, end-users can now easily create new functionalities by interconnecting their devices and other online services. However, when multiple rules are simultaneously enabled, complex system behaviors arise that are diicult to understand or diagnose. While history tells us that such conditions are ripe for exploitation, at present the security states of trigger-action IoT deployments are largely unknown. In this work, we conduct a comprehensive analysis of the interactions between trigger-action rules in order to identify their security risks. Using IFTTT as an exemplar platform, we irst enumerate the space of inter-rule vulnerabilities that exist within trigger-action platforms. To aid users in the identiication of these dangers, we go on to present iRuler, a system that performs Satisiability Modulo Theories (SMT) solving and model checking to discover inter-rule vulnerabilities within IoT deployments. iRuler operates over an abstracted information low model that represents the attack surface of an IoT deployment, but we discover in practice that such models are diicult to obtain given the closed nature of IoT platforms. To address this, we develop methods that assist in inferring trigger-action information lows based on Natural Language Processing. We develop a novel evaluative methodology for approximating plausible real-world IoT deployments based on the installation counts of 315,393 IFTTT applets, determining that 66% of the synthetic deployments in the IFTTT ecosystem exhibit the potential for inter-rule vulnerabilities. Combined, these eforts provide the insight into the real-world dangers of IoT deployment misconigurations.
KW - Formal Methods
KW - Information Flow
KW - Inter-rule Vulnerability
KW - NLP
KW - Trigger-Action IoT Platform
UR - http://www.scopus.com/inward/record.url?scp=85075949217&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85075949217&partnerID=8YFLogxK
U2 - 10.1145/3319535.3345662
DO - 10.1145/3319535.3345662
M3 - Conference contribution
AN - SCOPUS:85075949217
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 1439
EP - 1453
BT - CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
PB - Association for Computing Machinery
T2 - 26th ACM SIGSAC Conference on Computer and Communications Security, CCS 2019
Y2 - 11 November 2019 through 15 November 2019
ER -