Skip to main content
SpringerLink
Log in

PatrIoT: Policy Assisted Resilient Programmable IoT System

  • Conference paper
  • First Online:
Runtime Verification (RV 2020)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 12399))

Included in the following conference series:

Abstract

This paper presents PatrIoT, which efficiently monitors the behavior of a programmable IoT system at runtime and suppresses contemplated actions that violate a given declarative policy. Policies in PatrIoT are specified in effectively propositional, past metric temporal logic and capture the system’s expected temporal invariants whose violation can break its desired security, privacy, and safety guarantees. PatrIoT has been instantiated for not only an industrial IoT system (EVA ICS) but also for two home representative automation platforms: one proprietary (SmartThings) and another open-source (OpenHAB). Our empirical evaluation shows that, while imposing only a moderate runtime overhead, PatrIoT can effectively detect policy violations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Antlr. https://www.antlr.org. Accessed 16 Feb 2019

  2. Apache Groovy - runtime and compile-time metaprogramming. http://groovy-lang.org/metaprogramming.html. Accessed 13 Sep 2019

  3. CWE-367 - time-of-check time-of-use (toctou) race condition. https://cwe.mitre.org/data/definitions/367.html. Accessed 13 Sep 2019

  4. EVA ICS. https://www.eva-ics.com. Accessed 13 Sep 2019

  5. OpenHAB - a vendor and technology agnostic open source automation software for your home. https://www.openhab.org. Accessed 16 Feb 2019

  6. PatrIoT. https://github.com/yahyazadeh/patriot.git. Accessed 16 Aug 2020

  7. Smartthings. https://www.smartthings.com/. Accessed 16 Feb 2019

  8. SmartThings Public GitHub Repo. https://github.com/SmartThingsCommunity/SmartThingsPublic. Accessed 17 Feb 2019

  9. Alrawi, O., Lever, C., Antonakakis, M., Monrose, F.: Sok: security evaluation of home-based IoT deployments. In: S&P. IEEE (2019)

    Google Scholar 

  10. Antonakakis, M., et al.: Understanding the mirai botnet. In: USENIX Security Symposium, pp. 1092–1110 (2017)

    Google Scholar 

  11. Basin, D., Klaedtke, F., Marinovic, S., Zălinescu, E.: Monitoring of temporal first-order properties with aggregations. Formal Methods Syst. Design 46(3), 262–285 (2015). https://doi.org/10.1007/s10703-015-0222-7

    Article  MATH  Google Scholar 

  12. Basin, D., Klaedtke, F., Müller, S.: Policy monitoring in first-order temporal logic. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 1–18. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14295-6_1

    Chapter  Google Scholar 

  13. Basin, D., Klaedtke, F., Müller, S., Zălinescu, E.: Monitoring metric first-order temporal properties. JACM 62(2), 1–45 (2015)

    Article  MathSciNet  Google Scholar 

  14. Bauer, A., Leucker, M., Schallhart, C.: Runtime verification for LTL and TLTL. TOSEM 20(4), 1–64 (2011)

    Article  Google Scholar 

  15. Calzavara, S., Focardi, R., Maffei, M., Schneidewind, C., Squarcina, M., Tempesta, M.: \(\{\)WPSE\(\}\): fortifying web protocols via browser-side security monitoring. In: USENIX Security Symposium, pp. 1493–1510 (2018)

    Google Scholar 

  16. Celik, Z.B., et al.: Sensitive information tracking in commodity IoT. In: USENIX Security Symposium, pp. 1687–1704 (2018)

    Google Scholar 

  17. Celik, Z.B., McDaniel, P., Tan, G.: Soteria: automated IoT safety and security analysis. In: ATC, pp. 147–158. USENIX (2018)

    Google Scholar 

  18. Celik, Z.B., Tan, G., McDaniel, P.: IoTGuard: dynamic enforcement of security and safety policy in commodity IoT. In: NDSS (2019)

    Google Scholar 

  19. Chen, J., et al.: Iotfuzzer: Discovering memory corruptions in IoT through app-based fuzzing. In: NDSS (2018)

    Google Scholar 

  20. Chi, H., Zeng, Q., Du, X., Yu, J.: Cross-app interference threats in smart homes: Categorization, detection and handling. CoRR abs/1808.02125 (2018)

    Google Scholar 

  21. Ding, W., Hu, H.: On the safety of IoT device physical interaction control. In: CCS, pp. 832–846. ACM (2018)

    Google Scholar 

  22. Du, X., Liu, Y., Tiu, A.: Trace-length independent runtime monitoring of quantitative policies in LTL. In: Bjørner, N., de Boer, F. (eds.) FM 2015. LNCS, vol. 9109, pp. 231–247. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-19249-9_15

    Chapter  Google Scholar 

  23. Edwards, S., Profetis, I.: Hajime: analysis of a decentralized internet worm for IoT devices. Rapidity Netw. 16 (2016)

    Google Scholar 

  24. Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: S&P, pp. 636–654. IEEE, May 2016

    Google Scholar 

  25. Gong, N.Z., et al.: Piano: proximity-based user authentication on voice-powered Internet-of-Things devices. In: ICDCS, pp. 2212–2219. IEEE (2017)

    Google Scholar 

  26. He, W., et al.: Rethinking access control and authentication for the home Internet of Things (IoT). In: USENIX Security, pp. 255–272 (2018)

    Google Scholar 

  27. Ho, G., Leung, D., Mishra, P., Hosseini, A., Song, D., Wagner, D.: Smart locks: lessons for securing commodity Internet of Things devices. In: ASIACCS, pp. 461–472. ACM (2016)

    Google Scholar 

  28. Jia, Y.J., et al.: ContexIoT: towards providing contextual integrity to appified IoT platforms. In: NDSS (2017)

    Google Scholar 

  29. Lee, S., et al.: Fact: functionality-centric access control system for IoT programming frameworks. In: SACMAT, pp. 43–54. ACM (2017)

    Google Scholar 

  30. Nguyen, D.T., Song, C., Qian, Z., Krishnamurthy, S.V., Colbert, E.J., McDaniel, P.: IoTSan: fortifying the safety of IoT systems. In: CoNEXT, pp. 191–203. ACM (2018)

    Google Scholar 

  31. Notra, S., Siddiqi, M., Gharakheili, H.H., Sivaraman, V., Boreli, R.: An experimental study of security and privacy risks with emerging household appliances. In: CNS, pp. 79–84. IEEE (2014)

    Google Scholar 

  32. Rahmati, A., Fernandes, E., Eykholt, K., Prakash, A.: Tyche: a risk-based permission model for smart homes. In: SecDev, pp. 29–36. IEEE (2018)

    Google Scholar 

  33. Ronen, E., Shamir, A.: Extended functionality attacks on IoT devices: the case of smart lights. In: EuroS&P, pp. 3–12. IEEE (2016)

    Google Scholar 

  34. Ronen, E., Shamir, A., Weingarten, A.O., O’Flynn, C.: IoT goes nuclear: creating a zigbee chain reaction. In: S&P (2017)

    Google Scholar 

  35. Rosu, G., Havelund, K.: Synthesizing dynamic programming algorithms from linear temporal logic formulae (2001)

    Google Scholar 

  36. Soewito, B., Vespa, L., Mahajan, A., Weng, N., Wang, H.: Self-addressable memory-based FSM: a scalable intrusion detection engine. IEEE Netw. 23(1), 14–21 (2009)

    Article  Google Scholar 

  37. Tian, Y., et al.: Smartauth: User-centered authorization for the Internet of Things. In: USENIX Security (2017)

    Google Scholar 

  38. Ur, B., Jung, J., Schechter, S.: The current state of access control for smart devices in homes. In: HUPS (2013)

    Google Scholar 

  39. Wang, Q., Datta, P., Yang, W., Liu, S., Bates, A., Gunter, C.A.: Charting the attack surface of trigger-action IoT platforms. In: CCS (2019)

    Google Scholar 

  40. Wang, Q., Hassan, W.U., Bates, A., Gunter, C.: Fear and logging in the Internet of Things. In: ISOC NDSS (2018)

    Google Scholar 

  41. Yahyazadeh, M., Podder, P., Hoque, E., Chowdhury, O.: Expat: expectation-based policy analysis and enforcement for appified smart-home platforms. In: SACMAT, pp. 61–72. ACM (2019)

    Google Scholar 

  42. Yu, T., Sekar, V., Seshan, S., Agarwal, Y., Xu, C.: Handling a trillion (unfixable) flaws on a billion devices: rethinking network security for the Internet-of-Things. In: HotNets (2015)

    Google Scholar 

  43. Zhang, J., Wang, Z., Yang, Z., Zhang, Q.: Proximity based IoT device authentication. In: INFOCOM, pp. 1–9. IEEE (2017)

    Google Scholar 

  44. Zhang, L., He, W., Martinez, J., Brackenbury, N., Lu, S., Ur, B.: AutoTap: synthesizing and repairing trigger-action programs using LTL properties. In: ICSE (2019)

    Google Scholar 

Download references

Acknowledgments

We are grateful to the anonymous reviewers for their insightful comments and suggestions. This work was supported by DARPA CASE program award N66001-18-C-4006. Any opinions, findings, conclusions, or recommendations expressed herein are those of the authors, and do not necessarily reflect those of the US Government or DARPA.

Author information

Authors and Affiliations

  1. The University of Iowa, Iowa City, IA, 52242, USA

    Moosa Yahyazadeh & Omar Chowdhury

  2. The Pennsylvania State University, University Park, PA, 16802, USA

    Syed Rafiul Hussain

  3. Syracuse University, Syracuse, NY, 13244, USA

    Endadul Hoque

Authors
  1. Moosa Yahyazadeh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Syed Rafiul Hussain
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Endadul Hoque
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Omar Chowdhury
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Moosa Yahyazadeh .

Editor information

Editors and Affiliations

  1. University of Southern California, Los Angeles, CA, USA

    Jyotirmoy Deshmukh

  2. AIT Austrian Institute of Technology GmbH, Vienna, Austria

    Dejan Ničković

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Yahyazadeh, M., Hussain, S.R., Hoque, E., Chowdhury, O. (2020). PatrIoT: Policy Assisted Resilient Programmable IoT System. In: Deshmukh, J., Ničković, D. (eds) Runtime Verification. RV 2020. Lecture Notes in Computer Science(), vol 12399. Springer, Cham. https://doi.org/10.1007/978-3-030-60508-7_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-60508-7_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-60507-0

  • Online ISBN: 978-3-030-60508-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation