Abstract
This paper presents PatrIoT, which efficiently monitors the behavior of a programmable IoT system at runtime and suppresses contemplated actions that violate a given declarative policy. Policies in PatrIoT are specified in effectively propositional, past metric temporal logic and capture the system’s expected temporal invariants whose violation can break its desired security, privacy, and safety guarantees. PatrIoT has been instantiated for not only an industrial IoT system (EVA ICS) but also for two home representative automation platforms: one proprietary (SmartThings) and another open-source (OpenHAB). Our empirical evaluation shows that, while imposing only a moderate runtime overhead, PatrIoT can effectively detect policy violations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Antlr. https://www.antlr.org. Accessed 16 Feb 2019
Apache Groovy - runtime and compile-time metaprogramming. http://groovy-lang.org/metaprogramming.html. Accessed 13 Sep 2019
CWE-367 - time-of-check time-of-use (toctou) race condition. https://cwe.mitre.org/data/definitions/367.html. Accessed 13 Sep 2019
EVA ICS. https://www.eva-ics.com. Accessed 13 Sep 2019
OpenHAB - a vendor and technology agnostic open source automation software for your home. https://www.openhab.org. Accessed 16 Feb 2019
PatrIoT. https://github.com/yahyazadeh/patriot.git. Accessed 16 Aug 2020
Smartthings. https://www.smartthings.com/. Accessed 16 Feb 2019
SmartThings Public GitHub Repo. https://github.com/SmartThingsCommunity/SmartThingsPublic. Accessed 17 Feb 2019
Alrawi, O., Lever, C., Antonakakis, M., Monrose, F.: Sok: security evaluation of home-based IoT deployments. In: S&P. IEEE (2019)
Antonakakis, M., et al.: Understanding the mirai botnet. In: USENIX Security Symposium, pp. 1092–1110 (2017)
Basin, D., Klaedtke, F., Marinovic, S., Zălinescu, E.: Monitoring of temporal first-order properties with aggregations. Formal Methods Syst. Design 46(3), 262–285 (2015). https://doi.org/10.1007/s10703-015-0222-7
Basin, D., Klaedtke, F., Müller, S.: Policy monitoring in first-order temporal logic. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 1–18. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14295-6_1
Basin, D., Klaedtke, F., Müller, S., Zălinescu, E.: Monitoring metric first-order temporal properties. JACM 62(2), 1–45 (2015)
Bauer, A., Leucker, M., Schallhart, C.: Runtime verification for LTL and TLTL. TOSEM 20(4), 1–64 (2011)
Calzavara, S., Focardi, R., Maffei, M., Schneidewind, C., Squarcina, M., Tempesta, M.: \(\{\)WPSE\(\}\): fortifying web protocols via browser-side security monitoring. In: USENIX Security Symposium, pp. 1493–1510 (2018)
Celik, Z.B., et al.: Sensitive information tracking in commodity IoT. In: USENIX Security Symposium, pp. 1687–1704 (2018)
Celik, Z.B., McDaniel, P., Tan, G.: Soteria: automated IoT safety and security analysis. In: ATC, pp. 147–158. USENIX (2018)
Celik, Z.B., Tan, G., McDaniel, P.: IoTGuard: dynamic enforcement of security and safety policy in commodity IoT. In: NDSS (2019)
Chen, J., et al.: Iotfuzzer: Discovering memory corruptions in IoT through app-based fuzzing. In: NDSS (2018)
Chi, H., Zeng, Q., Du, X., Yu, J.: Cross-app interference threats in smart homes: Categorization, detection and handling. CoRR abs/1808.02125 (2018)
Ding, W., Hu, H.: On the safety of IoT device physical interaction control. In: CCS, pp. 832–846. ACM (2018)
Du, X., Liu, Y., Tiu, A.: Trace-length independent runtime monitoring of quantitative policies in LTL. In: Bjørner, N., de Boer, F. (eds.) FM 2015. LNCS, vol. 9109, pp. 231–247. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-19249-9_15
Edwards, S., Profetis, I.: Hajime: analysis of a decentralized internet worm for IoT devices. Rapidity Netw. 16 (2016)
Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: S&P, pp. 636–654. IEEE, May 2016
Gong, N.Z., et al.: Piano: proximity-based user authentication on voice-powered Internet-of-Things devices. In: ICDCS, pp. 2212–2219. IEEE (2017)
He, W., et al.: Rethinking access control and authentication for the home Internet of Things (IoT). In: USENIX Security, pp. 255–272 (2018)
Ho, G., Leung, D., Mishra, P., Hosseini, A., Song, D., Wagner, D.: Smart locks: lessons for securing commodity Internet of Things devices. In: ASIACCS, pp. 461–472. ACM (2016)
Jia, Y.J., et al.: ContexIoT: towards providing contextual integrity to appified IoT platforms. In: NDSS (2017)
Lee, S., et al.: Fact: functionality-centric access control system for IoT programming frameworks. In: SACMAT, pp. 43–54. ACM (2017)
Nguyen, D.T., Song, C., Qian, Z., Krishnamurthy, S.V., Colbert, E.J., McDaniel, P.: IoTSan: fortifying the safety of IoT systems. In: CoNEXT, pp. 191–203. ACM (2018)
Notra, S., Siddiqi, M., Gharakheili, H.H., Sivaraman, V., Boreli, R.: An experimental study of security and privacy risks with emerging household appliances. In: CNS, pp. 79–84. IEEE (2014)
Rahmati, A., Fernandes, E., Eykholt, K., Prakash, A.: Tyche: a risk-based permission model for smart homes. In: SecDev, pp. 29–36. IEEE (2018)
Ronen, E., Shamir, A.: Extended functionality attacks on IoT devices: the case of smart lights. In: EuroS&P, pp. 3–12. IEEE (2016)
Ronen, E., Shamir, A., Weingarten, A.O., O’Flynn, C.: IoT goes nuclear: creating a zigbee chain reaction. In: S&P (2017)
Rosu, G., Havelund, K.: Synthesizing dynamic programming algorithms from linear temporal logic formulae (2001)
Soewito, B., Vespa, L., Mahajan, A., Weng, N., Wang, H.: Self-addressable memory-based FSM: a scalable intrusion detection engine. IEEE Netw. 23(1), 14–21 (2009)
Tian, Y., et al.: Smartauth: User-centered authorization for the Internet of Things. In: USENIX Security (2017)
Ur, B., Jung, J., Schechter, S.: The current state of access control for smart devices in homes. In: HUPS (2013)
Wang, Q., Datta, P., Yang, W., Liu, S., Bates, A., Gunter, C.A.: Charting the attack surface of trigger-action IoT platforms. In: CCS (2019)
Wang, Q., Hassan, W.U., Bates, A., Gunter, C.: Fear and logging in the Internet of Things. In: ISOC NDSS (2018)
Yahyazadeh, M., Podder, P., Hoque, E., Chowdhury, O.: Expat: expectation-based policy analysis and enforcement for appified smart-home platforms. In: SACMAT, pp. 61–72. ACM (2019)
Yu, T., Sekar, V., Seshan, S., Agarwal, Y., Xu, C.: Handling a trillion (unfixable) flaws on a billion devices: rethinking network security for the Internet-of-Things. In: HotNets (2015)
Zhang, J., Wang, Z., Yang, Z., Zhang, Q.: Proximity based IoT device authentication. In: INFOCOM, pp. 1–9. IEEE (2017)
Zhang, L., He, W., Martinez, J., Brackenbury, N., Lu, S., Ur, B.: AutoTap: synthesizing and repairing trigger-action programs using LTL properties. In: ICSE (2019)
Acknowledgments
We are grateful to the anonymous reviewers for their insightful comments and suggestions. This work was supported by DARPA CASE program award N66001-18-C-4006. Any opinions, findings, conclusions, or recommendations expressed herein are those of the authors, and do not necessarily reflect those of the US Government or DARPA.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Yahyazadeh, M., Hussain, S.R., Hoque, E., Chowdhury, O. (2020). PatrIoT: Policy Assisted Resilient Programmable IoT System. In: Deshmukh, J., Ničković, D. (eds) Runtime Verification. RV 2020. Lecture Notes in Computer Science(), vol 12399. Springer, Cham. https://doi.org/10.1007/978-3-030-60508-7_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-60508-7_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-60507-0
Online ISBN: 978-3-030-60508-7
eBook Packages: Computer ScienceComputer Science (R0)