Trigger-action programming (TAP) is a popular end-user programming framework that can simplify the Internet of Things (IoT) automation with simple trigger-action rules. However, it also introduces new security and safety threats. A lot of advanced techniques have been proposed to address this problem. Rigorously reasoning about the security of a TAP-based IoT system requires a well-defined model and verification method both against rule semantics and physical-world states, e.g., concurrency, rule latency, and connection-based interactions, which has been missing until now. This paper presents TAPInspector, a novel system to detect vulnerabilities in concurrent TAP-based IoT systems using model checking. It automatically extracts TAP rules from IoT apps, translates them into a hybrid model with model slicing and state compression, and performs model checking with various safety and liveness properties. Our experiments corroborate that TAPInspector is effective: it identifies 533 violations with 9 new types of violations from 1108 real-world market IoT apps and is 60000 times faster than the baseline without optimization at least.
翻译:触发程序(TAP)是一个受欢迎的终端用户编程框架,可以简化Things(IoT)自动化(IoT)自动化(IoT)系统,并采用简单的触发规则;然而,它也引入了新的安保和安全威胁;已经提出了解决这一问题的许多先进技术。关于基于TAP的IoT系统安全的严格推理要求针对规则的语义和物质-世界状态,例如共通货币、规则延缓和基于连接的交互作用,一个定义明确的模型和核查方法,迄今为止一直缺失。本文介绍了TAPInspecter,这是一个利用模式检查来探测同时以TAP为基础的IoT系统脆弱性的新系统。它自动从IoT应用程序中提取TAP规则,将其转化为混合模型的混合模型和状态压缩,并对各种安全和生活特性进行模型检查。我们的实验证实TAPInspector是有效的:它识别了533次违规事件,从1108个真实世界的IoT应用程序中发现了9种新的违规行为,比基线至少没有优化的基线快6000倍。
相关内容
微信扫码咨询专知VIP会员