| Popis: |
The rapid expansion of Internet of Things (IoT) has brought unprecedented changes to our daily life. Among all, smart home technologies are the most widely adopted. They leverage various devices in home environment to build a connected network, over which automation is implemented for enhancing device interoperability. Such automations usually execute on platforms that are provided by device vendors, such as Samgsung, Google and Amazon. However, back-end cloud may not always be trustworthy due to malware, unknown third-party applications and possible side-channel attacks. Specifically for the IoT platforms, we identify two security threats that may gain unauthorized control of smart home devices: over privilege issue and spooking events. In this thesis, we presents SmartMon, a framework that is designed to detect such security violations by statically analyzing automation application (SmartApp) control logic and comparing them with dynamic execution patterns. Through evaluations, we demonstrate that SmartMon could achieve high precision (> 95%) in detecting both violations. We also evaluate its detection capability in more complex settings, where multiple SmartApps execute simultaneously, resulting in potential dependencies. The evaluation results show that SmartMon remains high accuracy in this scenario as well. |
