IOTCOM: Dissecting Interaction Threats in IoT Systems

Due to the growing presence of Internet of Things (IoT) apps and devices in smart homes and smart cities, there are more and more concerns about their security and privacy risks. IoT apps normally interact with each other and the physical world to offer utility to the users. In this paper, we investigate the safety and security risks brought by the interactive behaviors of IoT apps. Two major challenges ensue in identifying the interaction threats: i) how to discover the threats across both cyber and physical channels; and ii) how to ensure the scalability of the detection approach. To address these challenges, we first provide a taxonomy of interaction threats between IoT apps, which contains seven classes of coordination threats categorized based on their interaction behaviors. Then, we present IoTCom, a compositional threat detection system capable of automatically detecting and verifying unsafe interactions between IoT apps and devices. IoTCom applies static analysis to automatically infer relevant apps' behaviors, and uses a novel strategy to trim the extracted app's behaviors prior to translating them into analyzable formal specifications, mitigating the state explosion associated with formal analysis. Our experiments with numerous bundles of real-world IoT apps have corroborated IoTCom's ability to effectively identify a broad spectrum of interaction threats triggered through cyber and physical channels, many of which were previously unknown. Finally, IoTCom uses an automatic verifier to validate the discovered threats. Our experimental results show that IoTCom significantly outperforms the existing techniques in terms of the computational time, and maintains the capability to perform its analysis across different IoT platforms.