Program analysis of commodity IoT applications for security and privacy: Challenges and opportunities

Z. Berkay Celik, Earlence Fernandes, Eric Pauley, Gang Tan, Patrick Mcdaniel

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

Recent advances in Internet of Things (IoT) have enabled myriad domains such as smart homes, personal monitoring devices, and enhanced manufacturing. IoT is now pervasive-new applications are being used in nearly every conceivable environment, which leads to the adoption of device-based interaction and automation. However, IoT has also raised issues about the security and privacy of these digitally augmented spaces. Program analysis is crucial in identifying those issues, yet the application and scope of program analysis in IoT remains largely unexplored by the technical community. In this article, we study privacy and security issues in IoT that require program-analysis techniques with an emphasis on identified attacks against these systems and defenses implemented so far. Based on a study of five IoT programming platforms, we identify the key insights that result from research efforts in both the program analysis and security communities and relate the efficacy of program-analysis techniques to security and privacy issues. We conclude by studying recent IoT analysis systems and exploring their implementations. Through these explorations, we highlight key challenges and opportunities in calibrating for the environments in which IoT systems will be used.

Original languageEnglish (US)
Article number74
JournalACM Computing Surveys
Volume52
Issue number4
DOIs
StatePublished - Aug 2019

Fingerprint

Internet of Things
Program Analysis
Privacy
Smart Home
Internet of things
Systems Analysis
Automation
Efficacy
Programming
Manufacturing
Attack
Monitoring

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

@article{d6b63feb2db445d1a7841e8235505b92,
title = "Program analysis of commodity IoT applications for security and privacy: Challenges and opportunities",
abstract = "Recent advances in Internet of Things (IoT) have enabled myriad domains such as smart homes, personal monitoring devices, and enhanced manufacturing. IoT is now pervasive-new applications are being used in nearly every conceivable environment, which leads to the adoption of device-based interaction and automation. However, IoT has also raised issues about the security and privacy of these digitally augmented spaces. Program analysis is crucial in identifying those issues, yet the application and scope of program analysis in IoT remains largely unexplored by the technical community. In this article, we study privacy and security issues in IoT that require program-analysis techniques with an emphasis on identified attacks against these systems and defenses implemented so far. Based on a study of five IoT programming platforms, we identify the key insights that result from research efforts in both the program analysis and security communities and relate the efficacy of program-analysis techniques to security and privacy issues. We conclude by studying recent IoT analysis systems and exploring their implementations. Through these explorations, we highlight key challenges and opportunities in calibrating for the environments in which IoT systems will be used.",
author = "Celik, {Z. Berkay} and Earlence Fernandes and Eric Pauley and Gang Tan and Patrick Mcdaniel",
year = "2019",
month = "8",
doi = "10.1145/3333501",
language = "English (US)",
volume = "52",
journal = "ACM Computing Surveys",
issn = "0360-0300",
publisher = "Association for Computing Machinery (ACM)",
number = "4",

}

Program analysis of commodity IoT applications for security and privacy : Challenges and opportunities. / Celik, Z. Berkay; Fernandes, Earlence; Pauley, Eric; Tan, Gang; Mcdaniel, Patrick.

In: ACM Computing Surveys, Vol. 52, No. 4, 74, 08.2019.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Program analysis of commodity IoT applications for security and privacy

T2 - Challenges and opportunities

AU - Celik, Z. Berkay

AU - Fernandes, Earlence

AU - Pauley, Eric

AU - Tan, Gang

AU - Mcdaniel, Patrick

PY - 2019/8

Y1 - 2019/8

N2 - Recent advances in Internet of Things (IoT) have enabled myriad domains such as smart homes, personal monitoring devices, and enhanced manufacturing. IoT is now pervasive-new applications are being used in nearly every conceivable environment, which leads to the adoption of device-based interaction and automation. However, IoT has also raised issues about the security and privacy of these digitally augmented spaces. Program analysis is crucial in identifying those issues, yet the application and scope of program analysis in IoT remains largely unexplored by the technical community. In this article, we study privacy and security issues in IoT that require program-analysis techniques with an emphasis on identified attacks against these systems and defenses implemented so far. Based on a study of five IoT programming platforms, we identify the key insights that result from research efforts in both the program analysis and security communities and relate the efficacy of program-analysis techniques to security and privacy issues. We conclude by studying recent IoT analysis systems and exploring their implementations. Through these explorations, we highlight key challenges and opportunities in calibrating for the environments in which IoT systems will be used.

AB - Recent advances in Internet of Things (IoT) have enabled myriad domains such as smart homes, personal monitoring devices, and enhanced manufacturing. IoT is now pervasive-new applications are being used in nearly every conceivable environment, which leads to the adoption of device-based interaction and automation. However, IoT has also raised issues about the security and privacy of these digitally augmented spaces. Program analysis is crucial in identifying those issues, yet the application and scope of program analysis in IoT remains largely unexplored by the technical community. In this article, we study privacy and security issues in IoT that require program-analysis techniques with an emphasis on identified attacks against these systems and defenses implemented so far. Based on a study of five IoT programming platforms, we identify the key insights that result from research efforts in both the program analysis and security communities and relate the efficacy of program-analysis techniques to security and privacy issues. We conclude by studying recent IoT analysis systems and exploring their implementations. Through these explorations, we highlight key challenges and opportunities in calibrating for the environments in which IoT systems will be used.

UR - http://www.scopus.com/inward/record.url?scp=85072015894&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85072015894&partnerID=8YFLogxK

U2 - 10.1145/3333501

DO - 10.1145/3333501

M3 - Article

AN - SCOPUS:85072015894

VL - 52

JO - ACM Computing Surveys

JF - ACM Computing Surveys

SN - 0360-0300

IS - 4

M1 - 74

ER -