Security Implications of Permission Models in Smart-Home Application Frameworks

Earlence Fernandes; Amir Rahmati; Jaeyeon Jung; Atul Prakash

doi:10.1109/MSP.2017.43

Security Implications of Permission Models in Smart-Home Application Frameworks

Earlence Fernandes
, Amir Rahmati
, Jaeyeon Jung
, Atul Prakash

Computer Science

Stony Brook University

University of Michigan, Ann Arbor
Samsung's Cloud Platform Group

Research output: Contribution to journal › Article › peer-review

60 Scopus citations

Abstract

Several competing smart-home programming frameworks that support third-party app development have emerged. Such frameworks' permission models represent the dividing line between malicious apps that compromise user security and useful apps that provide user benefits. The authors survey the permission models of four popular frameworks: IoTivity, HomeKit, AllJoyn, and SmartThings, then report on their recent deep empirical analysis of SmartThings. A key finding is that SmartThings apps are automatically overprivileged, which can leave users vulnerable to various remote attacks.

Original language	English
Article number	7891524
Pages (from-to)	24-30
Number of pages	7
Journal	IEEE Security and Privacy
Volume	15
Issue number	2
DOIs	https://doi.org/10.1109/MSP.2017.43
State	Published - 2017

Keywords

Internet of Things
IoT
apps
overprivilege
permission model
privacy
security
smart home
smart technology
smart-home programming

Access to Document

10.1109/MSP.2017.43

Cite this

@article{0fd477b994a84654b5c0c8b71ca84f64,

title = "Security Implications of Permission Models in Smart-Home Application Frameworks",

abstract = "Several competing smart-home programming frameworks that support third-party app development have emerged. Such frameworks' permission models represent the dividing line between malicious apps that compromise user security and useful apps that provide user benefits. The authors survey the permission models of four popular frameworks: IoTivity, HomeKit, AllJoyn, and SmartThings, then report on their recent deep empirical analysis of SmartThings. A key finding is that SmartThings apps are automatically overprivileged, which can leave users vulnerable to various remote attacks.",

keywords = "Internet of Things, IoT, apps, overprivilege, permission model, privacy, security, smart home, smart technology, smart-home programming",

author = "Earlence Fernandes and Amir Rahmati and Jaeyeon Jung and Atul Prakash",

note = "Publisher Copyright: {\textcopyright} 2017 IEEE.",

year = "2017",

doi = "10.1109/MSP.2017.43",

language = "English",

volume = "15",

pages = "24--30",

journal = "IEEE Security and Privacy",

issn = "1540-7993",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "2",

}

TY - JOUR

T1 - Security Implications of Permission Models in Smart-Home Application Frameworks

AU - Fernandes, Earlence

AU - Rahmati, Amir

AU - Jung, Jaeyeon

AU - Prakash, Atul

PY - 2017

Y1 - 2017

N2 - Several competing smart-home programming frameworks that support third-party app development have emerged. Such frameworks' permission models represent the dividing line between malicious apps that compromise user security and useful apps that provide user benefits. The authors survey the permission models of four popular frameworks: IoTivity, HomeKit, AllJoyn, and SmartThings, then report on their recent deep empirical analysis of SmartThings. A key finding is that SmartThings apps are automatically overprivileged, which can leave users vulnerable to various remote attacks.

AB - Several competing smart-home programming frameworks that support third-party app development have emerged. Such frameworks' permission models represent the dividing line between malicious apps that compromise user security and useful apps that provide user benefits. The authors survey the permission models of four popular frameworks: IoTivity, HomeKit, AllJoyn, and SmartThings, then report on their recent deep empirical analysis of SmartThings. A key finding is that SmartThings apps are automatically overprivileged, which can leave users vulnerable to various remote attacks.

KW - Internet of Things

KW - IoT

KW - apps

KW - overprivilege

KW - permission model

KW - privacy

KW - security

KW - smart home

KW - smart technology

KW - smart-home programming

UR - https://www.scopus.com/pages/publications/85017601400

U2 - 10.1109/MSP.2017.43

DO - 10.1109/MSP.2017.43

M3 - Article

SN - 1540-7993

VL - 15

SP - 24

EP - 30

JO - IEEE Security and Privacy

JF - IEEE Security and Privacy

IS - 2

M1 - 7891524

ER -

Security Implications of Permission Models in Smart-Home Application Frameworks

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this