Internet of Things (IoT) applications drive the behavior of IoT deployments according to installed sensors and actuators. It has recently been shown that IoT deployments are vulnerable to physical interactions, caused by design flaws or malicious intent, that can have severe physical consequences. Yet, extant approaches to securing IoT do not translate the app source code into its physical behavior to evaluate physical interactions. Thus, IoT consumers and markets do not possess the capability to assess the safety and security risks these interactions present. In this paper, we introduce the IoTSeer security service for IoT deployments, which uncovers undesired states caused by physical interactions. IoTSeer operates in four phases (1) translation of each actuation command and sensor event in an app source code into a hybrid I/O automaton that defines an app's physical behavior, (2) combining apps in a novel composite automaton that represents the joint physical behavior of interacting apps, (3) applying grid-based testing and falsification to validate whether an IoT deployment conforms to desired physical interaction policies, and (4) identification of the root cause of policy violations and proposing patches that guide users to prevent them. We use IoTSeer in an actual house with 13 actuators and six sensors with 37 apps and demonstrate its effectiveness and performance.

中文翻译：

---

发现物联网部署中的物理交互漏洞

物联网（IoT）应用程序根据已安装的传感器和执行器来驱动IoT部署的行为。最近显示，物联网部署容易受到由设计缺陷或恶意意图引起的物理交互的影响，而物理交互可能会造成严重的物理后果。但是，用于保护物联网的现有方法并未将应用程序源代码转换为其物理行为以评估物理交互。因此，物联网消费者和市场不具备评估这些交互作用带来的安全风险的能力。在本文中，我们介绍了用于IoT部署的IoTSeer安全服务，该服务揭示了物理交互导致的不良状态。IoTSeer分四个阶段进行操作（1）将应用程序源代码中的每个致动命令和传感器事件转换为定义应用程序物理行为的混合I / O自动机，（2）将应用程序组合到代表联合物理状态的新型复合自动机中交互应用程序的行为，（3）应用基于网格的测试和篡改来验证IoT部署是否符合所需的物理交互策略，以及（4）识别策略违规的根本原因并提出指导用户进行预防的补丁程序。我们在一个拥有13个执行器和6个带有37个应用程序的传感器的实际房屋中使用IoTSeer，并展示了其有效性和性能。（3）应用基于网格的测试和篡改来验证IoT部署是否符合所需的物理交互策略，以及（4）识别策略违规的根本原因，并提出可指导用户进行预防的补丁程序。我们在一个拥有13个执行器和6个带有37个应用程序的传感器的实际房屋中使用IoTSeer，并展示了其有效性和性能。（3）应用基于网格的测试和篡改来验证IoT部署是否符合所需的物理交互策略，以及（4）识别策略违规的根本原因，并提出可指导用户进行预防的补丁程序。我们在一个拥有13个执行器和6个带有37个应用程序的传感器的实际房屋中使用IoTSeer，并展示了其有效性和性能。