Visible to the public IoTBox: Sandbox Mining to Prevent Interaction Threats in IoT Systems

TitleIoTBox: Sandbox Mining to Prevent Interaction Threats in IoT Systems
Publication TypeConference Paper
Year of Publication2021
AuthorsJin Kang, Hong, Qin Sim, Sheng, Lo, David
Conference Name2021 14th IEEE Conference on Software Testing, Verification and Validation (ICST)
Date Publishedapr
KeywordsCollaboration, composability, Conferences, interaction threats, Internet of Things, Malware, mining sandboxes, Policy Based Governance, Prototypes, pubcrawl, Safety, Sandboxing, Smart homes, Software systems, Software Testing
AbstractInternet of Things (IoT) apps provide great convenience but exposes us to new safety threats. Unlike traditional software systems, threats may emerge from the joint behavior of multiple apps. While prior studies use handcrafted safety and security policies to detect these threats, these policies may not anticipate all usages of the devices and apps in a smart home, causing false alarms. In this study, we propose to use the technique of mining sandboxes for securing an IoT environment. After a set of behaviors are analyzed from a bundle of apps and devices, a sandbox is deployed, which enforces that previously unseen behaviors are disallowed. Hence, the execution of malicious behavior, introduced from software updates or obscured through methods to hinder program analysis, is blocked.While sandbox mining techniques have been proposed for Android apps, we show and discuss why they are insufficient for detecting malicious behavior in a more complex IoT system. We prototype IoTBox to address these limitations. IoTBox explores behavior through a formal model of a smart home. In our empirical evaluation to detect malicious code changes, we find that IoTBox achieves substantially higher precision and recall compared to existing techniques for mining sandboxes.
DOI10.1109/ICST49551.2021.00029
Citation Keyjin_kang_iotbox_2021