Mon 26 Oct 2015 11:15 - 11:30 at Edenburg - Session II Chair(s): Aharon Abadi, Lori Flynn, Jeff Gray

Smart home automation and IoT promise to bring many advantages but they also expose their users to certain security and privacy vulnerabilities. For example, leaking the information about the absence of a person from home or the medicine somebody is taking may have serious security and privacy consequences for home users and potential legal implications for providers of home automation and IoT platforms. We envision that a new ecosystem within an existing smartphone ecosystem will be a suitable platform for distribution of apps for smart home and IoT devices. Android is increasingly becoming a popular platform for smart home and IoT devices and applications. Built-in security mechanisms in ecosystems such as Android have limitations that can be exploited by malicious apps to leak users’ sensitive data to unintended recipients. For instance, Android enforces that an app requires the Internet permissions in order to access a web server but it does not control which servers the app talks to or what data it shares with other apps. Therefore, sub-ecosystems that enforce additional fine-grained custom policies on top of existing policies of the smartphone ecosystems are necessary for smart home or IoT platforms. To this end, we have built a tool that enforces additional policies on inter-app interactions and permissions of Android apps. We have done preliminary testing of our tool on three proprietary apps developed by a future provider of a home automation platform. Our initial evaluation demonstrates that it is possible to develop mechanisms that allow definition and enforcement of custom security policies appropriate for ecosystems of the like smart home automation and IoT.

Mon 26 Oct
Times are displayed in time zone: (GMT-04:00) Eastern Time (US & Canada) change

10:30 - 12:00: MobileDeLi - Session II at Edenburg
Chair(s): Aharon AbadiIBM Research, Lori FlynnCERT, Jeff GrayUniversity of Alabama, USA
mobiledeli201510:30 - 10:35
Arvind HudliMSRIT, Shrinidhi HudliUCLA, Raghu HudliObjectOrb Technologies Pvt. Ltd
mobiledeli201510:35 - 10:55
Tahmid NabiOregon State University, Pranjal MittalOregon State University, Pooria AzimiOregon State University, Danny DigOregon State University, Eli TilevichVirginia Tech
mobiledeli201510:55 - 11:15
Jonathan ProtzenkoMicrosoft Research
mobiledeli201511:15 - 11:30
Waqar AhmadCarnegie Mellon University, Joshua SunshineCarnegie Mellon University, Christian KästnerCarnegie Mellon University, Adam WynneBosch Research and Technology Center
mobiledeli201511:30 - 11:45
Marco PistoiaIBM Research, USA, Omer TrippIBM Research, USA, Pietro FerraraIBM Research, USA, Paolina CentonzeIona College
mobiledeli201511:45 - 12:00
Pavol BielikETH Zurich, Switzerland, Veselin RaychevETH Zurich, Switzerland, Martin VechevETH Zurich, Switzerland