{"title":"自动识别权限过大的智能事物应用程序","authors":"Atheer Abu Zaid, Manar H. Alalfi, A. Miri","doi":"10.1109/ICSME.2019.00037","DOIUrl":null,"url":null,"abstract":"The permission system in the SmartThings platform governs how apps access devices. The system was designed to protect devices from third-party apps, by forcing apps to access devices through their capabilities. Design flaws in the system result in apps being over-privileged with unauthorized capabilities. This vulnerability represents serious security challenges to this platform and its users. In this paper, we present an automated tool that can identify over-privilege vulnerability in SmartThings apps. We have identified common patterns, and we have used this knowledge to design our automated over-privilege detection tool. We have evaluated the effectiveness of our tool on 222 official and third-party apps, and we have found that approximately 5.5% of defined devices were misused with 76 identified instances of over-privilege.","PeriodicalId":106748,"journal":{"name":"2019 IEEE International Conference on Software Maintenance and Evolution (ICSME)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Automated Identification of Over-Privileged SmartThings Apps\",\"authors\":\"Atheer Abu Zaid, Manar H. Alalfi, A. Miri\",\"doi\":\"10.1109/ICSME.2019.00037\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The permission system in the SmartThings platform governs how apps access devices. The system was designed to protect devices from third-party apps, by forcing apps to access devices through their capabilities. Design flaws in the system result in apps being over-privileged with unauthorized capabilities. This vulnerability represents serious security challenges to this platform and its users. In this paper, we present an automated tool that can identify over-privilege vulnerability in SmartThings apps. We have identified common patterns, and we have used this knowledge to design our automated over-privilege detection tool. We have evaluated the effectiveness of our tool on 222 official and third-party apps, and we have found that approximately 5.5% of defined devices were misused with 76 identified instances of over-privilege.\",\"PeriodicalId\":106748,\"journal\":{\"name\":\"2019 IEEE International Conference on Software Maintenance and Evolution (ICSME)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 IEEE International Conference on Software Maintenance and Evolution (ICSME)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSME.2019.00037\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE International Conference on Software Maintenance and Evolution (ICSME)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSME.2019.00037","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Automated Identification of Over-Privileged SmartThings Apps
The permission system in the SmartThings platform governs how apps access devices. The system was designed to protect devices from third-party apps, by forcing apps to access devices through their capabilities. Design flaws in the system result in apps being over-privileged with unauthorized capabilities. This vulnerability represents serious security challenges to this platform and its users. In this paper, we present an automated tool that can identify over-privilege vulnerability in SmartThings apps. We have identified common patterns, and we have used this knowledge to design our automated over-privilege detection tool. We have evaluated the effectiveness of our tool on 222 official and third-party apps, and we have found that approximately 5.5% of defined devices were misused with 76 identified instances of over-privilege.