University of Illinois Urbana-Champaign

Securing emerging IoT systems through systematic analysis and design

Wang, Qi

Content Files
WANG-DISSERTATION-2020.pdf

Permalink

https://hdl.handle.net/2142/109385

Description

Title
Securing emerging IoT systems through systematic analysis and design
Author(s)
Wang, Qi
Issue Date
2020-11-25
Director of Research (if dissertation) or Advisor (if thesis)
Gunter, Carl A
Doctoral Committee Chair(s)
Gunter, Carl A
Committee Member(s)
  • Nahrstedt, Klara
  • Bates, Adam
  • Jee, Kangkook
Department of Study
Computer Science
Discipline
Computer Science
Degree Granting Institution
University of Illinois at Urbana-Champaign
Degree Name
Ph.D.
Degree Level
Dissertation
Date of Ingest
2021-03-05T21:38:04Z
Keyword(s)
  • Internet-of-Things
  • Data provenance
  • Trigger-action platform
  • Security
Abstract
The Internet of Things (IoT) is growing very rapidly. A variety of IoT systems have been developed and employed in many domains such as smart home, smart city and industrial control, providing great benefits to our everyday lives. However, as IoT becomes increasingly prevalent and complicated, it is also introducing new attack surfaces and security challenges. We are seeing numerous IoT attacks exploiting the vulnerabilities in IoT systems everyday. Security vulnerabilities may manifest at different layers of the IoT stack. There is no single security solution that can work for the whole ecosystem. In this dissertation, we explore the limitations of emerging IoT systems at different layers and develop techniques and systems to make them more secure. More specifically, we focus on three of the most important layers: the user rule layer, the application layer and the device layer. First, on the user rule layer, we characterize the potential vulnerabilities introduced by the interaction of user-defined automation rules. We introduce iRuler, a static analysis system that uses model checking to detect inter-rule vulnerabilities that exist within trigger-action platforms such as IFTTT in an IoT deployment. Second, on the application layer, we design and build ProvThings, a system that instruments IoT apps to generate data provenance that provides a holistic explanation of system activities, including malicious behaviors. Lastly, on the device layer, we develop ProvDetector and SplitBrain to detect malicious processes using kernel-level provenance tracking and analysis. ProvDetector is a centralized approach that collects all the audit data from the clients and performs detection on the server. SplitBrain extends ProvDetector with collaborative learning, where the clients collaboratively build the detection model and performs detection on the client device.
Graduation Semester
2020-12
Type of Resource
Thesis
Permalink
http://hdl.handle.net/2142/109385
Copyright and License Information
Copyright 2020 Qi Wang

Owning Collections

Graduate Dissertations and Theses at Illinois PRIMARY
Graduate Theses and Dissertations at Illinois
Dissertations and Theses - Computer Science
Dissertations and Theses from the Siebel School of Computer Science