SmartFuzz: An automated smart fuzzing approach for testing SmartThings apps
As IoT ecosystem has been fast-growing recently, there have been various security concerns of this new computing paradigm. Malicious IoT apps gaining access to IoT devices and capabilities to execute sensitive operations (sinks), e.g., controlling door locks and switches, may cause serious security...
Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2020
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/5604 https://ink.library.smu.edu.sg/context/sis_research/article/6607/viewcontent/SmartFuzz_An_Automated_Smart_Fuzzing_Approach_for_Testing_SmartThings_Apps_apsec20.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-6607 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-66072021-07-01T01:14:33Z SmartFuzz: An automated smart fuzzing approach for testing SmartThings apps SHAR, Lwin Khin TA, Nguyen Binh Duong JIANG, Lingxiao LO, David MINN, Wei YEO, Kiah Yong Glenn KIM, Eugene As IoT ecosystem has been fast-growing recently, there have been various security concerns of this new computing paradigm. Malicious IoT apps gaining access to IoT devices and capabilities to execute sensitive operations (sinks), e.g., controlling door locks and switches, may cause serious security and safety issues. Unlike traditional mobile/web apps, IoT apps highly interact with a wide variety of physical IoT devices and respond to environmental events, in addition to user inputs. It is therefore important to conduct comprehensive testing of IoT apps to identify possible anomalous behaviours. On the other hand, it is also important to optimize the number of test cases generated, considering that there may be many possible ways in which apps, devices, environmental events, and user inputs interact. Existing works investigating security in IoT apps have been using ad-hoc testing approaches, in which test cases are usually designed to test some particular aspects of apps or devices.In this work, we develop an automated, smart fuzzing ap- proach, called SmartFuzz, for testing Samsung SmartThings IoT apps. More specifically, SmartFuzz combines combinatorial test generation with light-weight program analysis, and aims to improve test coverage of sinks in an efficient, automated manner. We have implemented and evaluated our approach using a publicly available dataset of 60 SmartApps. The results have demonstrated the effectiveness and efficiency of SmartFuzz. In particular, SmartFuzz improved coverage of sinks by 184%, while generating and executing 20% fewer test cases as compared to ad-hoc testing. 2020-12-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/5604 info:doi/10.1109/APSEC51365.2020.00045 https://ink.library.smu.edu.sg/context/sis_research/article/6607/viewcontent/SmartFuzz_An_Automated_Smart_Fuzzing_Approach_for_Testing_SmartThings_Apps_apsec20.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University fuzzing smart apps IoT security SmartThings Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
fuzzing smart apps IoT security SmartThings Software Engineering |
| spellingShingle |
fuzzing smart apps IoT security SmartThings Software Engineering SHAR, Lwin Khin TA, Nguyen Binh Duong JIANG, Lingxiao LO, David MINN, Wei YEO, Kiah Yong Glenn KIM, Eugene SmartFuzz: An automated smart fuzzing approach for testing SmartThings apps |
| description |
As IoT ecosystem has been fast-growing recently, there have been various security concerns of this new computing paradigm. Malicious IoT apps gaining access to IoT devices and capabilities to execute sensitive operations (sinks), e.g., controlling door locks and switches, may cause serious security and safety issues. Unlike traditional mobile/web apps, IoT apps highly interact with a wide variety of physical IoT devices and respond to environmental events, in addition to user inputs. It is therefore important to conduct comprehensive testing of IoT apps to identify possible anomalous behaviours. On the other hand, it is also important to optimize the number of test cases generated, considering that there may be many possible ways in which apps, devices, environmental events, and user inputs interact. Existing works investigating security in IoT apps have been using ad-hoc testing approaches, in which test cases are usually designed to test some particular aspects of apps or devices.In this work, we develop an automated, smart fuzzing ap- proach, called SmartFuzz, for testing Samsung SmartThings IoT apps. More specifically, SmartFuzz combines combinatorial test generation with light-weight program analysis, and aims to improve test coverage of sinks in an efficient, automated manner. We have implemented and evaluated our approach using a publicly available dataset of 60 SmartApps. The results have demonstrated the effectiveness and efficiency of SmartFuzz. In particular, SmartFuzz improved coverage of sinks by 184%, while generating and executing 20% fewer test cases as compared to ad-hoc testing. |
| format |
text |
| author |
SHAR, Lwin Khin TA, Nguyen Binh Duong JIANG, Lingxiao LO, David MINN, Wei YEO, Kiah Yong Glenn KIM, Eugene |
| author_facet |
SHAR, Lwin Khin TA, Nguyen Binh Duong JIANG, Lingxiao LO, David MINN, Wei YEO, Kiah Yong Glenn KIM, Eugene |
| author_sort |
SHAR, Lwin Khin |
| title |
SmartFuzz: An automated smart fuzzing approach for testing SmartThings apps |
| title_short |
SmartFuzz: An automated smart fuzzing approach for testing SmartThings apps |
| title_full |
SmartFuzz: An automated smart fuzzing approach for testing SmartThings apps |
| title_fullStr |
SmartFuzz: An automated smart fuzzing approach for testing SmartThings apps |
| title_full_unstemmed |
SmartFuzz: An automated smart fuzzing approach for testing SmartThings apps |
| title_sort |
smartfuzz: an automated smart fuzzing approach for testing smartthings apps |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2020 |
| url |
https://ink.library.smu.edu.sg/sis_research/5604 https://ink.library.smu.edu.sg/context/sis_research/article/6607/viewcontent/SmartFuzz_An_Automated_Smart_Fuzzing_Approach_for_Testing_SmartThings_Apps_apsec20.pdf |
| _version_ |
1770575527570046976 |