Collaborative Research: CPS: Medium: Enabling Data-Driven Security and Safety Analyses for Cyber-Physical Systems

协作研究：CPS：中：为网络物理系统实现数据驱动的安全和安全分析

• 批准号: 2132281
• 负责人: Adwait Nadkarni
• 金额: $ 79.98万
• 依托单位: College of William and Mary
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-01-01 至 2024-12-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2132281&HistoricalAwards=false
• 关键词: Collaborative; Research; CPS; Medium; Enabling

Smart home products have become extremely popular with consumers due to the convenience offered through home automation. In bridging the cyber-physical gap, however, home automation brings a widening of the cyber attack surface of the home. Research towards analyzing and preventing security and safety failures in a smart home faces a fundamental obstacle in practice: the poor characterization of home automation usage. That is, without the knowledge of how users automate their homes, it is difficult to address several critical challenges in designing and analyzing security systems, potentially rendering solutions ineffective in actual deployments. This project aims to bridge this gap, and provide researchers, end-users, and system designers with the means to collect, generate, and analyze realistic examples of home automation usage. This approach builds upon a unique characteristic of emerging smart home platforms: the presence of "user-driven" automation in the form of trigger-action programs that users configure via platform-provided user interfaces. In particular, this project devises methods to capture and model such user-driven home automation to generate statistically significant and useful usage scenarios. The techniques that will be developed during the course of this project will allow researchers and practitioners to analyze various security, safety and privacy properties of the cyber-physical systems that comprise modern smart homes, ultimately leading to deployments of smart home Internet of Things (IoT) devices that are more secure. The project will also produce and disseminate educational materials on best practices for developing secure software with an emphasis on IoT devices, suitable for integration into existing computer literacy courses at all levels of education. In addition, the project will focus on recruiting and retaining computer science students from traditionally underrepresented categories. This project is centered on three specific goals. First, it will develop novel data collection strategies that allow end-users to easily specify routines in a flexible manner, as well as techniques based on Natural language Processing (NLP) for automatically processing and transforming the data into a format suitable for modeling. Second, it will introduce approaches for transforming routines into realistic home automation event sequences, understanding their latent properties and modeling them using well-understood language modeling techniques. Third, it will contextualize the smart home usage models to make predictions that cater to security analyses specifically and develop tools that allow for the inspection of a smart home’s state alongside the execution of predicted event sequences on real products. The techniques and models developed during the course of this project will be validated with industry partners and are expected to become instrumental for developers and researchers to understand security and privacy properties of smart homes.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

然而，由于家庭自动化提供的便利性，智能家居产品已变得非常受消费者欢迎。然而，在弥合网络物理差距方面，家庭自动化带来了家庭网络攻击面的扩大，以分析和预防安全。智能家居的故障在实践中面临着一个根本性障碍：家庭自动化使用情况的描述不清晰，也就是说，如果不了解用户如何实现家庭自动化，就很难解决设计和分析安全系统时的几个关键挑战，从而可能导致出现问题。该项目的目标是解决方案在实际部署中无效。旨在弥合这一差距，并为研究人员、最终用户和系统设计人员提供收集、生成和分析家庭自动化使用的实际示例的方法。这种方法建立在新兴智能家居平台的独特特征之上：“存在”。用户驱动的“自动化”以触发动作程序的形式出现，用户通过平台提供的用户界面进行配置。特别是，该项目设计了捕获和建模此类用户驱动的家庭自动化的方法，以生成统计上显着且有用的使用场景。将在该项目过程中开发的允许研究人员和从业者分析构成现代智能家居的网络物理系统的各种安全、安全和隐私属性，最终导致更安全的智能家居物联网 (IoT) 设备的部署。该项目还将生产和部署。传播有关开发安全软件的最佳实践的教育材料，重点是物联网设备，适合整合到各级教育的现有计算机知识课程中。此外，该项目将侧重于招募和留住传统上代表性不足的类别的计算机科学学生。该项目围绕三个具体目标。首先，它将开发新颖的数据收集策略，使最终用户能够以灵活的方式轻松指定例程，以及基于自然语言处理（NLP）的技术，自动处理数据并将其转换为适合建模的格式。它将介绍将例程转换为现实的家庭自动化事件序列的方法，了解其潜在属性并使用易于理解的语言建模技术对其进行建模。第三，它将结合智能家居使用模型来做出专门满足安全分析的预测。开发允许检查的工具该项目过程中开发的技术和模型将与行业合作伙伴一起验证智能家居的状态以及在实际产品上执行预测的事件序列，预计将有助于开发人员和研究人员了解智能家居的安全和隐私属性。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Helion: Enabling Natural Testing of Smart Homes

Helion：实现智能家居的自然测试

• DOI: 10.1145/3611643.3613095
• 发表时间: 2023-12
• 期刊: Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering
• 作者: Mandal, Prianka;Manandhar, Sunil;Kafle, Kaushal;Moran, Kevin;Poshyvanyk, Denys;Nadkarni, Adwait
• 通讯作者: Nadkarni, Adwait

Understanding IoT Security from a Market-Scale Perspective

从市场规模的角度理解物联网安全

• DOI: 10.1145/3548606.3560640
• 发表时间: 2022-11
• 期刊: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Jin, Xin;Manandhar, Sunil;Kafle, Kaushal;Lin, Zhiqiang;Nadkarni, Adwait
• 通讯作者: Nadkarni, Adwait

Smart Home Privacy Policies Demystified: A Study of Availability, Content, and Coverage

智能家居隐私政策揭秘：可用性、内容和覆盖范围的研究

• 发表时间: 2022-08
• 期刊: Proceedings of the 31st USENIX Security Symposium
• 作者: Manandhar, Sunil;Kafle, Kaushal;Andow, Benjamin;Singh, Kapil;Nadkarni, Adwait
• 通讯作者: Nadkarni, Adwait