Abstract

Internet of Thing platforms prosper home automation applications (apps). Prior research concerns intra-app security. Our work reveals that automation apps, even secured individually, still cause a family of threats when they interplay, termed as Cross-App Interference (CAI) threats. We systematically categorize such threats and encode them using satisfiability modulo theories (SMT). We present HomeGuard, a system for detecting and handling CAI threats in real deployments. A symbolic executor is built to extract rule semantics, and instrumentation is utilized to capture configuration during app installation. Rules and configuration are checked against SMT models, the solutions of which indicate the existence of corresponding CAI threats. We further combine app functionalities, device attributes and CAI types to label the risk level of CAI instances. In our evaluation, HomeGuard discovers 663 CAI instances from 146 SmartThings market apps, imposing minor latency upon app installation and no runtime overhead.