This work examines how to get safety and security in Internet of Things (IoT) systems where multiple devices (things), each designed in isolation from others, are brought together to form a networked system, controlled via one or more software applications ("apps"). "Things" in an IoT environment can include simple devices such as switches, lightbulbs, smart locks, thermostats, and safety alarms as well as complex systems such as appliances, smartphones, and cars. Software IoT "apps" can monitor and control multiple devices in homes, cars, cities, and businesses, providing significant benefits such as energy efficiency, security, safety, and user convenience. Unfortunately, programmable IoT systems also introduce new risks, including enabling remote control by hackers of devices in smart homes, cars, and cities, via buggy IoT apps. Testing IoT apps to remove bugs is currently challenging due to a variety of physical devices with which such apps may interact, including devices that were not even available during app development. The proposed work will help develop techniques for testing IoT apps efficiently and for enforcing safety and security constraints on their run-time behavior. More specifically, the proposed work is centered around three technical thrusts: 1) creating virtual device models to help efficiently test IoT apps systematically without knowing the precise details of physical devices that the apps will control in advance; 2) automating test development for an IoT app to check safety and security specifications against a flexible set of devices; and 3) providing support for enforcement of specifications at run-time for security and safety assertions. The work includes extensive experimentation and evaluation using diverse devices and will represent a significant advance in hardening this important spaces