Collaborative Research: CPS: Medium: Enabling Data-Driven Security and Safety Analyses for Cyber-Physical Systems
Lead PI:
Adwait Nadkarni
Co-PI:
Abstract

Smart home products have become extremely popular with consumers due to the convenience offered through home automation. In bridging the cyber-physical gap, however, home automation brings a widening of the cyber attack surface of the home. Research towards analyzing and preventing security and safety failures in a smart home faces a fundamental obstacle in practice: the poor characterization of home automation usage. That is, without the knowledge of how users automate their homes, it is difficult to address several critical challenges in designing and analyzing security systems, potentially rendering solutions ineffective in actual deployments. This project aims to bridge this gap, and provide researchers, end-users, and system designers with the means to collect, generate, and analyze realistic examples of home automation usage. This approach builds upon a unique characteristic of emerging smart home platforms: the presence of "user-driven" automation in the form of trigger-action programs that users configure via platform-provided user interfaces. In particular, this project devises methods to capture and model such user-driven home automation to generate statistically significant and useful usage scenarios. The techniques that will be developed during the course of this project will allow researchers and practitioners to analyze various security, safety and privacy properties of the cyber-physical systems that comprise modern smart homes, ultimately leading to deployments of smart home Internet of Things (IoT) devices that are more secure. The project will also produce and disseminate educational materials on best practices for developing secure software with an emphasis on IoT devices, suitable for integration into existing computer literacy courses at all levels of education. In addition, the project will focus on recruiting and retaining computer science students from traditionally underrepresented categories.

This project is centered on three specific goals. First, it will develop novel data collection strategies that allow end-users to easily specify routines in a flexible manner, as well as techniques based on Natural language Processing (NLP) for automatically processing and transforming the data into a format suitable for modeling. Second, it will introduce approaches for transforming routines into realistic home automation event sequences, understanding their latent properties and modeling them using well-understood language modeling techniques. Third, it will contextualize the smart home usage models to make predictions that cater to security analyses specifically and develop tools that allow for the inspection of a smart home?s state alongside the execution of predicted event sequences on real products. The techniques and models developed during the course of this project will be validated with industry partners and are expected to become instrumental for developers and researchers to understand security and privacy properties of smart homes.

Performance Period: 01/01/2022 - 12/31/2024
Institution: College of William and Mary
Award Number: 2132281