ACE Seminar: Securing IoT Apps

Speaker: Andrei Sabelfeld

Date/Time: 16-May-2019, 16:00 UTC

Venue: Roberts 3.09



IoT apps empower users by connecting a variety of otherwise unconnected services. Unfortunately, the power of IoT apps can be abused by malicious makers, unnoticeably to users. We demonstrate that popular IoT app platforms are susceptible to several classes of attacks that violate user privacy, integrity, and availability. We estimate the impact of these attacks by an empirical study. We suggest short/medium-term countermeasures based on fine-grained access control and long-term countermeasures based on information flow tracking. We illustrate our findings on two types of IoT app platforms: user automation apps (as supported by IFTTT, Zapier, and Microsoft Flow) and in-vehicle apps (as supported by Android Automotive).

Joint work with Iulia Bastys and Musard Balliu, appearing in CCS'18 and in the IEEE S&P Magazine.


Andrei Sabelfeld is a Professor in the Department of Computer Science and Engineering at Chalmers University of Technology in Gothenburg, Sweden. He has been active in world-leading research environments in Europe and the US. Before joining Chalmers as faculty, he was a Research Associate at Cornell University in Ithaca, NY, USA. Andrei Sabelfeld's research ranges from foundations to practice of software security and privacy. Today, he leads a team of researchers at Chalmers engaged in a number of internationally visible projects on web security, IoT security, and location privacy.

Add to Calendar

This page was last modified on 27 Mar 2014.