Abstract
Trigger-action programming (TAP) is an intelligent tool, which makes it easy for users to make intelligent rules for IoT devices and applications. Unfortunately, with the popularization of TAP and more and more rules, the rule chain from multiple rules appears gradually and brings more and more threats. Previous work pays more attention to the construction of the security model, but few people focus on how to accurately identify the rule chain from multiple rules. Inaccurate identification of rule chains will lead to the omission of rule chains with threats. This paper proposes a rule chain recognition model based on multiple features, TapChain, which can more accurately identify the rule chain without source code. We design a correction algorithm for TapChain to help us get the correct NLP analysis results. We extract 12 features from 5 aspects of the rules to make the recognition of the rule chain more accurate. According to the evaluation, compared with the previous work, the accuracy rate of TapChain is increased by 3.1%, the recall rate is increased by 1.4%, and the precision rate can reach 88.2%. More accurate identification of the rule chain can help to better implement the security policies and better balance security and availability. What’s more, according to the rule chain that TapChain can recognize, there is a new kind of rule chain with threats. We give the relevant case studies in the evaluation.
Highlights
Trigger-action programming (TAP) [1] is a programming method that users can use to stitch devices and applications (APPs) together, such as IoT devices, Twitter, and Google Calendar. e users do not need to know the specific programming language. ey just need to use the graphical interface to create rules such as “if this, that.” For example, the rule “if your room temperature is too high, turn on your A/C” indicates that the air conditioner will be turned on when the temperature in your room is too high
We propose a rule chain recognition model based on multiple features, TapChain
We summarize our contributions as follows: (1) We propose TapChain, a rule chain recognition model based on multiple features
Summary
Trigger-action programming (TAP) [1] is a programming method that users can use to stitch devices and applications (APPs) together, such as IoT devices, Twitter, and Google Calendar. e users do not need to know the specific programming language. ey just need to use the graphical interface to create rules such as “if this, that.” For example, the rule “if your room temperature is too high, turn on your A/C” indicates that the air conditioner will be turned on when the temperature in your room is too high. Ey just need to use the graphical interface to create rules such as “if this, that.”. TAP can be used in Internet of ings and in the interaction between APPs. For example, the rule “if you share a photo on Instagram, upload a photo from URL in your Facebook” instructs the photo will be uploaded in your Facebook when you share a photo on Instagram. As more and more devices and APPs need to be associated, this intelligent method will bring vulnerabilities to the end-user system due to the formation of a variety of rule chains vulnerabilities.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
