物聯網 (IoT) 技術的快速普及徹底改變了我們與家中設備互動的方式，提供了很大的便利性和自動化。然而，這種整合也帶來了複雜的安全挑戰，特別是跨應用互動 (CAI) 和跨手動控制及自動化互動 (CMAI) 威脅，這些威脅可能導致危險結果。本論文提出了一種綜合方案來減輕這些威脅。我們的方法在靜態階段新增規則時預先通知使用者潛在的風險，並提供重寫或保留規則的建議。同時，它在運行時動態檢測威脅、提供相應的解決方案、評估不同選項的風險，並優先執行低風險選項。所提出的方案減少了實際威脅的發生，降低了使用者的負擔，最大限度地減少了干擾，處理使用者不回應的情況，並增強了智慧家庭環境的整體安全性。實驗評估表明，我們的方案在威脅偵測、風險排名和使用者體驗方面顯著優於現有方法。

The rapid proliferation of Internet of Things (IoT) technology has fundamentally transformed the way we interact with home devices, offering unparalleled convenience and automation. However, this integration also brings complex security challenges, particularly Cross-App Interaction (CAI) and Cross Manual-control and Automation Interaction (CMAI) threats, which can lead to hazardous outcomes. This paper proposes a comprehensive scheme to mitigate these threats. Our method preemptively notifies users of potential risks when new rules are added in the static stage and provides suggestions for rewriting or retaining rules. Simultaneously, it dynamically detects threats during runtime, provides corresponding solutions, assesses the risks of different options, and prioritizes low-risk options. The proposed scheme reduces the occurrence of actual threats, lowers user effort, minimizes disruptions, handles situations where users do not respond, and enhances overall security in smart home environments. Experimental evaluations demonstrate that our scheme significantly outperforms existing methods in threat detection, risk ranking, and user experience.

[1] H. Chi, Q. Zeng, and X. Du, “Detecting and handling IoT interaction threats in Multi-Platform Multi-Control-Channel smart homes,” in 32nd USENIX Security Symposium (USENIX Security 23), (Anaheim, CA), pp. 1559–1576, USENIX Association, Aug. 2023.
[2] H. Chi, Q. Zeng, X. Du, and J. Yu, “Cross-app interference threats in smart homes: Categorization, detection and handling,” in 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 411–423, IEEE, 2020.
[3] W. Ding and H. Hu, “On the safety of iot device physical interaction control,” in Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 832–846, 2018.
[4] W. Ding, H. Hu, and L. Cheng, “Iotsafe: Enforcing safety and security policy withreal iot physical interaction discovery,” in Network and Distributed System Security Symposium, 2021.
[5] Z. B. Celik, G. Tan, and P. D. McDaniel, “Iotguard: Dynamic enforcement of security and safety policy in commodity iot.,” in NDSS, 2019.
[6] F. Saeed, A. Paul, A. Rehman, W. H. Hong, and H. Seo, “Iot-based intelligent modeling of smart home environment for fire prevention and safety,” Journal of Sensor and Actuator Networks, vol. 7, no. 1, p. 11, 2018.
[7] C. Reports, “Home security system buying guide,” July 1 2022. Accessed: (13/04/2024).
[8] SmartThings, “Smartthings public repository,” 2015. Accessed: (14/04/2024).
[9] N. F. P. Association, NFPA 70: National electrical code. NationalFireProtectionAssoc, 2007.
[10] U. Hunkeler, H. L. Truong, and A. Stanford-Clark, “Mqtt-s—a publish/subscribe protocol for wireless sensor networks,” in 2008 3rd International Conference on Communication Systems Software and Middleware and Workshops (COMSWARE’08), pp. 791–798, IEEE, 2008.