Theses and Dissertations
Displaying 1 - 2 of 2
Filtering by
- Creators: Capuano, Bailey Kellen
- Creators: Sharp, Trevor
Description
Apple’s HomeKit framework centralizes control of smart home devices and allows users to create home automations based on predefined rules. For example, a user can add a rule to turn off all the lights in their house whenever they leave. Currently, these rules must be added through a graphical user interface provided by Apple or a third-party app on iOS. This thesis describes how a text-based language provides users with a more expressive means of creating complex home automations and successfully implements such a language. Rules created using this text-based format are parsed and interpreted into rules that can be added directly into HomeKit. This thesis also explores how security features should be implemented with this text-based approach. Since automations are run by the system without user interaction, it is important to consider how the system itself can provide functionality to address the unintended consequences that may result from running an automation. This is especially important for the text-based approach since its increase in expressiveness makes it easier for a user to make a mistake in programming that leads to a security concern. The proposed method for preventing unintended side effects is using a simulation to run every automation prior to actually running the automation on real-world devices. This approach allows users to code some conditions that must be satisfied in order for the automation to run on devices in the home. This thesis describes the creation of such a program that successfully simulates every device in the home. There were limitations, however, with Apple's HomeKit framework, which made it impractical to match the state of simulated devices to real devices in the home. Without being able to match the current state of the home to the current state of the simulation, this method cannot satisfy the goal of ensuring that certain adverse effects will not occur as a result of automations. Other smart home control platforms that provide more extensibility could be used to create this simulation-based security approach. Perhaps as Apple continues to open up their HomeKit platform to developers, this approach may be feasible within Apple's ecosystem at some point in the future.
ContributorsSharp, Trevor Ryan (Co-author) / Sharp, Trevor (Co-author) / Bazzi, Rida (Thesis director) / Doupe, Adam (Committee member) / Economics Program in CLAS (Contributor) / Department of Management and Entrepreneurship (Contributor) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2020-05
Description
Binary analysis and software debugging are critical tools in the modern softwaresecurity ecosystem. With the security arms race between attackers discovering and
exploiting vulnerabilities and the development teams patching bugs ever-tightening,
there is an immense need for more tooling to streamline the binary analysis and
debugging processes. Whether attempting to find the root cause for a buffer overflow
or a segmentation fault, the analysis process often involves manually tracing the
movement of data throughout a program’s life cycle. Up until this point, there has
not been a viable solution to the human limitation of maintaining a cohesive mental
image of the intricacies of a program’s data flow.
This thesis proposes a novel data dependency graph (DDG) analysis as an addi-
tion to angr’s analyses suite. This new analysis ingests a symbolic execution trace
in order to generate a directed acyclic graph of the program’s data dependencies. In
addition to the development of the backend logic needed to generate this graph, an
angr management view to visualize the DDG was implemented. This user interface
provides functionality for ancestor and descendant dependency tracing and sub-graph
creation. To evaluate the analysis, a user study was conducted to measure the view’s
efficacy in regards to binary analysis and software debugging. The study consisted
of a control group and experimental group attempting to solve a series of 3 chal-
lenges and subsequently providing feedback concerning perceived functionality and
comprehensibility pertaining to the view.
The results show that the view had a positive trend in relation to challenge-solving
accuracy in its target domain, as participants solved 32% more challenges 21% faster
when using the analysis than when using vanilla angr management.
ContributorsCapuano, Bailey Kellen (Author) / Shoshitaishvili, Yan (Thesis advisor) / Wang, Ruoyu (Thesis advisor) / Doupe, Adam (Committee member) / Arizona State University (Publisher)
Created2022