SmartAuth: User-Centered Authorization for the Internet of Things
Citations
286 citations
Cites background or methods from "SmartAuth: User-Centered Authorizat..."
...Overprivileged attacks are common in IoT and mobile devices, and many real-world overprivileged apps have been identified [155], [181]....
[...]
...[181] proposed an NLP-based method to check the inconsistencies between an IoT App’s implementation and its description in order to identify overprivileged exploits....
[...]
285 citations
Cites background from "SmartAuth: User-Centered Authorizat..."
...SmartAuth [24] found that the authentication problem also manifests itself in the IoT application platforms through overprivileged applications....
[...]
...SmartAuth [24] provides a derived authentication approach for applications on the device, but the implementation must be done by the vendor....
[...]
...Services Weak Auth Default Config Patching Framework Vendor End User Ur13 [19] Costi14 [36] Chapm14 [21] Kaval14 [26] Wuess15 [20] Rodri15 [22] Lodge16 [31] Ike16 [18] Franc16 [33] O’Fly16 [30] - - - - - - - - Ferna16 [27] Max16 [23] FlowF16 [28] Oberm16 [25] Barne17 [17] Herna17[32] Morge17 [34] Ferna17 [29] Ronen17 [15] Dolph17 [35] Tian17 [24] D ev ic e...
[...]
...Embedded Linux is found in many of the devices, but there is no secure open IoT platform, which can incorporate newly proposed frameworks [24], [28], [37] by the community....
[...]
...SmartAuth [24] is a framework that identifies required permissions for IoT applications running on platforms like SmartThings and Apple Home....
[...]
180 citations
Cites background from "SmartAuth: User-Centered Authorizat..."
...ContexIoT and SmartAuth are only applicable to an IoT app running in isolation—collecting context of an individual app....
[...]
...Constraints System Multi-app analysis Trigger-action applet analysis Policy identification Runtime policy enforcement ContexIoT [28] 7 7 7 7 SmartAuth [49] 7 7 7 7 ProvThings [51] 3 7 7† 7 Soteria [11] 3 7 3‡ 7...
[...]
...SmartAuth generates an authorization interface for users and enforces the apps permissions after a user authorized them [49]....
[...]
...For instance, some systems infer an app’s context to enforce permissions based on that context through runtime prompts [28] or asking users for authorization through an interface [49], and others apply static model checking to find property violations [11]....
[...]
175 citations
Cites background from "SmartAuth: User-Centered Authorizat..."
...Furthermore, another problem of overprivileged smart apps authorization also results in privacy issues [105], [106]....
[...]
155 citations
Additional excerpts
...Mitigations have involved rethinking permission granting [13, 22, 41]....
[...]
References
15,068 citations
"SmartAuth: User-Centered Authorizat..." refers background in this paper
...Word2Vec has many advantages over previous approaches, including catching syntactic and semantic information better than WordNet [39] and achieving lower false positive rates than ESA [21]....
[...]
7,070 citations
"SmartAuth: User-Centered Authorizat..." refers methods in this paper
...In our work, we rely on the highly accurate Stanford POS Tagger [38]....
[...]
...Specifically, we use the Stanford POS Tagger to identify parts of speech and the Stanford Parser to analyze sentence structure, including typed dependencies, as illustrated in Figure 5....
[...]
2,285 citations
"SmartAuth: User-Centered Authorizat..." refers background in this paper
...Word2Vec has many advantages over previous approaches, including catching syntactic and semantic information better than WordNet [39] and achieving lower false positive rates than ESA [21]....
[...]
1,477 citations
"SmartAuth: User-Centered Authorizat..." refers background in this paper
...The idea that privacy is context-sensitive has been widely studied [41]....
[...]
1,374 citations
"SmartAuth: User-Centered Authorizat..." refers methods in this paper
...Word2Vec [22] is a state-of-the-art tool used to produce word embedding that maps words to vectors of real numbers....
[...]