{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,25]],"date-time":"2026-03-25T21:58:38Z","timestamp":1774475918584,"version":"3.50.1"},"reference-count":53,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2021,4,1]],"date-time":"2021-04-01T00:00:00Z","timestamp":1617235200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2021,8,31]]},"abstract":"<jats:p>IoT platforms enable users to connect various smart devices and online services via reactive apps running on the cloud. These apps, often developed by third-parties, perform simple computations on data triggered by external information sources and actuate the results of computations on external information sinks. Recent research shows that unintended or malicious interactions between the different (even benign) apps of a user can cause severe security and safety risks. These works leverage program analysis techniques to build tools for unveiling unexpected interference across apps for specific use cases. Despite these initial efforts, we are still lacking a semantic framework for understanding interactions between IoT apps. The question of what security policy cross-app interference embodies remains largely unexplored.<\/jats:p>\n          <jats:p>This article proposes a semantic framework capturing the essence of cross-app interactions in IoT platforms. The framework generalizes and connects syntactic enforcement mechanisms to bisimulation-based notions of security, thus providing a baseline for formulating soundness criteria of these enforcement mechanisms. Specifically, we present a calculus that models the behavioral semantics of a system of apps executing concurrently, and use it to define desirable semantic policies targeting the security and safety of IoT apps. To demonstrate the usefulness of our framework, we define and implement static analyses for enforcing cross-app security and safety, and prove them sound with respect to our semantic conditions. We also leverage real-world apps to validate the practical benefits of our tools based on the proposed enforcement mechanisms.<\/jats:p>","DOI":"10.1145\/3444963","type":"journal-article","created":{"date-parts":[[2021,4,1]],"date-time":"2021-04-01T16:04:50Z","timestamp":1617293090000},"page":"1-40","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":13,"title":["Friendly Fire"],"prefix":"10.1145","volume":"24","author":[{"given":"Musard","family":"Balliu","sequence":"first","affiliation":[{"name":"KTH Royal Institute of Technology, Stockholm, Sweden Sweden"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1712-7492","authenticated-orcid":false,"given":"Massimo","family":"Merro","sequence":"additional","affiliation":[{"name":"University of Verona, Verona, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michele","family":"Pasqua","sequence":"additional","affiliation":[{"name":"University of Verona, Verona, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mikhail","family":"Shcherbakov","sequence":"additional","affiliation":[{"name":"KTH Royal Institute of Technology, Stockholm, Sweden Sweden"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2021,4]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2010.09.001"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00013"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0304-3975(97)00223-5"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-88313-5_22"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSEC.2019.2914190"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2019.00029"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF49147.2020.00032"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243841"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-03638-6_2"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23295"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICNSS.2011.6059965"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.tcs.2018.12.002"},{"key":"e_1_2_1_13_1","volume-title":"Gian Luigi Ferrari, and Letterio Galletta","author":"Bodei Chiara","year":"2017","unstructured":"Chiara Bodei , Pierpaolo Degano , Gian Luigi Ferrari, and Letterio Galletta . 2017 . Tracing where IoT data are collected and aggregated. Log. Meth. Comput. Sci . 13, 3 (2017). DOI:https:\/\/doi.org\/10.23638\/LMCS-13(3:5)2017 10.23638\/LMCS-13(3:5)2017 Chiara Bodei, Pierpaolo Degano, Gian Luigi Ferrari, and Letterio Galletta. 2017. Tracing where IoT data are collected and aggregated. Log. Meth. Comput. Sci. 13, 3 (2017). DOI:https:\/\/doi.org\/10.23638\/LMCS-13(3:5)2017"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653673"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3209108.3209151"},{"key":"e_1_2_1_16_1","volume-title":"Proceedings of the USENIX Security Symposium (USENIX\u201918)","author":"Celik Z. Berkay","unstructured":"Z. Berkay Celik , Leonardo Babun , Amit Kumar Sikder , Hidayet Aksu , Gang Tan , Patrick D. McDaniel , and A. Selcuk Uluagac . 2018. Sensitive information tracking in commodity IoT . In Proceedings of the USENIX Security Symposium (USENIX\u201918) . USENIX Association, 1687--1704. Z. Berkay Celik, Leonardo Babun, Amit Kumar Sikder, Hidayet Aksu, Gang Tan, Patrick D. McDaniel, and A. Selcuk Uluagac. 2018. Sensitive information tracking in commodity IoT. In Proceedings of the USENIX Security Symposium (USENIX\u201918). USENIX Association, 1687--1704."},{"key":"e_1_2_1_17_1","volume-title":"McDaniel","author":"Celik Z. Berkay","year":"2019","unstructured":"Z. Berkay Celik , Earlence Fernandes , Eric Pauley , Gang Tan , and Patrick D . McDaniel . 2019 . Program analysis of commodity IoT applications for security and privacy: Challenges and opportunities. ACM Comput. Surv . 52, 4 (2019), 74:1\u201374:30. DOI:https:\/\/doi.org\/10.1145\/3333501 10.1145\/3333501 Z. Berkay Celik, Earlence Fernandes, Eric Pauley, Gang Tan, and Patrick D. McDaniel. 2019. Program analysis of commodity IoT applications for security and privacy: Challenges and opportunities. ACM Comput. Surv. 52, 4 (2019), 74:1\u201374:30. DOI:https:\/\/doi.org\/10.1145\/3333501"},{"key":"e_1_2_1_18_1","volume-title":"Proceedings of the USENIX Annual Technical Conference (USENIX ATC\u201918)","author":"Celik Z. Berkay","year":"2018","unstructured":"Z. Berkay Celik , Patrick D. McDaniel , and Gang Tan . 2018 . Soteria: Automated IoT safety and security analysis . In Proceedings of the USENIX Annual Technical Conference (USENIX ATC\u201918) . USENIX Association, 147--158. Z. Berkay Celik, Patrick D. McDaniel, and Gang Tan. 2018. Soteria: Automated IoT safety and security analysis. In Proceedings of the USENIX Annual Technical Conference (USENIX ATC\u201918). USENIX Association, 147--158."},{"key":"e_1_2_1_19_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS\u201919)","author":"Celik Z. Berkay","unstructured":"Z. Berkay Celik , Gang Tan , and Patrick D . McDaniel. 2019. IoTGuard: Dynamic enforcement of security and safety policy in commodity IoT . In Proceedings of the Network and Distributed System Security Symposium (NDSS\u201919) . The Internet Society. Z. Berkay Celik, Gang Tan, and Patrick D. McDaniel. 2019. IoTGuard: Dynamic enforcement of security and safety policy in commodity IoT. In Proceedings of the Network and Distributed System Security Symposium (NDSS\u201919). The Internet Society."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN48063.2020.00056"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-00590-9_16"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/LICS.2002.1029849"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243865"},{"key":"e_1_2_1_24_1","unstructured":"dotnet. 2020. .NET - Free. Cross-platform. Open source. Retrieved from https:\/\/dotnet.microsoft.com\/.  dotnet. 2020. .NET - Free. Cross-platform. Open source. Retrieved from https:\/\/dotnet.microsoft.com\/."},{"key":"e_1_2_1_25_1","volume-title":"Proceedings of the USENIX Security Symposium (USENIX Security\u201916)","author":"Fernandes Earlence","year":"2016","unstructured":"Earlence Fernandes , Justin Paupore , Amir Rahmati , Daniel Simionato , Mauro Conti , and Atul Prakash . 2016 . FlowFence: Practical data protection for emerging IoT application frameworks . In Proceedings of the USENIX Security Symposium (USENIX Security\u201916) . IUSENIX Association, 531--548. Earlence Fernandes, Justin Paupore, Amir Rahmati, Daniel Simionato, Mauro Conti, and Atul Prakash. 2016. FlowFence: Practical data protection for emerging IoT application frameworks. In Proceedings of the USENIX Security Symposium (USENIX Security\u201916). IUSENIX Association, 531--548."},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23119"},{"key":"e_1_2_1_27_1","volume-title":"Proceedings of the Conference on Foundations of Security Analysis and Design (FOSAD\u201900)","volume":"2171","author":"Focardi Riccardo","year":"2000","unstructured":"Riccardo Focardi and Roberto Gorrieri . 2000 . Classification of security properties (Part I: Information flow) . In Proceedings of the Conference on Foundations of Security Analysis and Design (FOSAD\u201900) (Lecture Notes in Computer Science) , Vol. 2171 . 331--396. DOI:https:\/\/doi.org\/10.1007\/3-540-45608-2_6 10.1007\/3-540-45608-2_6 Riccardo Focardi and Roberto Gorrieri. 2000. Classification of security properties (Part I: Information flow). In Proceedings of the Conference on Foundations of Security Analysis and Design (FOSAD\u201900) (Lecture Notes in Computer Science), Vol. 2171. 331--396. DOI:https:\/\/doi.org\/10.1007\/3-540-45608-2_6"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-48119-2_44"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/BFb0057019"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2019.2899758"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/1111037.1111045"},{"key":"e_1_2_1_32_1","volume-title":"IFTTT: If This Then That.","author":"IFTTT.","year":"2020","unstructured":"IFTTT. 2020 . IFTTT: If This Then That. Retrieved from https:\/\/ifttt.com. IFTTT. 2020. IFTTT: If This Then That. Retrieved from https:\/\/ifttt.com."},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40203-6_43"},{"key":"e_1_2_1_34_1","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy (IEEE S&P\u201909)","author":"Maxwell","year":"2009","unstructured":"Maxwell N. Krohn and Eran Tromer. 2009. Noninterference for a practical DIFC-based operating system . In Proceedings of the IEEE Symposium on Security and Privacy (IEEE S&P\u201909) . IEEE Computer Society, 61--76. DOI:https:\/\/doi.org\/10.1109\/SP. 2009 .23 10.1109\/SP.2009.23 Maxwell N. Krohn and Eran Tromer. 2009. Noninterference for a practical DIFC-based operating system. In Proceedings of the IEEE Symposium on Security and Privacy (IEEE S&P\u201909). IEEE Computer Society, 61--76. DOI:https:\/\/doi.org\/10.1109\/SP.2009.23"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2480362.2480615"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ic.2018.01.001"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-98938-9_17"},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1017\/S0960129504004323"},{"key":"e_1_2_1_39_1","unstructured":"MSPA. 2020. Microsoft Power Automate. Retrieved from https:\/\/flow.microsoft.com\/en-us\/.  MSPA. 2020. Microsoft Power Automate. Retrieved from https:\/\/flow.microsoft.com\/en-us\/."},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133850.3133860"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3281411.3281440"},{"key":"e_1_2_1_42_1","unstructured":"NST. 2019. Nest Thermostat. Retrieved from https:\/\/ifttt.com\/services\/nest_thermostat.  NST. 2019. Nest Thermostat. Retrieved from https:\/\/ifttt.com\/services\/nest_thermostat."},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-64455-0_6"},{"key":"e_1_2_1_44_1","volume-title":"The Definitive ANTLR 4 Reference","author":"Parr T.","unstructured":"T. Parr . 2013. The Definitive ANTLR 4 Reference ( 2 nd ed.). Pragmatic Bookshelf , Raleigh, NC . T. Parr. 2013. The Definitive ANTLR 4 Reference (2nd ed.). Pragmatic Bookshelf, Raleigh, NC.","edition":"2"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2002.806121"},{"key":"e_1_2_1_46_1","volume-title":"Proceedings of the International Symposium on Software Security (ISSS\u201903)","volume":"3233","author":"Sabelfeld Andrei","unstructured":"Andrei Sabelfeld and Andrew C. Myers . 2003. A model for delimited information release . In Proceedings of the International Symposium on Software Security (ISSS\u201903) (Lecture Notes in Computer Science) , Vol. 3233 . Springer, 174--191. DOI:https:\/\/doi.org\/10.1007\/978-3-540-37621-7_9 10.1007\/978-3-540-37621-7_9 Andrei Sabelfeld and Andrew C. Myers. 2003. A model for delimited information release. In Proceedings of the International Symposium on Software Security (ISSS\u201903) (Lecture Notes in Computer Science), Vol. 3233. Springer, 174--191. DOI:https:\/\/doi.org\/10.1007\/978-3-540-37621-7_9"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.5555\/1662658.1662659"},{"key":"e_1_2_1_48_1","unstructured":"smt. 2020. SmartThings. Retrieved from https:\/\/ifttt.com\/smartthings.  smt. 2020. SmartThings. Retrieved from https:\/\/ifttt.com\/smartthings."},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3038912.3052709"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSA.2019.00028"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.5555\/353629.353648"},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.12785\/amis\/080655"},{"key":"e_1_2_1_53_1","unstructured":"Zapier. 2020. Zapier. Retrieved from https:\/\/zapier.com.  Zapier. 2020. Zapier. Retrieved from https:\/\/zapier.com."}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3444963","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3444963","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T21:28:13Z","timestamp":1750195693000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3444963"}},"subtitle":["Cross-app Interactions in IoT Platforms"],"short-title":[],"issued":{"date-parts":[[2021,4]]},"references-count":53,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2021,8,31]]}},"alternative-id":["10.1145\/3444963"],"URL":"https:\/\/doi.org\/10.1145\/3444963","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"value":"2471-2566","type":"print"},{"value":"2471-2574","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,4]]},"assertion":[{"value":"2020-07-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-12-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-04-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}