{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T20:17:36Z","timestamp":1776889056644,"version":"3.51.2"},"reference-count":80,"publisher":"Privacy Enhancing Technologies Symposium Advisory Board","issue":"1","license":[{"start":{"date-parts":[[2020,11,9]],"date-time":"2020-11-09T00:00:00Z","timestamp":1604880000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,1,1]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>Abstract: Users trust IoT apps to control and automate their smart devices. These apps necessarily have access to sensitive data to implement their functionality. However, users lack visibility into how their sensitive data is used, and often blindly trust the app developers. In this paper, we present IoTWATcH, a dynamic analysis tool that uncovers the privacy risks of IoT apps in real-time. We have designed and built IoTWATcH through a comprehensive IoT privacy survey addressing the privacy needs of users. IoTWATCH operates in four phases: (a) it provides users with an interface to specify their privacy preferences at app install time, (b) it adds extra logic to an app\u2019s source code to collect both IoT data and their recipients at runtime, (c) it uses Natural Language Processing (NLP) techniques to construct a model that classifies IoT app data into intuitive privacy labels, and (d) it informs the users when their preferences do not match the privacy labels, exposing sensitive data leaks to users. We implemented and evaluated IoTWATcH on real IoT applications. Specifically, we analyzed 540 IoT apps to train the NLP model and evaluate its effectiveness. IoTWATcH yields an average 94.25% accuracy in classifying IoT app data into privacy labels with only 105 ms additional latency to an app\u2019s execution.<\/jats:p>","DOI":"10.2478\/popets-2021-0009","type":"journal-article","created":{"date-parts":[[2020,12,22]],"date-time":"2020-12-22T11:47:00Z","timestamp":1608637620000},"page":"145-166","source":"Crossref","is-referenced-by-count":25,"title":["Real-time Analysis of Privacy-(un)aware IoT Applications"],"prefix":"10.56553","volume":"2021","author":[{"given":"Leonardo","family":"Babun","sequence":"first","affiliation":[{"name":"Florida International University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Z. Berkay","family":"Celik","sequence":"additional","affiliation":[{"name":"Purdue University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Patrick","family":"McDaniel","sequence":"additional","affiliation":[{"name":"Pennsylvania State University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"A. Selcuk","family":"Uluagac","sequence":"additional","affiliation":[{"name":"Florida International University"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"35752","published-online":{"date-parts":[[2020,11,9]]},"reference":[{"key":"2022042319261071237_j_popets-2021-0009_ref_001_w2aab3b7c18b1b6b1ab1ab1Aa","doi-asserted-by":"crossref","unstructured":"[1] Acar, A., Fereidooni, H., Abera, T., Sikder, A. K., Miettinen, M., Aksu, H., Conti, M., Sadeghi, A.-R., and Uluagac, A. S. Peek-a-boo: I see your smart home activities, even encrypted! WiSec (2020).10.1145\/3395351.3399421","DOI":"10.1145\/3395351.3399421"},{"key":"2022042319261071237_j_popets-2021-0009_ref_002_w2aab3b7c18b1b6b1ab1ab2Aa","doi-asserted-by":"crossref","unstructured":"[2] Aksu, H., Babun, L., Conti, M., Tolomei, G., and Uluagac, A. S. Advertising in the iot era: Vision and challenges. IEEE Communications Magazine 56, 11 (November 2018), 138\u2013144.10.1109\/MCOM.2017.1700871","DOI":"10.1109\/MCOM.2017.1700871"},{"key":"2022042319261071237_j_popets-2021-0009_ref_003_w2aab3b7c18b1b6b1ab1ab3Aa","doi-asserted-by":"crossref","unstructured":"[3] Z. B. Celik and P. McDaniel and G. Tan and L. Babun and A. S. Uluagac Verifying Internet of Things Safety and Security in Physical Spaces. IEEE Security Privacy, 17 (September 2019), 30\u201337.10.1109\/MSEC.2019.2911511","DOI":"10.1109\/MSEC.2019.2911511"},{"key":"2022042319261071237_j_popets-2021-0009_ref_004_w2aab3b7c18b1b6b1ab1ab4Aa","unstructured":"[4] Apple\u2019s Home Kit Security and Privacy on iOS. https:\/\/www.apple.com\/business\/docs\/iOS_Security_Guide.pdf. [Online; accessed 9-January-2020]."},{"key":"2022042319261071237_j_popets-2021-0009_ref_005_w2aab3b7c18b1b6b1ab1ab5Aa","doi-asserted-by":"crossref","unstructured":"[5] Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., and McDaniel, P. FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps. ACM SIGPLAN Notices (2014).","DOI":"10.1145\/2594291.2594299"},{"key":"2022042319261071237_j_popets-2021-0009_ref_006_w2aab3b7c18b1b6b1ab1ab6Aa","unstructured":"[6] AutoML. https:\/\/www.ml4aad.org\/automl\/. [Online; accessed 10-February-2019]."},{"key":"2022042319261071237_j_popets-2021-0009_ref_007_w2aab3b7c18b1b6b1ab1ab7Aa","unstructured":"[7] AutoML Natural Language Google. https:\/\/cloud.google.com\/natural-language\/automl\/docs\/.google[Online; accessed 10-February-2019]."},{"key":"2022042319261071237_j_popets-2021-0009_ref_008_w2aab3b7c18b1b6b1ab1ab8Aa","doi-asserted-by":"crossref","unstructured":"[8] Ayyadevara, V. K. Word2vec. Apress, Berkeley, CA, 2018, pp. 167\u2013178.10.1007\/978-1-4842-3564-5_8","DOI":"10.1007\/978-1-4842-3564-5_8"},{"key":"2022042319261071237_j_popets-2021-0009_ref_009_w2aab3b7c18b1b6b1ab1ab9Aa","doi-asserted-by":"crossref","unstructured":"[9] Babun, L., Sikder, A. K., Acar, A., and Uluagac, A. S. Iotdots: A digital forensics framework for smart environments, 2018.10.1145\/3317549.3326317","DOI":"10.1145\/3317549.3326317"},{"key":"2022042319261071237_j_popets-2021-0009_ref_010_w2aab3b7c18b1b6b1ab1ac10Aa","unstructured":"[10] Celik, Z. B., Babun, L., Sikder, A. K., Aksu, H., Tan, G., McDaniel, P., and Uluagac, A. S. Sensitive Information Tracking in Commodity IoT. In 27th USENIX Security Symposium (2018)."},{"key":"2022042319261071237_j_popets-2021-0009_ref_011_w2aab3b7c18b1b6b1ab1ac11Aa","doi-asserted-by":"crossref","unstructured":"[11] Celik, Z. B., Fernandes, E., Pauley, E., Tan, G., and McDaniel, P. Program Analysis of Commodity IoT Applications for Security and Privacy: Challenges and Opportunities. ACM Computing Surveys (CSUR) (2019).10.1145\/3333501","DOI":"10.1145\/3333501"},{"key":"2022042319261071237_j_popets-2021-0009_ref_012_w2aab3b7c18b1b6b1ab1ac12Aa","unstructured":"[12] Celik, Z. B., McDaniel, P., and Tan, G. Soteria: Automated IoT safety and security analysis. In USENIX Annual Technical Conference (USENIX ATC) (2018)."},{"key":"2022042319261071237_j_popets-2021-0009_ref_013_w2aab3b7c18b1b6b1ab1ac13Aa","doi-asserted-by":"crossref","unstructured":"[13] Celik, Z. B., Tan, G., and McDaniel, P. IoTGuard: Dynamic enforcement of security and safety policy in commodity IoT. In Network and Distributed System Security Symposium (NDSS) (2019).10.14722\/ndss.2019.23326","DOI":"10.14722\/ndss.2019.23326"},{"key":"2022042319261071237_j_popets-2021-0009_ref_014_w2aab3b7c18b1b6b1ab1ac14Aa","doi-asserted-by":"crossref","unstructured":"[14] Clause, J., et al. Dytan: a Generic Dynamic Taint Analysis Framework. In ACM Software Testing and Analysis (2007).10.1145\/1273463.1273490","DOI":"10.1145\/1273463.1273490"},{"key":"2022042319261071237_j_popets-2021-0009_ref_015_w2aab3b7c18b1b6b1ab1ac15Aa","doi-asserted-by":"crossref","unstructured":"[15] Denney, K., Babun, L. and Uluagac, A. S. USB-Watch: a Generalized Hardware-Assisted Insider Threat Detection Framework. In in Journal of Hardware and Systems Security (2020).10.1007\/s41635-020-00092-z","DOI":"10.1007\/s41635-020-00092-z"},{"key":"2022042319261071237_j_popets-2021-0009_ref_016_w2aab3b7c18b1b6b1ab1ac16Aa","doi-asserted-by":"crossref","unstructured":"[16] Denney K., Erdin E., Babun L., Vai M., and Uluagac A. S. USB-Watch: A Dynamic Hardware-Assisted USB Threat Detection Framework. In Security and Privacy in Communication Networks (SecureComm). (2019).10.1007\/978-3-030-37228-6_7","DOI":"10.1007\/978-3-030-37228-6_7"},{"key":"2022042319261071237_j_popets-2021-0009_ref_017_w2aab3b7c18b1b6b1ab1ac17Aa","doi-asserted-by":"crossref","unstructured":"[17] Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.-G., Cox, L. P., Jung, J., McDaniel, P., and Sheth, A. N. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. ACM Transaction on Computer Systems (2014).10.1145\/2619091","DOI":"10.1145\/2619091"},{"key":"2022042319261071237_j_popets-2021-0009_ref_018_w2aab3b7c18b1b6b1ab1ac18Aa","doi-asserted-by":"crossref","unstructured":"[18] Fernandes, E., Jung, J., and Prakash, A. Security Analysis of Emerging Smart Home Applications. In IEEE Security and Privacy (SP) (2016).10.1109\/SP.2016.44","DOI":"10.1109\/SP.2016.44"},{"key":"2022042319261071237_j_popets-2021-0009_ref_019_w2aab3b7c18b1b6b1ab1ac19Aa","unstructured":"[19] Fernandes, E., Paupore, J., Rahmati, A., Simionato, D., Conti, M., and Prakash, A. FlowFence: Practical Data Protection for Emerging IoT Application Frameworks. In USENIX Security (2016)."},{"key":"2022042319261071237_j_popets-2021-0009_ref_020_w2aab3b7c18b1b6b1ab1ac20Aa","unstructured":"[20] Google App Engine. https:\/\/cloud.google.com\/appengine\/. [Online; accessed 26-August-2020]."},{"key":"2022042319261071237_j_popets-2021-0009_ref_021_w2aab3b7c18b1b6b1ab1ac21Aa","unstructured":"[21] Google Books NGrams. https:\/\/aws.amazon.com\/datasets\/google-books-ngrams\/. [Online; accessed 10-August-2020]."},{"key":"2022042319261071237_j_popets-2021-0009_ref_022_w2aab3b7c18b1b6b1ab1ac22Aa","unstructured":"[22] Google Forms. https:\/\/www.google.com\/forms\/about\/. [Online; accessed 26-August-2020]."},{"key":"2022042319261071237_j_popets-2021-0009_ref_023_w2aab3b7c18b1b6b1ab1ac23Aa","unstructured":"[23] The Apache Groovy. https:\/\/groovy-lang.org\/metaprogramming.html#_abstractasttransformation. [Online; accessed 26-August-2020]."},{"key":"2022042319261071237_j_popets-2021-0009_ref_024_w2aab3b7c18b1b6b1ab1ac24Aa","doi-asserted-by":"crossref","unstructured":"[24] Gordon, M. I., Kim, D., Perkins, J. H., Gilham, L., Nguyen, N., and Rinard, M. C. Information Flow Analysis of Android Applications in DroidSafe. In NDSS (2015).10.14722\/ndss.2015.23089","DOI":"10.14722\/ndss.2015.23089"},{"key":"2022042319261071237_j_popets-2021-0009_ref_025_w2aab3b7c18b1b6b1ab1ac25Aa","doi-asserted-by":"crossref","unstructured":"[25] Gorla, A., Tavecchia, I., Gross, F., and Zeller, A. Checking App Behavior Against App Descriptions. In Proceedings of the 36th International Conference on Software Engineering (2014), ICSE 2014, ACM.10.1145\/2568225.2568276","DOI":"10.1145\/2568225.2568276"},{"key":"2022042319261071237_j_popets-2021-0009_ref_026_w2aab3b7c18b1b6b1ab1ac26Aa","doi-asserted-by":"crossref","unstructured":"[26] Gu, B., Li, X., Li, G., Champion, A. C., Chen, Z., Qin, F., and Xuan, D. D2Taint: Differentiated and Dynamic Information Flow Tracking on Smartphones for Numerous Data Sources. In INFOCOM (2013).10.1109\/INFCOM.2013.6566866","DOI":"10.1109\/INFCOM.2013.6566866"},{"key":"2022042319261071237_j_popets-2021-0009_ref_027_w2aab3b7c18b1b6b1ab1ac27Aa","unstructured":"[27] IFTTT (if this, then that). https:\/\/ifttt.com\/, 2017. [Online; accessed 26-August-2020]."},{"key":"2022042319261071237_j_popets-2021-0009_ref_028_w2aab3b7c18b1b6b1ab1ac28Aa","unstructured":"[28] IoTBench. https:\/\/github.com\/IoTBench, 2017. [Online; accessed 26-August-2020]."},{"key":"2022042319261071237_j_popets-2021-0009_ref_029_w2aab3b7c18b1b6b1ab1ac29Aa","doi-asserted-by":"crossref","unstructured":"[29] Jia, Y. J., Chen, Q. A., Wang, S., Rahmati, A., Fernandes, E., Mao, Z. M., Prakash, A., and Unviersity, S. J. ContexIoT: Towards Providing Contextual Integrity to Appified IoT Platforms. In NDSS (2017).10.14722\/ndss.2017.23051","DOI":"10.14722\/ndss.2017.23051"},{"key":"2022042319261071237_j_popets-2021-0009_ref_030_w2aab3b7c18b1b6b1ab1ac30Aa","unstructured":"[30] Le, Q., and Mikolov, T. Distributed Representations of Sentences and Documents. In Proceedings of the 31st International Conference on International Conference on Machine Learning - Volume 32 (2014), ICML\u201914."},{"key":"2022042319261071237_j_popets-2021-0009_ref_031_w2aab3b7c18b1b6b1ab1ac31Aa","unstructured":"[31] Metaprogramming. http:\/\/docs.groovy-lang.org\/docs\/next\/html\/documentation\/core-metaprogramming.html. [Online; accessed 26-August-2020]."},{"key":"2022042319261071237_j_popets-2021-0009_ref_032_w2aab3b7c18b1b6b1ab1ac32Aa","unstructured":"[32] Mikolov, T., Chen, K., Corrado, G. S., and Dean, J. Efficient estimation of word representations in vector space. CoRR abs\/1301.3781 (2013)."},{"key":"2022042319261071237_j_popets-2021-0009_ref_033_w2aab3b7c18b1b6b1ab1ac33Aa","unstructured":"[33] N. Iderhoff, \u201cnlp-datasets\u201d. https:\/\/github.com\/niderhoff\/nlp-datasets\/blob\/master\/README.md. [Online; accessed 26-August-2020]."},{"key":"2022042319261071237_j_popets-2021-0009_ref_034_w2aab3b7c18b1b6b1ab1ac34Aa","unstructured":"[34] OpenHAB IoT App Market (Eclipse Market Place). http:\/\/docs.openhab.org\/eclipseiotmarket. [Online; accessed 26-August-2020]."},{"key":"2022042319261071237_j_popets-2021-0009_ref_035_w2aab3b7c18b1b6b1ab1ac35Aa","unstructured":"[35] OpenHAB IoT App Submission Guideline. https:\/\/marketplace.eclipse.org\/content\/eclipse-marketplace-publishing-guidelines. [Online; accessed 26-August-2020]."},{"key":"2022042319261071237_j_popets-2021-0009_ref_036_w2aab3b7c18b1b6b1ab1ac36Aa","unstructured":"[36] OpenHAB: Open Source Automation Software for Home. https:\/\/www.openhab.org\/. [Online; accessed 26-August-2020]."},{"key":"2022042319261071237_j_popets-2021-0009_ref_037_w2aab3b7c18b1b6b1ab1ac37Aa","unstructured":"[37] Pan, X., Cao, Y., Du, X., He, B., Fang, G., Shao, R., and Chen, Y. FlowCog: Context-aware Semantics Extraction and Analysis of Information Flow Leaks in Android Apps. In 27th USENIX Security Symposium (Baltimore, MD, 2018)."},{"key":"2022042319261071237_j_popets-2021-0009_ref_038_w2aab3b7c18b1b6b1ab1ac38Aa","unstructured":"[38] Pandita, R., Xiao, X., Yang, W., Enck, W., and Xie, T. WHYPER: Towards Automating Risk Assessment of Mobile Applications. In Presented as part of the 22nd USENIX Security Symposium (Washington, D.C., 2013), USENIX."},{"key":"2022042319261071237_j_popets-2021-0009_ref_039_w2aab3b7c18b1b6b1ab1ac39Aa","doi-asserted-by":"crossref","unstructured":"[39] Qu, Z., Rastogi, V., Zhang, X., Chen, Y., Zhu, T., and Chen, Z. AutoCog: Measuring the Description-to-permission Fidelity in Android Applications. In Proceedings of the ACM Conference on Computer and Communications Security (New York, NY, USA, 2014), CCS \u201914, ACM.10.1145\/2660267.2660287","DOI":"10.1145\/2660267.2660287"},{"key":"2022042319261071237_j_popets-2021-0009_ref_040_w2aab3b7c18b1b6b1ab1ac40Aa","doi-asserted-by":"crossref","unstructured":"[40] Rahmati, A., Fernandes, E., and Prakash, A. Applying the Opacified Computation Model to Enforce Information Flow Policies in IoT Applications. In IEEE Cybersecurity Development (SecDev) (2016).10.1109\/SecDev.2016.031","DOI":"10.1109\/SecDev.2016.031"},{"key":"2022042319261071237_j_popets-2021-0009_ref_041_w2aab3b7c18b1b6b1ab1ac41Aa","unstructured":"[41] Sikder, A. K., Aksu, H., and Uluagac, A. S. 6thsense: A context-aware sensor-based attack detector for smart devices. In 26th {USENIX} Security Symposium ({USENIX} Security 17) (2017), pp. 397\u2013414."},{"key":"2022042319261071237_j_popets-2021-0009_ref_042_w2aab3b7c18b1b6b1ab1ac42Aa","doi-asserted-by":"crossref","unstructured":"[42] Sikder, A. K., Aksu, H., and Uluagac, A. S. A context-aware framework for detecting sensor-based threats on smart devices. IEEE Transactions on Mobile Computing (2019).10.1109\/TMC.2019.2893253","DOI":"10.1109\/TMC.2019.2893253"},{"key":"2022042319261071237_j_popets-2021-0009_ref_043_w2aab3b7c18b1b6b1ab1ac43Aa","doi-asserted-by":"crossref","unstructured":"[43] Sikder, A. K., Babun, L., Aksu, H., and Uluagac, A. S. Aegis: A context-aware security framework for smart home systems. ACSAC (2019).10.1145\/3359789.3359840","DOI":"10.1145\/3359789.3359840"},{"key":"2022042319261071237_j_popets-2021-0009_ref_044_w2aab3b7c18b1b6b1ab1ac44Aa","unstructured":"[44] Sikder, A. K., Petracca, G., Aksu, H., Jaeger, T., and Uluagac, A. S. A survey on sensor-based threats to internet-of-things (iot) devices and applications. arXiv preprint arXiv:1802.02041 (2018)."},{"key":"2022042319261071237_j_popets-2021-0009_ref_045_w2aab3b7c18b1b6b1ab1ac45Aa","unstructured":"[45] Pardis E. and Yuvraj A. and Lorrie F. C. and Hanan H. Ask the Experts: What Should Be on an IoT Privacy and Security Label? arXiv preprint arXiv:2002.04631 (2020)."},{"key":"2022042319261071237_j_popets-2021-0009_ref_046_w2aab3b7c18b1b6b1ab1ac46Aa","unstructured":"[46] SmartThings Classic Documentation: Classes and JARs. https:\/\/docs.smartthings.com\/en\/latest\/getting-started\/groovy-for-smartthings.html#allowed-classes. [Online; accessed 26-August-2020]."},{"key":"2022042319261071237_j_popets-2021-0009_ref_047_w2aab3b7c18b1b6b1ab1ac47Aa","unstructured":"[47] SmartThings Code Review Guidelines and Best Practices. http:\/\/docs.smartthings.com\/en\/latest\/code-review-guidelines.html. [Online; accessed 26-August-2020]."},{"key":"2022042319261071237_j_popets-2021-0009_ref_048_w2aab3b7c18b1b6b1ab1ac48Aa","unstructured":"[48] SmartThings Community Forum for Third-party Apps. https:\/\/community.smartthings.com\/. [Online; accessed 26-August-2020]."},{"key":"2022042319261071237_j_popets-2021-0009_ref_049_w2aab3b7c18b1b6b1ab1ac49Aa","unstructured":"[49] SmartThings Groovy IDE. https:\/\/graph.api.smartthings.com\/. [Online; accessed 26-August-2020]."},{"key":"2022042319261071237_j_popets-2021-0009_ref_050_w2aab3b7c18b1b6b1ab1ac50Aa","unstructured":"[50] SmartThings Official App Repository. https:\/\/github.com\/SmartThingsCommunity. [Online; accessed 26-August-2020]."},{"key":"2022042319261071237_j_popets-2021-0009_ref_051_w2aab3b7c18b1b6b1ab1ac51Aa","unstructured":"[51] SmartThings Official Developer Documentation. http:\/\/docs.smartthings.com. [Online; accessed 26-August-2020]."},{"key":"2022042319261071237_j_popets-2021-0009_ref_052_w2aab3b7c18b1b6b1ab1ac52Aa","unstructured":"[52] SmartThings Supported IoT Products (Devices). https:\/\/www.smartthings.com\/products. [Online; accessed 26-August-2020]."},{"key":"2022042319261071237_j_popets-2021-0009_ref_053_w2aab3b7c18b1b6b1ab1ac53Aa","unstructured":"[53] Tian, Y., Zhang, N., Lin, Y.-H., Wang, X., Ur, B., Guo, X., and Tague, P. SmartAuth: User-Centered Authorization for the Internet of Things. In 26th USENIX Security Symposium (Vancouver, BC, 2017)."},{"key":"2022042319261071237_j_popets-2021-0009_ref_054_w2aab3b7c18b1b6b1ab1ac54Aa","doi-asserted-by":"crossref","unstructured":"[54] Wang, Q., Datta, P., Yang, W., Liu, S., Bates, A., and Gunter, C. A. Charting the Atack Surface of Trigger-Action IoT Platforms. In Proceedings of 26th ACM Conference on Computer and Communications Security (2019).10.1145\/3319535.3345662","DOI":"10.1145\/3319535.3345662"},{"key":"2022042319261071237_j_popets-2021-0009_ref_055_w2aab3b7c18b1b6b1ab1ac55Aa","doi-asserted-by":"crossref","unstructured":"[55] Wang, Q., Hassan, W. U., Bates, A. J., and Gunter, C. Fear and logging in the internet of things. In Network and Distributed Systems Symposium (NDSS) (Feb 2018).10.14722\/ndss.2018.23282","DOI":"10.14722\/ndss.2018.23282"},{"key":"2022042319261071237_j_popets-2021-0009_ref_056_w2aab3b7c18b1b6b1ab1ac56Aa","unstructured":"[56] Wikipedia. https:\/\/dumps.wikimedia.org\/wikidatawiki\/entities\/. [Online; accessed 26-August-2020]."},{"key":"2022042319261071237_j_popets-2021-0009_ref_057_w2aab3b7c18b1b6b1ab1ac57Aa","doi-asserted-by":"crossref","unstructured":"[57] Zhu, D. Y., Jung, J., Song, D., Kohno, T., and Wetherall, D. TaintEraser: Protecting Sensitive Data Leaks Using Application-level Taint Tracking. SIGOPS Operating Systems Review (2011).10.1145\/1945023.1945039","DOI":"10.1145\/1945023.1945039"},{"key":"2022042319261071237_j_popets-2021-0009_ref_058_w2aab3b7c18b1b6b1ab1ac58Aa","doi-asserted-by":"crossref","unstructured":"[58] Ren, J. and Dubois, D. J. and Choffnes, D. and Mandalari, A. M. and Kolcun, R. and Haddadi, H. Information Exposure From Consumer IoT Devices: A Multidimensional, Network-Informed Measurement Approach. Proc. of the Internet Measurement Conf. (2019).10.1145\/3355369.3355577","DOI":"10.1145\/3355369.3355577"},{"key":"2022042319261071237_j_popets-2021-0009_ref_059_w2aab3b7c18b1b6b1ab1ac59Aa","unstructured":"[59] A. Dorri and S. S. Kanhere and R. Jurdak and P. Gauravaram User Perceptions of Smart Home IoT Privacy. Proc. ACM Hum.-Comput. Interact. (2018)."},{"key":"2022042319261071237_j_popets-2021-0009_ref_060_w2aab3b7c18b1b6b1ab1ac60Aa","unstructured":"[60] Zheng, S. and Apthorpe, N. and Chetty, M. and Feamster, N. Blockchain for IoT Security and Privacy: The case study of a smart home. IEEE PerCom Workshops (2017)."},{"key":"2022042319261071237_j_popets-2021-0009_ref_061_w2aab3b7c18b1b6b1ab1ac61Aa","doi-asserted-by":"crossref","unstructured":"[61] R. Chow The Last Mile for IoT Privacy. IEEE Security Privacy (2017).10.1109\/MSP.2017.4251118","DOI":"10.1109\/MSP.2017.4251118"},{"key":"2022042319261071237_j_popets-2021-0009_ref_062_w2aab3b7c18b1b6b1ab1ac62Aa","unstructured":"[62] Google AutoML Natural Language Google Training. https:\/\/cloud.google.com\/natural-language\/automl\/docs\/prepare. Online; accessed 26-August-2020."},{"key":"2022042319261071237_j_popets-2021-0009_ref_063_w2aab3b7c18b1b6b1ab1ac63Aa","doi-asserted-by":"crossref","unstructured":"[63] T. Song and R. Li and B. Mei and J. Yu and X. Xing and X. Cheng A Privacy Preserving Communication Protocol for IoT Applications in Smart Homes. IEEE Internet of Things Journal (2017).10.1109\/IIKI.2016.3","DOI":"10.1109\/IIKI.2016.3"},{"key":"2022042319261071237_j_popets-2021-0009_ref_064_w2aab3b7c18b1b6b1ab1ac64Aa","doi-asserted-by":"crossref","unstructured":"[64] X. Wang and J. Zhang and E. M. Schooler and M. Ion Performance evaluation of Attribute-Based Encryption: Toward data privacy in the IoT. 2014 IEEE International Conference on Communications (ICC) (2014).10.1109\/ICC.2014.6883405","DOI":"10.1109\/ICC.2014.6883405"},{"key":"2022042319261071237_j_popets-2021-0009_ref_065_w2aab3b7c18b1b6b1ab1ac65Aa","unstructured":"[65] OpenHAB Community, Openhab documentation, http:\/\/docs.openhab.org\/index.html (2017). [Online; accessed 26-August-2020]."},{"key":"2022042319261071237_j_popets-2021-0009_ref_066_w2aab3b7c18b1b6b1ab1ac66Aa","unstructured":"[66] Apple, Apple homekit documentation, https:\/\/developer.apple.com\/homekit\/ (2017). [Online; accessed 26-August-2020]."},{"key":"2022042319261071237_j_popets-2021-0009_ref_067_w2aab3b7c18b1b6b1ab1ac67Aa","unstructured":"[67] Microsoft, Windows IoT core documentation, https:\/\/developer.microsoft.com\/enus\/windows\/IoT\/explore\/IoTcore (2017). [Online; accessed 26-August-2020]."},{"key":"2022042319261071237_j_popets-2021-0009_ref_068_w2aab3b7c18b1b6b1ab1ac68Aa","doi-asserted-by":"crossref","unstructured":"[68] AKM I. Newaz and A. K. Sikder and A. M. Rahman and A. S. Uluagac Healthguard: A Machine Learning-based Security Framework for Smart Healthcare Systems. 2019 Sixth International Conference on Social Networks Analysis, Management and Security (SNAMS).10.1109\/SNAMS.2019.8931716","DOI":"10.1109\/SNAMS.2019.8931716"},{"key":"2022042319261071237_j_popets-2021-0009_ref_069_w2aab3b7c18b1b6b1ab1ac69Aa","unstructured":"[69] AKM I. Newaz and A. K. Sikder and A. M. Rahman and A. S. Uluagac A Survey on Security and Privacy Issues in Modern Healthcare Systems: Attacks and Defenses. arXiv preprint arXiv:2005.07359."},{"key":"2022042319261071237_j_popets-2021-0009_ref_070_w2aab3b7c18b1b6b1ab1ac70Aa","doi-asserted-by":"crossref","unstructured":"[70] AKM I. Newaz and A. K. Sikder and L. Babun and A. S. Uluagac HEKA: A Novel Intrusion Detection System for Attacks to Personal Medical Devices. 2020 IEEE Conference on Communications and Network Security (CNS).10.1109\/CNS48642.2020.9162311","DOI":"10.1109\/CNS48642.2020.9162311"},{"key":"2022042319261071237_j_popets-2021-0009_ref_071_w2aab3b7c18b1b6b1ab1ac71Aa","doi-asserted-by":"crossref","unstructured":"[71] A. K. Sikder and L. Babun and Z. B. Celik and A. Acar and H. Aksu and P. McDaniel and E. Kirda and A. S. Uluagac Kratos: Multi-User Multi-Device-Aware Access Control System for the Smart Home. 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 2020.10.1145\/3395351.3399358","DOI":"10.1145\/3395351.3399358"},{"key":"2022042319261071237_j_popets-2021-0009_ref_072_w2aab3b7c18b1b6b1ab1ac72Aa","doi-asserted-by":"crossref","unstructured":"[72] L. Babun and H. Aksu and L. Ryan and K. Akkaya and E. S. Bentley and A. S. Uluagac Z-IoT: Passive Device-class Fingerprinting of ZigBee and Z-Wave IoT Devices. 2020 IEEE International Conference on Communications (ICC)10.1109\/ICC40277.2020.9149285","DOI":"10.1109\/ICC40277.2020.9149285"},{"key":"2022042319261071237_j_popets-2021-0009_ref_073_w2aab3b7c18b1b6b1ab1ac73Aa","doi-asserted-by":"crossref","unstructured":"[73] J. Myers and L. Babun and E. Yao and S. Helble and P. Allen MAD-IoT: Memory Anomaly Detection for the Internet of Things. 2019 IEEE Globecom Workshops (GC Wkshps)10.1109\/GCWkshps45667.2019.9024539","DOI":"10.1109\/GCWkshps45667.2019.9024539"},{"key":"2022042319261071237_j_popets-2021-0009_ref_074_w2aab3b7c18b1b6b1ab1ac74Aa","unstructured":"[74] L. Rondon and L. Babun and K. Akkaya and A. S Uluagac HDMI-Walk: Attacking HDMI Distribution Networks via Consumer Electronic Control Protocol. ACSAC 201910.1145\/3359789.3359841"},{"key":"2022042319261071237_j_popets-2021-0009_ref_075_w2aab3b7c18b1b6b1ab1ac75Aa","unstructured":"[75] L. Rondon and L. Babun and K. Akkaya and A. S Uluagac HDMI-Watch: Smart Intrusion Detection System Against HDMI Attacks. IEEE Transactions on Network Science and Engineering, 202010.1145\/3359789.3359841"},{"key":"2022042319261071237_j_popets-2021-0009_ref_076_w2aab3b7c18b1b6b1ab1ac76Aa","doi-asserted-by":"crossref","unstructured":"[76] L. Babun, H. Aksu, A. S. Uluagac, Identifying Counterfeit Smart Grid Devices: A Lightweight System Level Framework, in: 2017 IEEE International Conference on Communications (ICC), 2017, pp. 1\u20136 (May 2017). doi:10.1109\/ICC.2017. 7996877.","DOI":"10.1109\/ICC.2017.7996877"},{"key":"2022042319261071237_j_popets-2021-0009_ref_077_w2aab3b7c18b1b6b1ab1ac77Aa","doi-asserted-by":"crossref","unstructured":"[77] L. Babun, H. Aksu, A. S. Uluagac, A System-level Behavioral Detection Framework for Compromised CPS Devices: Smart-Grid, in: ACM Transactions on Cyber-Physical Systems, 2019, pp. 1\u201328 (Nov 2019). http:\/\/doi.acm.org\/10.1145\/3355300.10.1145\/3355300","DOI":"10.1145\/3355300"},{"key":"2022042319261071237_j_popets-2021-0009_ref_078_w2aab3b7c18b1b6b1ab1ac78Aa","unstructured":"[78] Babun, Leonardo (Miami, FL, US), Aksu, Hidayet (Miami, FL, US), Uluagac, Selcuk A. (Miami, FL, US). 2018. Detection of Counterfeit and Compromised Devices Using System and Function Call Tracing Techniques. (July 2018). https:\/\/www.osti.gov\/biblio\/1463864"},{"key":"2022042319261071237_j_popets-2021-0009_ref_079_w2aab3b7c18b1b6b1ab1ac79Aa","unstructured":"[79] Babun, Leonardo (Miami, FL, US), Aksu, Hidayet (Miami, FL, US), Uluagac, Selcuk A. (Miami, FL, US). 2019. Method of Resource-limited Device and Device Class Identification Using System and Function Call Tracing Techniques, Performance, and Statistical Analysis. (March 2019). https:\/\/patents.google.com\/patent\/US10242193B1\/en"},{"key":"2022042319261071237_j_popets-2021-0009_ref_080_w2aab3b7c18b1b6b1ab1ac80Aa","unstructured":"[80] L. Rondon and L. Babun and A. Aris and K. Akkaya and A. S Uluagac PoisonIvy: (In)secure Practices of Enterprise IoT Systems in Smart Buildings. accepted at BuildSys \u201920, 202010.1145\/3408308.3427606"}],"container-title":["Proceedings on Privacy Enhancing Technologies"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/content.sciendo.com\/view\/journals\/popets\/2021\/1\/article-p145.xml","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.sciendo.com\/pdf\/10.2478\/popets-2021-0009","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,20]],"date-time":"2022-07-20T16:31:19Z","timestamp":1658334679000},"score":1,"resource":{"primary":{"URL":"https:\/\/petsymposium.org\/popets\/2021\/popets-2021-0009.php"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,11,9]]},"references-count":80,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2020,11,9]]},"published-print":{"date-parts":[[2021,1,1]]}},"alternative-id":["10.2478\/popets-2021-0009"],"URL":"https:\/\/doi.org\/10.2478\/popets-2021-0009","relation":{},"ISSN":["2299-0984"],"issn-type":[{"value":"2299-0984","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,11,9]]}}}