|dc.description.abstract||Smart hubs play a key role in the modern smart home in executing code on behalf of devices locally or on the cloud. Unfortunately, smart hubs are prone to security problems due to misconfigurations, device over permissioning and network mismanagement. In this work, I show the major vulnerabilities and attacks currently targeting smart hubs, and provide a brief overview of the literature that addresses these issues. After discussing the limitations found in the literature as well as the available off the shelf smart hubs, I provide an overview of PLOX, an end-to-end approach designed to combat a large number of the common vulnerabilities and security/privacy risks that impact smart hubs, while maintaining a moderate overhead.
PLOX is designed to sandbox applications on the home WiFi router. This allows for increased network controls, as well as lower latency in direct communication with devices. PLOX provides a new hybrid security model that combines a mandatory access control (MAC) system with information flow control (IFC), providing developer familiarity while addressing the overtainting issue found within taint based IFC systems through a serverless execution pattern.
In our evaluations, PLOX outperforms Amazon Lambda by 500% and an open source smart hub solution, Home Assistant, by 13%, all while providing finer grained security policies and improved security guarantees. This is due to PLOX's locality and its light weight nature.
This work demonstrates that PLOX, an open source end-to-end solution for the smart home is well suited to address a large number of the security and privacy problems that the smart home suffers from. This work also highlights a number of novel approaches to smart hub designs, including the use of the home router to maintain device isolation, and combination of manifest and IFC based permission systems.||en