Latex自用模版

\documentclass{article}
\usepackage{graphicx}
\usepackage[round]{natbib}
\bibliographystyle{plainnat}
\usepackage[pdfstartview=FitH,%
bookmarksnumbered=true,bookmarksopen=true,%
colorlinks=true,pdfborder=001,citecolor=blue,%
linkcolor=blue,urlcolor=blue]{hyperref}

\begin{document}
\title{Some of my paper notes}
\author{Keda Lu}
\date{2019/12/20}
\maketitle
\section{Research Paper}

~~~~HoMonit: Monitoring Smart Home Apps from Encrypted Traffic.

\section{Source and year of the paper}

~~~~ACM Conference on Computer and Communications Security. This Conference is one of the top information Security conferences in the world. It is also A type A international Conference recommended by China Computer society (CCF). The year is from October 15-19, 2018.

\section{Authors and work team}

~~~~Two co-first authors are Wei Zhang and Yan Meng,One corresponding author is Haojin Zhu.Their team comes from Shanghai Jiao Tong University.


\section{Keyword}

~~~~IoT security~~~~SmartApp

\section{Overview}

~~~~In recent years, the consumer market of smart home has experienced rapid growth. While the smart home market is still in its infancy, it is already favored by many consumers, especially samsung's SmartThings, which accounts for a large share of the market. With the popularization of smart home platform, people pay more and more attention to the security and privacy leakage in smart home. A recent study revealed flaws in smart-things design that allow malicious SmartApps applications that run and control Smart devices on the back end of the cloud not only have more privileges than they do, but can also eavesdrop on or even cheat on events that should only be generated by Smart devices.
\newline

In this paper, a system named HoMonit is designed and developed by using the side channel reasoning function to monitor SmartApps in encrypted wireless traffic.

The main problem of this paper is how to detect whether SmartApps are used maliciously, which is of great significance for smart home to enter people's life safely.


\section{Research Background}

~~~~Nowadays, there are two types of attacks on smart devices.
~~~~\subsection{Over-privileged accesses}
~~~~(a)An app does not require any special privilege to read all events a device generates if the app is granted at
least one capability the device supports; (b)Unprivileged apps can read all events of any device using only a leaked device identifier.

The attacks (a) and (b) are essentially using some properties of the smart app to access other events on the device that should not be accessed.
~~~~\subsection{Event spoofing}
~~~~(c) Events can be spoofed .
an attack SmartApp can spoof a fake event for the smart devices, causing SmartApp to mistakenly activate the smart device to do the wrong thing.

\section{Existing solutions}

~~~~On the aspect of misbehaving SmartApp detection and prevention, mainly fall into three categories.

Firstly,Applying information flow control to confine sensitive data by modifying the smart home platform [2]; This approach proposes a framework—FlowFence, which has the advantage of ensuring that Internet of things applications are constrained by their stated flow policies and do not readily respond to application requests.But its shortcoming is, want to undertake modification to the itself of platform of intelligent household, cause a lot of loss to the product that has issued.

Secondly,Designing a context-based permission system for fine-grained access control [3]; ContexIoT, a context-based licensing system for applying the Internet of things platform, provides context integrity by supporting fine-grained context identity for sensitive operations, and runtime prompts provide rich context information to help users perform effective access control.It is more comprehensive than previous context-based smartphone platform licensing systems, and contextual networking is designed to be backwards compatible, so it can be adopted directly by current iot platforms.The disadvantage is to change and improve the existing SmartApps.

Thirdly,Enforcing context-aware authorization of SmartApps by analyzing the source code, annotation, and description [4].Proposing the SmartAuth authorization mechanism for protecting users under current and future smart home platforms, using insights from code analysis and NLP of app descriptions and using context-sensitive security policies with low overhead.The disadvantage of this method is similar to that of the first one, and it is necessary to modify the existing platform.

\section{The method \& contribution}

~~~~Because the common disadvantage of the above existing solutions is the need to modify the existing platform, the author proposes a new approach that allows third-party defenders-smart home platform vendors, smart device manufacturers and application developers-to monitor smart home applications without making any changes to the existing platform. However, without access to smart sensors, gateway devices, and cloud back-end servers, the only way to allow third-party monitoring is through traffic, which is encrypted using industry standards. 

Therefore, based on monitoring the behavior of smart home applications from encrypted traffic, this paper designs and develops a system-HoMonit, which is used to monitor smart home applications from encrypted wireless traffic by using side channel reasoning function. Its advantages are so obvious that there is no need to modify the existing platform; the first disadvantage is that attackers can take advantage of HoMonit bypass analysis technology. Because, bypass information leakage is a double-edged sword. It can not only detect misbehaving SmartApp, but also allow attackers to place wireless sniffers near smart devices to launch inference attacks to understand the private information of residents. The second disadvantage: in some cases, multiple smart applications may be running at the same time, making some events interlaced with each other, making it difficult for HoMonit to distinguish between the two SmartApp.

\section{Data sets \& experimental tools}

~~~~The authors analyzed 181 apps, most are open source and a few are closed. And 60 malicious apps were evaluated.In particular, the authors will publish a dataset of 60 misbehaving smart applications for researchers, vendors, and developers to use to evaluate their security practices.


HoMonit collects both ZigBee and Z-Wave traffic between the hub and the smart devices. Therefore, the following devices are used for ZigBee Traffic Collection and Z-Wave Traffic Collection.
%
%
\begin{figure}[htbp]
\begin{center}
\includegraphics[width=1.0\textwidth]{WechatIMG3.png}
\caption{Wireless sniffers and smart devices.}
\end{center}
\end{figure}
%
%


\section{Experimental method}

\subsection{DFA BUILDING VIA SMARTAPP ANALYSIS}
~~~~The authors utilize the Deterministic Finite Automa- ton (DFA) to characterize the logic of SmartApps. Because a SmartApp supervises a finite number of devices, and devices are driven into a deterministic status by the SmartApp when a specific condition is satisfied. 
DFA Building for Open-source Apps.Since the open-source SmartApps are written in Groovy, to extract their logic, we conducted a static analysis on the source code using AstBuilder 
DFA Building for Closed-source Apps 
The static code analysis approach can only be applied to open- source SmartApps. For the closed-source SmartApps, HoMonit builds the DFA by analyzing the text information of SmartApps. 
In particular, our NLP-based anal- ysis is comprised of the following three steps: (1) text extraction, (2) symbol inference, and (3) DFA building. 

\subsection{SmartApp Misbehavior Detection}
~~~~After the DFA is constructed, the next step is to carry out detection through the experimental instruments described above, analyze the flow, and conduct event reasoning and DFA matching. Detect the wireless traffic between the Samrthings hub and the device, try to match the current SmartApps working logic, and issue an alert if validation fails.

\subsection{Experimental results}
~~~~Finally, the author based on the two common attack methods mentioned above, and carried out the detection of the above methods, and got good results.
%
%
\begin{table}
    \begin{center}
    \caption{SmartApps used in the evaluation.}
    \includegraphics[width=1.0\textwidth]{WechatIMG4.png}
    \end{center}
    \end{table}
    %
    %
    
    %
    %
    \begin{table}
    \begin{center}
    \caption{SmartApps used in the evaluation.}
    \includegraphics[width=1.0\textwidth]{WechatIMG5.png}
    \end{center}
    \end{table}
    %
    %




%
%

\begin{thebibliography}{99}

\item Earlence Fernandes, Justin Paupore, Amir Rahmati, Daniel Simionato, Mauro Conti, and Atul Prakash. 2016. Flowfence: Practical data protection for emerging iot application frameworks. In USENIX Security Symposium (USENIX Security).

\item Yunhan Jack Jia, Qi Alfred Chen, Shiqi Wang, Amir Rahmati, Earlence Fernandes, Z Morley Mao, and Atul Prakash. 2017. ContexIoT: Towards Providing Contex- tual Integrity to Appified IoT Platforms. In The Network and Distributed System Security Symposium (NDSS).

\item Yuan Tian, Nan Zhang, Yueh-Hsun Lin, Xiaofeng Wang, Blase Ur, Xianzheng Guo, and Patrick Tague. 2017. SmartAuth: User-Centered Authorization for the Internet of Things. In USENIX Security Symposium (USENIX Security).

%
%
%
%

\end{thebibliography}
\end{document}