Abstract:Trigger-Action Programming (TAP) is a popular end-user programming framework in the home automation (HA) system, which eases users to customize home automation and control devices as expected. However, its simplified syntax also introduces new safety threats to HA systems through vulnerable rule interactions. Accurately fixing these vulnerabilities by logically and physically eliminating their root causes is essential before rules are deployed. However, it has not been well studied. In this paper, we present TAPFixer, a novel framework to automatically detect and repair rule interaction vulnerabilities in HA systems. It extracts TAP rules from HA profiles, translates them into an automaton model with physical and latency features, and performs model checking with various correctness properties. It then uses a novel negated-property reasoning algorithm to automatically infer a patch via model abstraction and refinement and model checking based on negated-properties. We evaluate TAPFixer on market HA apps (1177 TAP rules and 53 properties) and find that it can achieve an 86.65% success rate in repairing rule interaction vulnerabilities. We additionally recruit 23 HA users to conduct a user study that demonstrates the usefulness of TAPFixer for vulnerability repair in practical HA scenarios.

What problem does this paper attempt to address?

### What problems does this paper attempt to solve? This paper aims to solve the vulnerability problems caused by Trigger - Action Programming (TAP) rule interactions in the Home Automation (HA) system. Specifically, although TAP rules simplify the process of user - defined and device - control, they also introduce new security threats. These threats are mainly due to the complex interactions between rules, especially in the physical space, making it difficult to ensure the security of the HA system. #### Main problems 1. **Rule - interaction vulnerabilities**: Although the simple syntax of TAP rules is convenient for users to configure, it is prone to logical or physical interaction vulnerabilities between rules. These vulnerabilities may lead to unexpected device states (such as the air conditioner and the window being opened simultaneously), and even bring security risks (such as the door being unlocked when no one is at home). 2. **Lack of effective repair methods**: Although the existing technologies have made certain progress in analyzing rule - interaction vulnerabilities, there are still deficiencies in solving and preventing these vulnerabilities. Dynamic control methods cannot eliminate the root causes of vulnerabilities (i.e., rule - semantic defects), and static methods ignore the influence of dynamic factors (such as delay and physical interaction), resulting in limited repair capabilities. #### Solutions To solve the above problems, the paper proposes a framework named TAPFixer for automatically detecting and repairing rule - interaction vulnerabilities in the HA system. The main contributions of TAPFixer include: 1. **Formal modeling**: A formal model based on finite automata is designed, and the physical operation characteristics are embedded into the rule syntax to achieve accurate static vulnerability detection. Through model checking, TAPFixer can detect rule - interaction vulnerabilities. 2. **Negated - property reasoning algorithm**: A novel Negated - property Reasoning Algorithm is designed, which can automatically construct rule patches and fundamentally eliminate vulnerabilities in the logical and physical spaces. The core idea of this algorithm is to derive possible repair patches by using negative properties through the abstraction and refinement processes. 3. **Evaluation and user study**: Through benchmarking HA applications on the market, TAPFixer has a success rate of 86.65% in repairing vulnerabilities. In addition, a user study has been carried out, which proves the effectiveness of TAPFixer in actual HA scenarios. In conclusion, TAPFixer provides a method for statically repairing TAP rule - interaction vulnerabilities by combining formal modeling and negated - property reasoning, thereby improving the security of the smart home system.

TAPFixer: Automatic Detection and Repair of Home Automation Vulnerabilities based on Negated-property Reasoning

TapChecker: A Lightweight SMT-Based Conflict Analysis for Trigger-Action Programming

Threat Detection in Trigger-Action Programming Rules of Smart Home With Heterogeneous Information Network Model

Systematically Ensuring the Confidence of Real-Time Home Automation IoT Systems

IoTFuzz: Automated Discovery of Violations in Smart Homes With Real Environment

How Users Interpret Bugs in Trigger-Action Programming.

Tare: Type-Aware Neural Program Repair

Proactive Detection of Physical Inter-rule Vulnerabilities in IoT Services Using a Deep Learning Approach

Confix: Combining Node-Level Fix Templates and Masked Language Model for Automatic Program Repair

Latape: Location-Aware Programming and Executing Trigger-Action Rules.

CONTRACTFIX: A Framework for Automatically Fixing Vulnerabilities in Smart Contracts

Mitigating Access Control Vulnerabilities through Interactive Static Analysis.

sGuard+ : Machine Learning Guided Rule-based Automated Vulnerability Repair on Smart Contracts.

SAFECHAIN: Securing Trigger-Action Programming from Attack Chains (Extended Technical Report)

Security Checking of Trigger-Action-Programming Smart Home Integrations

ContractTinker: LLM-Empowered Vulnerability Repair for Real-World Smart Contracts

Ontology-Based Classification and Detection of the Smart Home Automation Rules Conflicts

Beyond Tests

API-misuse detection driven by fine-grained API-constraint knowledge graph

NAVRepair: Node-type Aware C/C++ Code Vulnerability Repair

A Survey on IoT-Enabled Home Automation Systems: Attacks and Defenses