Provenance Tracing in the Internet of Things

As the Internet of Things (IoT) continues to proliferate, diagnosing incorrect behavior within increasingly-automated homes becomes considerably more difficult. Devices and apps may be chained together in long sequences of trigger-action rules to the point that from an observable symptom (e.g., an unlocked door) it may be impossible to identify the distantly removed root cause (e.g., a malicious app). We present a platform-centric approach to centralized auditing in the Internet of Things. Our system performs efficient automated instrumentation of IoT apps in order to generate data provenance that provides a holistic explanation of system activities, including malicious behaviors. Here, we prototype our system for the Samsung SmartThings platform, and consider how it can be leveraged to meet the needs of a variety of stakeholders in the IoT ecosystem.