{"id":"https://openalex.org/W3114995191","doi":"https://doi.org/10.1145/3418286","title":"Security in Centralized Data Store-based Home Automation Platforms","display_name":"Security in Centralized Data Store-based Home Automation Platforms","publication_year":2020,"publication_date":"2020-12-30","ids":{"openalex":"https://openalex.org/W3114995191","doi":"https://doi.org/10.1145/3418286","mag":"3114995191"},"language":"en","primary_location":{"id":"doi:10.1145/3418286","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3418286","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3418286","source":{"id":"https://openalex.org/S2506189754","display_name":"ACM Transactions on Cyber-Physical Systems","issn_l":"2378-962X","issn":["2378-962X","2378-9638"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Cyber-Physical Systems","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3418286","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5060999480","display_name":"Kaushal Kafle","orcid":"https://orcid.org/0000-0003-1917-7677"},"institutions":[{"id":"https://openalex.org/I267592682","display_name":"Williams (United States)","ror":"https://ror.org/007zhvp17","country_code":"US","type":"company","lineage":["https://openalex.org/I267592682"]},{"id":"https://openalex.org/I16285277","display_name":"William & Mary","ror":"https://ror.org/03hsf0573","country_code":"US","type":"education","lineage":["https://openalex.org/I16285277"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Kaushal Kafle","raw_affiliation_strings":["William &amp; Mary, United States of America, Williamsburg, VA"],"affiliations":[{"raw_affiliation_string":"William &amp; Mary, United States of America, Williamsburg, VA","institution_ids":["https://openalex.org/I16285277","https://openalex.org/I267592682"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090372362","display_name":"Kevin Moran","orcid":"https://orcid.org/0000-0001-9683-5616"},"institutions":[{"id":"https://openalex.org/I162714631","display_name":"George Mason University","ror":"https://ror.org/02jqj7156","country_code":"US","type":"education","lineage":["https://openalex.org/I162714631"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kevin Moran","raw_affiliation_strings":["George Mason University, United States of America, Fairfax, VA"],"affiliations":[{"raw_affiliation_string":"George Mason University, United States of America, Fairfax, VA","institution_ids":["https://openalex.org/I162714631"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001757372","display_name":"Sunil Manandhar","orcid":"https://orcid.org/0000-0003-3187-0044"},"institutions":[{"id":"https://openalex.org/I16285277","display_name":"William & Mary","ror":"https://ror.org/03hsf0573","country_code":"US","type":"education","lineage":["https://openalex.org/I16285277"]},{"id":"https://openalex.org/I267592682","display_name":"Williams (United States)","ror":"https://ror.org/007zhvp17","country_code":"US","type":"company","lineage":["https://openalex.org/I267592682"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sunil Manandhar","raw_affiliation_strings":["William &amp; Mary, United States of America, Williamsburg, VA"],"affiliations":[{"raw_affiliation_string":"William &amp; Mary, United States of America, Williamsburg, VA","institution_ids":["https://openalex.org/I16285277","https://openalex.org/I267592682"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5061764764","display_name":"Adwait Nadkarni","orcid":"https://orcid.org/0000-0001-6866-4565"},"institutions":[{"id":"https://openalex.org/I267592682","display_name":"Williams (United States)","ror":"https://ror.org/007zhvp17","country_code":"US","type":"company","lineage":["https://openalex.org/I267592682"]},{"id":"https://openalex.org/I16285277","display_name":"William & Mary","ror":"https://ror.org/03hsf0573","country_code":"US","type":"education","lineage":["https://openalex.org/I16285277"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Adwait Nadkarni","raw_affiliation_strings":["William &amp; Mary, United States of America, Williamsburg, VA"],"affiliations":[{"raw_affiliation_string":"William &amp; Mary, United States of America, Williamsburg, VA","institution_ids":["https://openalex.org/I16285277","https://openalex.org/I267592682"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5041262116","display_name":"Denys Poshyvanyk","orcid":"https://orcid.org/0000-0002-5626-7586"},"institutions":[{"id":"https://openalex.org/I16285277","display_name":"William & Mary","ror":"https://ror.org/03hsf0573","country_code":"US","type":"education","lineage":["https://openalex.org/I16285277"]},{"id":"https://openalex.org/I267592682","display_name":"Williams (United States)","ror":"https://ror.org/007zhvp17","country_code":"US","type":"company","lineage":["https://openalex.org/I267592682"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Denys Poshyvanyk","raw_affiliation_strings":["William &amp; Mary, United States of America, Williamsburg, VA"],"affiliations":[{"raw_affiliation_string":"William &amp; Mary, United States of America, Williamsburg, VA","institution_ids":["https://openalex.org/I16285277","https://openalex.org/I267592682"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5060999480"],"corresponding_institution_ids":["https://openalex.org/I16285277","https://openalex.org/I267592682"],"apc_list":null,"apc_paid":null,"fwci":1.9699,"has_fulltext":true,"cited_by_count":17,"citation_normalized_percentile":{"value":0.87287689,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":"5","issue":"1","first_page":"1","last_page":"27"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9937000274658203,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/home-automation","display_name":"Home automation","score":0.7999955415725708},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7360968589782715},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.627504825592041},{"id":"https://openalex.org/keywords/automation","display_name":"Automation","score":0.5690600275993347},{"id":"https://openalex.org/keywords/enforcement","display_name":"Enforcement","score":0.5422450304031372},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.5005278587341309},{"id":"https://openalex.org/keywords/home-security","display_name":"Home security","score":0.4557698369026184},{"id":"https://openalex.org/keywords/security-through-obscurity","display_name":"Security through obscurity","score":0.4183729290962219},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.38479700684547424},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.35165196657180786},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.28965243697166443},{"id":"https://openalex.org/keywords/telecommunications","display_name":"Telecommunications","score":0.18787524104118347},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.18243461847305298},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.15193289518356323},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.08030322194099426}],"concepts":[{"id":"https://openalex.org/C507571656","wikidata":"https://www.wikidata.org/wiki/Q848436","display_name":"Home automation","level":2,"score":0.7999955415725708},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7360968589782715},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.627504825592041},{"id":"https://openalex.org/C115901376","wikidata":"https://www.wikidata.org/wiki/Q184199","display_name":"Automation","level":2,"score":0.5690600275993347},{"id":"https://openalex.org/C2779777834","wikidata":"https://www.wikidata.org/wiki/Q4202277","display_name":"Enforcement","level":2,"score":0.5422450304031372},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.5005278587341309},{"id":"https://openalex.org/C2779750879","wikidata":"https://www.wikidata.org/wiki/Q22908936","display_name":"Home security","level":2,"score":0.4557698369026184},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.4183729290962219},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.38479700684547424},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.35165196657180786},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.28965243697166443},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.18787524104118347},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.18243461847305298},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.15193289518356323},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.08030322194099426},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3418286","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3418286","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3418286","source":{"id":"https://openalex.org/S2506189754","display_name":"ACM Transactions on Cyber-Physical Systems","issn_l":"2378-962X","issn":["2378-962X","2378-9638"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Cyber-Physical Systems","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3418286","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3418286","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3418286","source":{"id":"https://openalex.org/S2506189754","display_name":"ACM Transactions on Cyber-Physical Systems","issn_l":"2378-962X","issn":["2378-962X","2378-9638"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Cyber-Physical Systems","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.7599999904632568}],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3114995191.pdf","grobid_xml":"https://content.openalex.org/works/W3114995191.grobid-xml"},"referenced_works_count":39,"referenced_works":["https://openalex.org/W79696261","https://openalex.org/W1464836909","https://openalex.org/W1994588724","https://openalex.org/W2003797911","https://openalex.org/W2008810193","https://openalex.org/W2045057497","https://openalex.org/W2050053627","https://openalex.org/W2061445336","https://openalex.org/W2103370348","https://openalex.org/W2109540106","https://openalex.org/W2114275288","https://openalex.org/W2134296086","https://openalex.org/W2460813369","https://openalex.org/W2467908049","https://openalex.org/W2504831212","https://openalex.org/W2508433864","https://openalex.org/W2533712304","https://openalex.org/W2605367183","https://openalex.org/W2613352518","https://openalex.org/W2751343396","https://openalex.org/W2751531621","https://openalex.org/W2767943400","https://openalex.org/W2792078641","https://openalex.org/W2890188242","https://openalex.org/W2896143299","https://openalex.org/W2914982603","https://openalex.org/W2929305171","https://openalex.org/W2941860457","https://openalex.org/W2942483256","https://openalex.org/W2947175569","https://openalex.org/W2953940064","https://openalex.org/W2963846158","https://openalex.org/W2973778274","https://openalex.org/W2983277367","https://openalex.org/W2984297109","https://openalex.org/W2985320478","https://openalex.org/W3047139163","https://openalex.org/W3098804373","https://openalex.org/W4315746341"],"related_works":["https://openalex.org/W4205726527","https://openalex.org/W3158356294","https://openalex.org/W4206112541","https://openalex.org/W74097913","https://openalex.org/W2920725863","https://openalex.org/W4382774465","https://openalex.org/W4313525010","https://openalex.org/W3191125764","https://openalex.org/W2588856805","https://openalex.org/W3093124113"],"abstract_inverted_index":{"Home":[0],"automation":[1,59],"platforms":[2,20,165,184],"enable":[3],"consumers":[4],"to":[5,106,122,176],"conveniently":[6],"automate":[7],"various":[8],"physical":[9,35],"aspects":[10],"of":[11,44,70,92,101,117,128,158,162,169,181,189],"their":[12],"homes.":[13],"However,":[14],"the":[15,19,33,90,97,118,124,133,140,156,159,167,177,187],"security":[16,28,42,112,170,179,191],"flaws":[17],"in":[18,73,132],"or":[21],"integrated":[22],"third-party":[23],"products":[24],"can":[25],"have":[26],"serious":[27,111],"and":[29,53,66,96,103,155,185],"safety":[30],"implications":[31],"for":[32,99],"user\u2019s":[34],"environment.":[36],"This":[37],"article":[38],"describes":[39],"our":[40],"systematic":[41],"evaluation":[43],"two":[45],"popular":[46],"smart":[47,134,163,182],"home":[48,58,164,183],"platforms,":[49],"Google\u2019s":[50],"Nest":[51,141],"platform":[52,86],"Philips":[54],"Hue,":[55],"which":[56],"implement":[57],"\u201croutines\u201d":[60],"(i.e.,":[61],"trigger-action":[62],"programs":[63],"involving":[64],"apps":[65],"devices)":[67],"via":[68,144],"manipulation":[69],"state":[71],"variables":[72],"a":[74,145],"centralized":[75],"data":[76],"store":[77],".":[78],"Our":[79,172],"semi-automated":[80],"analysis":[81],"examines,":[82],"among":[83],"other":[84],"things,":[85],"access":[87],"control":[88],"enforcement,":[89],"rigor":[91],"non-system":[93],"enforcement":[94],"procedures,":[95],"potential":[98,153],"misuse":[100],"routines,":[102],"it":[104],"leads":[105],"11":[107],"key":[108],"findings":[109,173],"with":[110],"implications.":[113],"We":[114],"combine":[115],"several":[116],"vulnerabilities":[119],"we":[120,137,151],"find":[121],"demonstrate":[123],"first":[125],"end-to-end":[126],"instance":[127],"lateral":[129],"privilege":[130],"escalation":[131],"home,":[135],"wherein":[136],"remotely":[138],"disable":[139],"Security":[142],"Camera":[143],"compromised":[146],"light":[147],"switch":[148],"app.":[149],"Finally,":[150],"discuss":[152],"defenses,":[154],"impact":[157],"continuous":[160],"evolution":[161],"on":[166],"practicality":[168],"analysis.":[171],"draw":[174],"attention":[175],"unique":[178],"challenges":[180],"highlight":[186],"importance":[188],"enforcing":[190],"by":[192],"design.":[193]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":4}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}