Automation apps enable seamless connection of IoT devices and services to provide useful functionality for end-users. These apps are typically executed on cloud-based Trigger-Action Platforms(TAPs) such as IFTTT and Node-RED, supporting both single- and multi-tenant architectures. These architectures raise security and privacy concerns in the face of cloud attackers and malicious app makers, resulting in massive exfiltration of sensitive user data.
To address these concerns, we design TAPShield, an architecture that uses confidential computing and language-level sandboxing to protect users’ sensitive information against untrustworthy TAPs and malicious apps. TAPShield targets JavaScript-driven TAPs built on the Node.js environment and uses trusted execution environments via Intel SGX to protect against cloud attackers. It further uses language-level sandboxes such as vm2 and SandTrap to protect against malicious apps. We implement TAPShield for two popular TAPs, Node-RED and IFTTT, and report on the security, performance, and compatibility trade-offs on a range of real-world apps.
The last decade has seen a proliferation of code-reuse attacks in the context of web applications. These attacks target vulnerabilities in which attacker-controlled data exploits legitimate code fragments within the application’s codebase to execute a code chain that performs malicious computations, e.g. Remote Code Execution, on the attacker’s behalf. In this talk, we will discuss how principled large-scale static and dynamic code analysis helps in discovering and exploiting vulnerabilities in high-profile server-side applications and their software supply chain, as well as existing defensive mechanisms.