Abstract

Graphical IoT device management platforms, such as IoTtalk, make it easy to describe interactions between IoT devices. Applications are defined by dragging-and-dropping devices and specifying how they are connected, e.g. a door sensor controlling a light. While this allows simple and rapid development, it remains possible to specify unwanted device configurations – such as using the same device to drive a motor up and down simultaneously, risking damaging the motor. We propose , a verification framework for IoTtalk that utilizes formal techniques, based on bigraphs, to statically guarantee that unwanted configurations do not arise. In particular, we check for invalid connections between devices, as well as type errors, e.g. passing a float to a boolean switch. To the best of our knowledge, is the first platform to support the graphical specification of correct-by-design IoT applications. provides fully automated verification and feedback without end-users ever needing to specify a bigraph. This means any application, specifiable in IoTtalk, is guaranteed, so long as verification succeeds, not to violate the given configuration constraints when deployed; with no extra cost to the user.