Home
People
Publications
|
Refereed International Conference PublicationsFACT: Functionality-centric Access Control System for IoT Programming Frameworks [abstract] (ACM DL, PDF)
Improvement in the security and availability is important for the
success of the Internet of Things (IoT). Given that recent IoT
devices are likely to have multiple functionalities and support
third-party applications, this goal becomes challenging to achieve.
Through an in-depth investigation of existing IoT frameworks, we
focused on two inherent security flaws in their design caused by
their device-centric approaches: (1) coarse-grained access control
and (2) lack of resource isolation. Because of the coarse-grained
access control, IoT devices suffer from over-privileged
applications. Furthermore, the lack of resource isolation allows the
possibility of Denial-of-Service attacks.
In this paper, we propose a functionality-centric approach to
managing IoT devices, called FACT, which has two design goals,
namely, the principle of least privilege and the availability in
terms of device functionalities. FACT isolates each functionality
of the device using Linux Containers and grants a subject the
privilege to access for each required functionality. We provide
the overall framework and detailed working procedures between
components that constitute FACT. We built a prototype of FACT on
IoTivity and show that it accomplishes secure and efficient
linkages between applications and functionalities of IoT devices
through analysis and experiments.
|