FACT: Functionality-centric access control system for IoT programming frameworks

Sanghak Lee; Jiwon Choi; Jihun Kim; Beumjin Cho; Sangho Lee; Hanjun Kim; Jong Kim

doi:10.1145/3078861.3078864

FACT: Functionality-centric access control system for IoT programming frameworks

Sanghak Lee, Jiwon Choi, Jihun Kim, Beumjin Cho, Sangho Lee, Hanjun Kim, Jong Kim

Department of Electrical and Electronic Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

32 Citations (Scopus)

Abstract

Improvement in the security and availability is important for the success of the Internet of Things (IoT). Given that recent IoT devices are likely to have multiple functionalities and support third-party applications, this goal becomes challenging to achieve. Through an in-depth investigation of existing IoT frameworks, we focused on two inherent security flaws in their design caused by their device-centric approaches: (1) coarse-grained access control and (2) lack of resource isolation. Because of the coarse-grained access control, IoT devices suffer from over-privileged applications. Furthermore, the lack of resource isolation allows the possibility of Denial-of-Service attacks. In this paper, we propose a functionality-centric approach to managing IoT devices, called FACT, which has two design goals, namely, the principle of least privilege and the availability in terms of device functionalities. FACT isolates each functionality of the device using Linux Containers and grants a subject the privilege to access for each required functionality. We provide the overall framework and detailed working procedures between components that constitute FACT. We built a prototype of FACT on IoTivity and show that it accomplishes secure and efficient linkages between applications and functionalities of IoT devices through analysis and experiments.

Original language	English
Title of host publication	SACMAT 2017 - Proceedings of the 22nd ACM Symposium on Access Control Models and Technologies
Publisher	Association for Computing Machinery
Pages	43-54
Number of pages	12
ISBN (Electronic)	9781450347020
DOIs	https://doi.org/10.1145/3078861.3078864
Publication status	Published - 2017 Jun 7
Event	22nd ACM Symposium on Access Control Models and Technologies, SACMAT 2017 - Indianapolis, United States Duration: 2017 Jun 21 → 2017 Jun 23

Publication series

Name	Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT
Volume	Part F128644

Other

Other	22nd ACM Symposium on Access Control Models and Technologies, SACMAT 2017
Country/Territory	United States
City	Indianapolis
Period	17/6/21 → 17/6/23

Bibliographical note

Publisher Copyright:
© 2017 Association for Computing Machinery.

All Science Journal Classification (ASJC) codes

Software
Computer Networks and Communications
Safety, Risk, Reliability and Quality
Information Systems

Access to Document

10.1145/3078861.3078864

Cite this

Lee, S., Choi, J., Kim, J., Cho, B., Lee, S., Kim, H., & Kim, J. (2017). FACT: Functionality-centric access control system for IoT programming frameworks. In SACMAT 2017 - Proceedings of the 22nd ACM Symposium on Access Control Models and Technologies (pp. 43-54). (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT; Vol. Part F128644). Association for Computing Machinery. https://doi.org/10.1145/3078861.3078864

@inproceedings{b3158e955d2a4c0cb96c5a4a33f3abad,

title = "FACT: Functionality-centric access control system for IoT programming frameworks",

abstract = "Improvement in the security and availability is important for the success of the Internet of Things (IoT). Given that recent IoT devices are likely to have multiple functionalities and support third-party applications, this goal becomes challenging to achieve. Through an in-depth investigation of existing IoT frameworks, we focused on two inherent security flaws in their design caused by their device-centric approaches: (1) coarse-grained access control and (2) lack of resource isolation. Because of the coarse-grained access control, IoT devices suffer from over-privileged applications. Furthermore, the lack of resource isolation allows the possibility of Denial-of-Service attacks. In this paper, we propose a functionality-centric approach to managing IoT devices, called FACT, which has two design goals, namely, the principle of least privilege and the availability in terms of device functionalities. FACT isolates each functionality of the device using Linux Containers and grants a subject the privilege to access for each required functionality. We provide the overall framework and detailed working procedures between components that constitute FACT. We built a prototype of FACT on IoTivity and show that it accomplishes secure and efficient linkages between applications and functionalities of IoT devices through analysis and experiments.",

author = "Sanghak Lee and Jiwon Choi and Jihun Kim and Beumjin Cho and Sangho Lee and Hanjun Kim and Jong Kim",

note = "Publisher Copyright: {\textcopyright} 2017 Association for Computing Machinery.; 22nd ACM Symposium on Access Control Models and Technologies, SACMAT 2017 ; Conference date: 21-06-2017 Through 23-06-2017",

year = "2017",

month = jun,

day = "7",

doi = "10.1145/3078861.3078864",

language = "English",

series = "Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT",

publisher = "Association for Computing Machinery",

pages = "43--54",

booktitle = "SACMAT 2017 - Proceedings of the 22nd ACM Symposium on Access Control Models and Technologies",

}

Lee, S, Choi, J, Kim, J, Cho, B, Lee, S, Kim, H & Kim, J 2017, FACT: Functionality-centric access control system for IoT programming frameworks. in SACMAT 2017 - Proceedings of the 22nd ACM Symposium on Access Control Models and Technologies. Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT, vol. Part F128644, Association for Computing Machinery, pp. 43-54, 22nd ACM Symposium on Access Control Models and Technologies, SACMAT 2017, Indianapolis, United States, 17/6/21. https://doi.org/10.1145/3078861.3078864

FACT : Functionality-centric access control system for IoT programming frameworks. / Lee, Sanghak; Choi, Jiwon; Kim, Jihun et al.

SACMAT 2017 - Proceedings of the 22nd ACM Symposium on Access Control Models and Technologies. Association for Computing Machinery, 2017. p. 43-54 (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT; Vol. Part F128644).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - FACT

T2 - 22nd ACM Symposium on Access Control Models and Technologies, SACMAT 2017

AU - Lee, Sanghak

AU - Choi, Jiwon

AU - Kim, Jihun

AU - Cho, Beumjin

AU - Lee, Sangho

AU - Kim, Hanjun

AU - Kim, Jong

PY - 2017/6/7

Y1 - 2017/6/7

N2 - Improvement in the security and availability is important for the success of the Internet of Things (IoT). Given that recent IoT devices are likely to have multiple functionalities and support third-party applications, this goal becomes challenging to achieve. Through an in-depth investigation of existing IoT frameworks, we focused on two inherent security flaws in their design caused by their device-centric approaches: (1) coarse-grained access control and (2) lack of resource isolation. Because of the coarse-grained access control, IoT devices suffer from over-privileged applications. Furthermore, the lack of resource isolation allows the possibility of Denial-of-Service attacks. In this paper, we propose a functionality-centric approach to managing IoT devices, called FACT, which has two design goals, namely, the principle of least privilege and the availability in terms of device functionalities. FACT isolates each functionality of the device using Linux Containers and grants a subject the privilege to access for each required functionality. We provide the overall framework and detailed working procedures between components that constitute FACT. We built a prototype of FACT on IoTivity and show that it accomplishes secure and efficient linkages between applications and functionalities of IoT devices through analysis and experiments.

AB - Improvement in the security and availability is important for the success of the Internet of Things (IoT). Given that recent IoT devices are likely to have multiple functionalities and support third-party applications, this goal becomes challenging to achieve. Through an in-depth investigation of existing IoT frameworks, we focused on two inherent security flaws in their design caused by their device-centric approaches: (1) coarse-grained access control and (2) lack of resource isolation. Because of the coarse-grained access control, IoT devices suffer from over-privileged applications. Furthermore, the lack of resource isolation allows the possibility of Denial-of-Service attacks. In this paper, we propose a functionality-centric approach to managing IoT devices, called FACT, which has two design goals, namely, the principle of least privilege and the availability in terms of device functionalities. FACT isolates each functionality of the device using Linux Containers and grants a subject the privilege to access for each required functionality. We provide the overall framework and detailed working procedures between components that constitute FACT. We built a prototype of FACT on IoTivity and show that it accomplishes secure and efficient linkages between applications and functionalities of IoT devices through analysis and experiments.

UR - http://www.scopus.com/inward/record.url?scp=85025466158&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85025466158&partnerID=8YFLogxK

U2 - 10.1145/3078861.3078864

DO - 10.1145/3078861.3078864

M3 - Conference contribution

AN - SCOPUS:85025466158

T3 - Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

SP - 43

EP - 54

BT - SACMAT 2017 - Proceedings of the 22nd ACM Symposium on Access Control Models and Technologies

PB - Association for Computing Machinery

Y2 - 21 June 2017 through 23 June 2017

ER -

Lee S, Choi J, Kim J, Cho B, Lee S, Kim H et al. FACT: Functionality-centric access control system for IoT programming frameworks. In SACMAT 2017 - Proceedings of the 22nd ACM Symposium on Access Control Models and Technologies. Association for Computing Machinery. 2017. p. 43-54. (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT). doi: 10.1145/3078861.3078864

FACT: Functionality-centric access control system for IoT programming frameworks

Abstract

Publication series

Other

Bibliographical note

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this