Improvement in the security and availability is important for the success of the Internet of Things (IoT). Given that recent IoT devices are likely to have multiple functionalities and support third-party applications, this goal becomes challenging to achieve. Through an in-depth investigation of existing IoT frameworks, we focused on two inherent security flaws in their design caused by their device-centric approaches: (1) coarse-grained access control and (2) lack of resource isolation. Because of the coarse-grained access control, IoT devices suffer from over-privileged applications. Furthermore, the lack of resource isolation allows the possibility of Denial-of-Service attacks. In this paper, we propose a functionality-centric approach to managing IoT devices, called FACT, which has two design goals, namely, the principle of least privilege and the availability in terms of device functionalities. FACT isolates each functionality of the device using Linux Containers and grants a subject the privilege to access for each required functionality. We provide the overall framework and detailed working procedures between components that constitute FACT. We built a prototype of FACT on IoTivity and show that it accomplishes secure and efficient linkages between applications and functionalities of IoT devices through analysis and experiments.
|Title of host publication||SACMAT 2017 - Proceedings of the 22nd ACM Symposium on Access Control Models and Technologies|
|Publisher||Association for Computing Machinery|
|Number of pages||12|
|Publication status||Published - 2017 Jun 7|
|Event||22nd ACM Symposium on Access Control Models and Technologies, SACMAT 2017 - Indianapolis, United States|
Duration: 2017 Jun 21 → 2017 Jun 23
|Name||Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT|
|Other||22nd ACM Symposium on Access Control Models and Technologies, SACMAT 2017|
|Period||17/6/21 → 17/6/23|
Bibliographical notePublisher Copyright:
© 2017 Association for Computing Machinery.
All Science Journal Classification (ASJC) codes
- Computer Networks and Communications
- Safety, Risk, Reliability and Quality
- Information Systems