TY - GEN
T1 - FACT
T2 - 22nd ACM Symposium on Access Control Models and Technologies, SACMAT 2017
AU - Lee, Sanghak
AU - Choi, Jiwon
AU - Kim, Jihun
AU - Cho, Beumjin
AU - Lee, Sangho
AU - Kim, Hanjun
AU - Kim, Jong
PY - 2017/6/7
Y1 - 2017/6/7
N2 - Improvement in the security and availability is important for the success of the Internet of Things (IoT). Given that recent IoT devices are likely to have multiple functionalities and support third-party applications, this goal becomes challenging to achieve. Through an in-depth investigation of existing IoT frameworks, we focused on two inherent security flaws in their design caused by their device-centric approaches: (1) coarse-grained access control and (2) lack of resource isolation. Because of the coarse-grained access control, IoT devices suffer from over-privileged applications. Furthermore, the lack of resource isolation allows the possibility of Denial-of-Service attacks. In this paper, we propose a functionality-centric approach to managing IoT devices, called FACT, which has two design goals, namely, the principle of least privilege and the availability in terms of device functionalities. FACT isolates each functionality of the device using Linux Containers and grants a subject the privilege to access for each required functionality. We provide the overall framework and detailed working procedures between components that constitute FACT. We built a prototype of FACT on IoTivity and show that it accomplishes secure and efficient linkages between applications and functionalities of IoT devices through analysis and experiments.
AB - Improvement in the security and availability is important for the success of the Internet of Things (IoT). Given that recent IoT devices are likely to have multiple functionalities and support third-party applications, this goal becomes challenging to achieve. Through an in-depth investigation of existing IoT frameworks, we focused on two inherent security flaws in their design caused by their device-centric approaches: (1) coarse-grained access control and (2) lack of resource isolation. Because of the coarse-grained access control, IoT devices suffer from over-privileged applications. Furthermore, the lack of resource isolation allows the possibility of Denial-of-Service attacks. In this paper, we propose a functionality-centric approach to managing IoT devices, called FACT, which has two design goals, namely, the principle of least privilege and the availability in terms of device functionalities. FACT isolates each functionality of the device using Linux Containers and grants a subject the privilege to access for each required functionality. We provide the overall framework and detailed working procedures between components that constitute FACT. We built a prototype of FACT on IoTivity and show that it accomplishes secure and efficient linkages between applications and functionalities of IoT devices through analysis and experiments.
UR - http://www.scopus.com/inward/record.url?scp=85025466158&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85025466158&partnerID=8YFLogxK
U2 - 10.1145/3078861.3078864
DO - 10.1145/3078861.3078864
M3 - Conference contribution
AN - SCOPUS:85025466158
T3 - Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT
SP - 43
EP - 54
BT - SACMAT 2017 - Proceedings of the 22nd ACM Symposium on Access Control Models and Technologies
PB - Association for Computing Machinery
Y2 - 21 June 2017 through 23 June 2017
ER -