FACT: Functionality-centric access control system for IoT programming frameworks

Sanghak Lee, Jiwon Choi, Jihun Kim, Beumjin Cho, Sangho Lee, Hanjun Kim, Jong Kim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

16 Citations (Scopus)

Abstract

Improvement in the security and availability is important for the success of the Internet of Things (IoT). Given that recent IoT devices are likely to have multiple functionalities and support third-party applications, this goal becomes challenging to achieve. Through an in-depth investigation of existing IoT frameworks, we focused on two inherent security flaws in their design caused by their device-centric approaches: (1) coarse-grained access control and (2) lack of resource isolation. Because of the coarse-grained access control, IoT devices suffer from over-privileged applications. Furthermore, the lack of resource isolation allows the possibility of Denial-of-Service attacks. In this paper, we propose a functionality-centric approach to managing IoT devices, called FACT, which has two design goals, namely, the principle of least privilege and the availability in terms of device functionalities. FACT isolates each functionality of the device using Linux Containers and grants a subject the privilege to access for each required functionality. We provide the overall framework and detailed working procedures between components that constitute FACT. We built a prototype of FACT on IoTivity and show that it accomplishes secure and efficient linkages between applications and functionalities of IoT devices through analysis and experiments.

Original languageEnglish
Title of host publicationSACMAT 2017 - Proceedings of the 22nd ACM Symposium on Access Control Models and Technologies
PublisherAssociation for Computing Machinery
Pages43-54
Number of pages12
ISBN (Electronic)9781450347020
DOIs
Publication statusPublished - 2017 Jun 7
Event22nd ACM Symposium on Access Control Models and Technologies, SACMAT 2017 - Indianapolis, United States
Duration: 2017 Jun 212017 Jun 23

Publication series

NameProceedings of ACM Symposium on Access Control Models and Technologies, SACMAT
VolumePart F128644

Other

Other22nd ACM Symposium on Access Control Models and Technologies, SACMAT 2017
CountryUnited States
CityIndianapolis
Period17/6/2117/6/23

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Information Systems

Fingerprint Dive into the research topics of 'FACT: Functionality-centric access control system for IoT programming frameworks'. Together they form a unique fingerprint.

  • Cite this

    Lee, S., Choi, J., Kim, J., Cho, B., Lee, S., Kim, H., & Kim, J. (2017). FACT: Functionality-centric access control system for IoT programming frameworks. In SACMAT 2017 - Proceedings of the 22nd ACM Symposium on Access Control Models and Technologies (pp. 43-54). (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT; Vol. Part F128644). Association for Computing Machinery. https://doi.org/10.1145/3078861.3078864