Access Control for Apps Running on Constrained Devices in the Internet of Things (original) (raw)

Expressive policy based access control for resource-constrained devices

IEEE Access

Upcoming smart scenarios enabled by the Internet of Things (IoT) envision smart objects that expose services that can adapt to user behaviour or be managed with the goal of achieving higher productivity, often in multi-stakeholder applications. In such environments, smart things are cheap sensors (and actuators) and, therefore, constrained devices. However, they are also critical components because of the importance of the provided information. Therefore, strong security is a must. Nevertheless, existing feasible approaches do not cope well with the principle of least privilege; they lack both expressiveness and the ability to update the policy to be enforced in the sensors. In this paper, we propose an access control model that comprises a policy language that provides dynamic finegrained policy enforcement in the sensors based on local context conditions. This dynamic policy cycle requires a secure, efficient and traceable message exchange protocol. For that purpose, a security protocol called Hidra is also proposed. A security and performance evaluation demonstrates the feasibility and adequacy of the proposed protocol and access control model.

Operating Systems for the IoT – Goals, Challenges, and Solutions

The Internet of Things (IoT) embodies a wide spectrum of machines ranging from sensors powered by 8-bit microcontrollers to devices powered by processors equivalent to those found in smartphones. Neither traditional operating systems currently running on Internet hosts, nor typical operating systems for sensor networks are capable to fulfill all at once the diverse requirements of such a wide range of devices. Hence, in order to avoid redundant developments and maintenance costs of IoT products, a novel, unifying type of operating system is needed. This paper analyzes requirements of an operating system for the IoT. We introduce RIOT, an operating system that satisfies these demands.

CRêPE: A System for Enforcing Fine-Grained Context-Related Policies on Android

IEEE Transactions on Information Forensics and Security, 2000

Current smartphone systems allow the user to use only marginally contextual information to specify the behaviour of the applications: this hinders the wide adoption of this technology to its full potential. In this paper, we fill this gap by proposing CRêPE, a fine-grained Context-Related Policy Enforcement System for Android. While the concept of contextrelated access control is not new, this is the first work that brings this concept into the smartphone environment. In particular, in our work a context can be defined by: the status of variables sensed by physical (low level) sensors, like time and location; additional processing on these data via software (high level) sensors; or particular interactions with the users or third parties. CRêPE allows context-related policies to be set (even at runtime) by both the user and authorized third parties locally (via an application) or remotely (via SMS, MMS, Bluetooth, and QR-code). A thorough set of experiments shows that our full implementation of CRêPE has a negligible overhead in terms of energy consumption, time, and storage, making our system ready for a production environment.

DroidCap: OS Support for Capability-based Permissions in Android

Proceedings 2019 Network and Distributed System Security Symposium

We present DROIDCAP, a retrofitting of Android's central Binder IPC mechanism to change the way how permissions are being represented and managed in the system. In DROIDCAP, permissions are per-process Binder objectcapabilities. DROIDCAP's design removes Android's UID-based ambient authority and allows the delegation of capabilities between processes to create least-privileged protection domains efficiently. With DROIDCAP, we show that object-capabilities as underlying access control model integrates naturally and backward-compatible into Android's stock permission model and application management. Thus, our Binder capabilities provide app developers with a new path to gradually adopting app compartmentalization, which we showcase at two favorite examples from the literature, privilege separated advertisement libraries and least privileged app components. At the heart of our paradigm shift for representing permissions in Android is an extension to Android's Binder IPC mechanism. Binder IPC is the primary IPC channel for communication among all apps and between system services

IAACaaS: IoT Application-Scoped Access Control as a Service

Future Internet, 2017

access control is a key element when guaranteeing the security of online services. However, devices that make the Internet of Things have some special requirements that foster new approaches to access control mechanisms. Their low computing capabilities impose limitations that make traditional paradigms not directly applicable to sensors and actuators. In this paper, we propose a dynamic, scalable, IoT-ready model that is based on the OAuth 2.0 protocol and that allows the complete delegation of authorization, so that an as a service access control mechanism is provided. Multiple tenants are also supported by means of application-scoped authorization policies, whose roles and permissions are fine-grained enough to provide the desired flexibility of configuration. Besides, OAuth 2.0 ensures interoperability with the rest of the Internet, yet preserving the computing constraints of IoT devices, because its tokens provide all the necessary information to perform authorization. The proposed model has been fully implemented in an open-source solution and also deeply validated in the scope of FIWARE, a European project with thousands of users, the goal of which is to provide a framework for developing smart applications and services for the future Internet. We provide the details of the deployed infrastructure and offer the analysis of a sample smart city setup that takes advantage of the model. We conclude that the proposed solution enables a new access control as a service paradigm that satisfies the special requirements of IoT devices in terms of performance, scalability and interoperability.

Mobile Resource Guarantees for Smart Devices

Lecture Notes in Computer Science, 2005

We present the Mobile Resource Guarantees framework: a system for ensuring that downloaded programs are free from run-time violations of resource bounds. Certificates are attached to code in the form of efficiently checkable proofs of resource bounds; in contrast to cryptographic certificates of code origin, these are independent of trust networks. A novel programming language with resource constraints encoded in function types is used to streamline the generation of proofs of resource usage.

Adaptive Access Control Policies for IoT Deployments

2020 International Wireless Communications and Mobile Computing (IWCMC), 2020

In the era of the Internet of Things (IoT), it has become possible for a set of smart devices to collaborate autonomously and communicate seamlessly to achieve complex tasks that require a high degree of intelligence. Unlike traditional internet devices, a compromised IoT device can cause real-world damages. The severity of these damages increases dangerously in sensitive contexts especially when these devices are controlled by system insiders. Detecting abnormal access behaviors in such environments is quite challenging, due to frequent changes in the access contexts under which the IoT device can be accessed. In this paper, we propose an adaptive access control policy framework that dynamically refines the system access policies in response to changes in the device-to-device access behavior. We apply supervised machine learning to model and classify the device access behavior based on a real-life data set. We provide a use case scenario of a door locking system to validate our wor...

Access control management for ubiquitous computing

Future Generation Computer Systems, 2008

The purpose of ubiquitous computing is anywhere and anytime access to information within computing infrastructures that is blended into a background and no longer be reminded. This ubiquitous computing poses new security challenges while the information can be accessed at anywhere and anytime because it may be applied by criminal users. Additionally, the information may contain private information that cannot be shared by all user communities. Several approaches are developed to protect information for pervasive environments against malicious users. However, ad hoc mechanisms or protocols are typically added in the approaches by compromising disorganized policies or additional components to protect from unauthorized access.

Design and Implementation of a Fine-grained Resource Usage Model for the Android Platform

2010

Android is among the new breed of smartphone software stacks. It is powerful yet friendly enough to be widely adopted by both the end users and the developer community. This adoption has led to the creation of a large number of thirdparty applications that run on top of the software stack accessing device resources and data. Users installing third party applications are provided information about which resources an application might use but have no way of restricting access to these resources if they wish to use the application. All permissions have to be granted or the application fails to install. In this paper, we present a fine-grained usage control model for Android that allows users to specify exactly what resources an application should be allowed access to. These decisions might be based on runtime constraints such as time of day or location of the device or on application attributes such as the number of SMSs already sent by the application. We give details of our implementation and describe an extended installer that provides an easy-to-use interface to the users for setting their policies. Our architecture only requires a minimal change to the existing code base and is thus compatible with the existing security mechanism. As a result, it has a high potential for adoption by the Android community at large.