As Internet of Things (IoT) systems become deployed more widely, their security is becoming a serious concern in many domains, including smart homes, autonomous cars, or industrial control systems. Security exploits in IoT systems can lead to loss of privacy, data theft, financial losses, and even physical harm. The proposed work will develop a novel approach to harden security of IoT systems via cross-layer defense. The approach will be developed and evaluated in collaboration among three participating institutions in the US and Brazil. The project aims to provide technical foundations to harden the defense against several types of security attacks in IoT systems, and the project will also create broader impact through dissemination of results and education efforts. More technically, the proposed approach considers cross-layer defense at IoT app layer, network layer, and devices. The central concept is flow policies: the proposed work extracts flow policies from IoT apps, and then uses these policies to enforce desired flows and to detect violations at both the device and network layers. In contrast to general-purpose applications, the flows in IoT apps are expected to be often predictable and expressive enough to capture important properties such that detected flow violations indicate real problems and not false alarms. If policies are indeed found to be expressive enough, and checking them is lightweight in IoT systems, the approach will provide substantial benefits to improve defense of IoT systems in practice.
EAGER: USBRCCR: Collaborative: Lightweight Policy Enforcement of Information Flows in IoT Infrastructures