Biblio
Filters: Keyword is memory isolation [Clear All Filters]
.
2018. SPEED: Secure Provable Erasure for Class-1 IoT Devices. Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy. :111–118.
The Internet of Things (IoT) consists of embedded devices that sense and manage our environment in a growing range of applications. Large-scale IoT systems such as smart cities require significant investment in both equipment and personnel. To maximize return on investment, IoT platforms should support multiple third-party applications and adaptation of infrastructure over time. Realizing the vision of shared IoT platforms demands strong security guarantees. That is particularly challenging considering the limited capability and resource constraints of many IoT devices. In this paper, we present SPEED, an approach to secure erasure with verifiability in IoT. Secure erasure is a fundamental property when it comes to share an IoT platform with other users which guarantees the cleanness of a device's memory at the beginning of the application deployment as well as at the time of releasing the underlying IoT device. SPEED relies on two security primitives: memory isolation and distance bounding protocol. We evaluate the performance of SPEED by implementing it on a simple bare-metal IoT device belongs to Class-1. Our evaluation results show a limited overhead in terms of memory footprint, time, and energy consumption.
.
2017. SΜV - the Security Microvisor: A Virtualisation-based Security Middleware for the Internet of Things. Proceedings of the 18th ACM/IFIP/USENIX Middleware Conference: Industrial Track. :36–42.
The Internet of Things (IoT) creates value by connecting digital processes to the physical world using embedded sensors, actuators and wireless networks. The IoT is increasingly intertwined with critical industrial processes, yet contemporary IoT devices offer limited security features, creating a large new attack surface and inhibiting the adoption of IoT technologies. Hardware security modules address this problem, however, their use increases the cost of embedded IoT devices. Furthermore, millions of IoT devices are already deployed without hardware security support. This paper addresses this problem by introducing a Security MicroVisor (SμV) middleware, which provides memory isolation and custom security operations using software virtualisation and assembly-level code verification. We showcase SμV by implementing a key security feature: remote attestation. Evaluation shows extremely low overhead in terms of memory, performance and battery lifetime for a representative IoT device.