Maverick: An App-independent and Platform-agnostic Approach to Enforce Policies in IoT Systems at Runtime

M. Hammad Mazhar; Li Li; Endadul Hoque; Omar Haider Chowdhury

doi:10.1145/3558482.3590188

Back

Maverick: An App-independent and Platform-agnostic Approach to Enforce Policies in IoT Systems at Runtime

Conference proceeding

Open access

Maverick: An App-independent and Platform-agnostic Approach to Enforce Policies in IoT Systems at Runtime

M. Hammad Mazhar, Li Li, Endadul Hoque and Omar Haider Chowdhury

WiSec '23: Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp.73-84

WiSec '23: 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks (Guildford, United Kingdom, 05/29/2023–06/01/2023)

01/01/2023

DOI: 10.1145/3558482.3590188

Appears in UI Libraries Support Open Access

Files and links (1)

url

https://doi.org/10.1145/3558482.3590188View

Published (Version of record) Open Access

Abstract

Many solutions have been proposed to curb unexpected behavior of automation apps installed on programmable IoT platforms by enforcing safety policies at runtime. However, all prior work addresses a weaker version of the actual problem due to a simpler, unrealistic threat model. These solutions are not general enough as they are heavily dependent on the installed apps and catered to specific IoT platforms. Here, we address a stronger version of the problem via a realistic threat model, where (i) undesired cyber actions can come from not only automation platform backends (e.g., SmartThings) but also close-sourced third-party services (e.g., IFTTT), and (ii) physical actions (e.g., user interactions) on devices can move the IoT system to an undesirable state. We propose a runtime mechanism, dubbed Maverick, which employs an appindependent, platform-agnostic mediator to enforce policies against all undesired cyber actions and applies corrective-actions to bring the IoT system back to a safe state from an unsafe state transition. Maverick is equipped with a policy language capable of expressing rich temporal invariants and an automated toolchain that includes a policy synthesizer and a policy analyzer for user assistance. We implemented Maverick in a prototype and showed its efficacy in both physical and virtual testbeds, incurring minimal overhead.

iot systems

policy enforcement

policy synthesis

policy analysis

UIOWA OA Agreement

Details

Title: Subtitle: Maverick: An App-independent and Platform-agnostic Approach to Enforce Policies in IoT Systems at Runtime
Creators: M. Hammad Mazhar - University of Iowa
Li Li - Syracuse University
Endadul Hoque - Syracuse University
Omar Haider Chowdhury - University of Iowa, Computer Science
Resource Type: Conference proceeding
Publication Details: WiSec '23: Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp.73-84
Conference: WiSec '23: 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks (Guildford, United Kingdom, 05/29/2023–06/01/2023)
DOI: 10.1145/3558482.3590188
Publisher: Association for Computing Machinery (ACM)
Number of pages: 12
Grant note: CNS 2006556; CNS 2007512 / National Science Foundation; National Science Foundation (NSF)
Language: English
Date published: 01/01/2023
Academic Unit: Computer Science
Record Identifier: 9984473237402771

Metrics

7 Record Views

1 Times Cited - Web of Science