Modeling virtual channel to enforce runtime properties for IoT services

Abstract

Ensuring an industrial information infrastructure in a secure and safe state is a critical and mandatory requirement. Existing execution monitoring technologies do not work well to protect physical systems, especially when these supervisory control systems are open via the Internet, and the "inside" malwares may compromise and subvert the monitoring mechanism itself. In this paper, we propose an isolation-based solution to enforce property policies for runtime IoT services. We firstly address the issue of isolation-based service trace observation by establishing and modeling a virtual channel. We then address the issue of isolation-based policy enforcement by dealing with the incompleteness and inconsistency of trace knowledge observed in the virtual channel. Finally, physical systems are introduced into our runtime monitors, where the controllability of IoT services is discussed as an example of service property enforcement. We make some experiments to show our idea.