The Case for I/O-Device-as-a-Service

Abstract

Many computer systems, especially mobile and IoT systems, use a large number of I/O devices. A contemporary OS acts as a security guard for these devices, which trust the OS to correctly implement the "perimeter defense." Moreover, the OS also trusts these devices and their drivers to be well-behaved and bug-free. This interwoven trust model complicates the security of the system as a single vulnerable component can undermine all security guarantees. Not surprising, this architecture has failed to achieve strong security as evident by attacks that have targeted I/O devices or their drivers. In this paper, we call for a radically new approach, called I/O-Device-as-a-Service (IDaaS), where each I/O device acts a separate service and is responsible for its own security. Inspired by Service-Oriented Architecture (SOA), IDaaS requires every device to be equipped with its own software stack and provide an externalizable API that can be safely exposed to untrusted software. We discuss the design decisions in IDaaS, highlight its security benefits and research challenges, and present a case study.