Brokering Policies and Execution Monitors for IoT Middleware

Proceedings of the 24th ACM Symposium on Access Control Models and Technologies Pub Date : 2018-09-26 DOI:10.1145/3322431.3325098

Juan Carlos Fuentes Carranza, Philip W. L. Fong

{"title":"Brokering Policies and Execution Monitors for IoT Middleware","authors":"Juan Carlos Fuentes Carranza, Philip W. L. Fong","doi":"10.1145/3322431.3325098","DOIUrl":null,"url":null,"abstract":"Event-based systems lie at the heart of many cloud-based Internet-of-Things (IoT) platforms. This combination of the Broker architectural style and the Publisher-Subscriber design pattern provides a way for smart devices to communicate and coordinate with one another. The present design of these cloud-based IoT frameworks lacks measures to (i) protect devices against malicious cloud disconnections, (ii) impose information flow control among communicating parties, and (iii) enforce coordination protocols in the presence of compromised devices. In this work, we propose to extend the modular event-based system architecture of Fiege et al., to incorporate brokering policies and execution monitors, in order to address the three protection challenges mentioned above. We formalized the operational semantics of our protection scheme, explored how the scheme can be used to enforce BLP-style information flow control and RBAC-style protection domains, implemented the proposal in an open-source MQTT broker, and evaluated the performance impact of the protection mechanisms.","PeriodicalId":435953,"journal":{"name":"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies","volume":"215 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3322431.3325098","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

Abstract

Event-based systems lie at the heart of many cloud-based Internet-of-Things (IoT) platforms. This combination of the Broker architectural style and the Publisher-Subscriber design pattern provides a way for smart devices to communicate and coordinate with one another. The present design of these cloud-based IoT frameworks lacks measures to (i) protect devices against malicious cloud disconnections, (ii) impose information flow control among communicating parties, and (iii) enforce coordination protocols in the presence of compromised devices. In this work, we propose to extend the modular event-based system architecture of Fiege et al., to incorporate brokering policies and execution monitors, in order to address the three protection challenges mentioned above. We formalized the operational semantics of our protection scheme, explored how the scheme can be used to enforce BLP-style information flow control and RBAC-style protection domains, implemented the proposal in an open-source MQTT broker, and evaluated the performance impact of the protection mechanisms.

查看原文本刊更多论文

物联网中间件的代理策略和执行监视器

基于事件的系统是许多基于云的物联网(IoT)平台的核心。代理体系结构风格和发布者-订阅者设计模式的这种组合为智能设备之间的通信和协调提供了一种方式。这些基于云的物联网框架的当前设计缺乏以下措施:(i)保护设备免受恶意云断开连接，(ii)在通信各方之间施加信息流控制，以及(iii)在存在受损设备的情况下执行协调协议。在这项工作中，我们建议扩展Fiege等人基于事件的模块化系统架构，以合并代理策略和执行监视器，以解决上面提到的三个保护挑战。我们形式化了保护方案的操作语义，探索了如何使用该方案来实施blp风格的信息流控制和rbac风格的保护域，在开源MQTT代理中实现了该建议，并评估了保护机制的性能影响。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 24th ACM Symposium on Access Control Models and Technologies

自引率

0.00%

发文量