Aerogel: Lightweight Access Control Framework for WebAssembly-Based Bare-Metal IoT Devices.

Renju Liu, Luis Garcia, Mani Srivastava
{"title":"Aerogel: Lightweight Access Control Framework for WebAssembly-Based Bare-Metal IoT Devices.","authors":"Renju Liu,&nbsp;Luis Garcia,&nbsp;Mani Srivastava","doi":"","DOIUrl":null,"url":null,"abstract":"<p><p>Application latency requirements, privacy, and security concerns have naturally pushed computing onto smartphone and IoT devices in a decentralized manner. In response to these demands, researchers have developed micro-runtimes for WebAssembly (Wasm) on IoT devices to enable streaming applications to a runtime that can run the target binaries that are independent of the device. However, the migration of Wasm and the associated security research has neglected the urgent needs of access control on <i>bare-metal</i>, memory management unit (MMU)-less IoT devices that are sensing and actuating upon the physical environment. This paper presents Aerogel, an access control framework that addresses security gaps between the bare-metal IoT devices and the Wasm execution environment concerning access control for sensors, actuators, processor energy usage, and memory usage. In particular, we treat the runtime as a multi-tenant environment, where each Wasm-based application is a <i>tenant</i>. We leverage the inherent sandboxing mechanisms of Wasm to enforce the access control policies to sensors and actuators without trusting the bare-metal operating system. We evaluate our approach on a representative IoT development board: a cortex-M4 based development board (nRF52840). Our results show that Aerogel can effectively enforce compute resource and peripheral access control policies while introducing as little as 0.19% to 1.04% runtime overhead and consuming only 18.8% to 45.9% extra energy.</p>","PeriodicalId":94275,"journal":{"name":"2021 IEEE/ACM Symposium on Edge Computing : SEC 2021 : proceedings : December 14 - 17, 2021, San Jose, California","volume":"2021 ","pages":"94-105"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10512427/pdf/nihms-1839084.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE/ACM Symposium on Edge Computing : SEC 2021 : proceedings : December 14 - 17, 2021, San Jose, California","FirstCategoryId":"1085","ListUrlMain":"","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

Application latency requirements, privacy, and security concerns have naturally pushed computing onto smartphone and IoT devices in a decentralized manner. In response to these demands, researchers have developed micro-runtimes for WebAssembly (Wasm) on IoT devices to enable streaming applications to a runtime that can run the target binaries that are independent of the device. However, the migration of Wasm and the associated security research has neglected the urgent needs of access control on bare-metal, memory management unit (MMU)-less IoT devices that are sensing and actuating upon the physical environment. This paper presents Aerogel, an access control framework that addresses security gaps between the bare-metal IoT devices and the Wasm execution environment concerning access control for sensors, actuators, processor energy usage, and memory usage. In particular, we treat the runtime as a multi-tenant environment, where each Wasm-based application is a tenant. We leverage the inherent sandboxing mechanisms of Wasm to enforce the access control policies to sensors and actuators without trusting the bare-metal operating system. We evaluate our approach on a representative IoT development board: a cortex-M4 based development board (nRF52840). Our results show that Aerogel can effectively enforce compute resource and peripheral access control policies while introducing as little as 0.19% to 1.04% runtime overhead and consuming only 18.8% to 45.9% extra energy.

Abstract Image

Aerogel:基于WebAssembly的裸金属物联网设备的轻量级访问控制框架。
应用程序延迟要求、隐私和安全问题自然而然地将计算以去中心化的方式推到了智能手机和物联网设备上。为了满足这些需求,研究人员在物联网设备上开发了WebAssembly(Wasm)的微运行时,使流式应用程序能够运行独立于设备的目标二进制文件。然而,Wasm的迁移和相关的安全研究忽略了对裸金属、无内存管理单元(MMU)物联网设备的访问控制的迫切需求,这些设备对物理环境进行感知和驱动。本文介绍了Aerogel,这是一个访问控制框架,解决了裸金属物联网设备和Wasm执行环境之间的安全差距,涉及传感器、执行器、处理器能源使用和内存使用的访问控制。特别是,我们将运行时视为一个多租户环境,其中每个基于Wasm的应用程序都是一个租户。我们利用Wasm固有的沙箱机制,在不信任裸机操作系统的情况下,强制执行对传感器和执行器的访问控制策略。我们在一个具有代表性的物联网开发板上评估了我们的方法:一个基于cortex-M4的开发板(nRF52840)。我们的结果表明,Aerogel可以有效地执行计算资源和外围访问控制策略,同时只引入0.19%至1.04%的运行时开销,并且只消耗18.8%至45.9%的额外能量。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信