Maverick: An App-independent and Platform-agnostic Approach to Enforce Policies in IoT Systems at Runtime

M. Hammad Mazhar, Li Li, Endadul Hoque, Omar Chowdhury

Research output: Chapter in Book/Entry/PoemConference contribution

1 Scopus citations

Abstract

Many solutions have been proposed to curb unexpected behavior of automation apps installed on programmable IoT platforms by enforcing safety policies at runtime. However, all prior work addresses a weaker version of the actual problem due to a simpler, unrealistic threat model. These solutions are not general enough as they are heavily dependent on the installed apps and catered to specific IoT platforms. Here, we address a stronger version of the problem via a realistic threat model, where (i) undesired cyber actions can come from not only automation platform backends (e.g., SmartThings) but also close-sourced third-party services (e.g., IFTTT), and (ii) physical actions (e.g., user interactions) on devices can move the IoT system to an undesirable state. We propose a runtime mechanism, dubbed Maverick, which employs an app-independent, platform-agnostic mediator to enforce policies against all undesired cyber actions and applies corrective-actions to bring the IoT system back to a safe state from an unsafe state transition. Maverick is equipped with a policy language capable of expressing rich temporal invariants and an automated toolchain that includes a policy synthesizer and a policy analyzer for user assistance. We implemented Maverick in a prototype and showed its efficacy in both physical and virtual testbeds, incurring minimal overhead.

Original languageEnglish (US)
Title of host publicationWiSec 2023 - Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks
PublisherAssociation for Computing Machinery, Inc
Pages73-84
Number of pages12
ISBN (Electronic)9781450398596
DOIs
StatePublished - May 29 2023
Event16th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2023 - Guildford, United Kingdom
Duration: May 29 2023Jun 1 2023

Publication series

NameWiSec 2023 - Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks

Conference

Conference16th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2023
Country/TerritoryUnited Kingdom
CityGuildford
Period5/29/236/1/23

Keywords

  • iot systems
  • policy analysis
  • policy enforcement
  • policy synthesis

ASJC Scopus subject areas

  • Computer Science Applications
  • Information Systems
  • Software
  • Safety Research
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Maverick: An App-independent and Platform-agnostic Approach to Enforce Policies in IoT Systems at Runtime'. Together they form a unique fingerprint.

Cite this