EAGER: USBRCCR: Collaborative: Lightweight Policy Enforcement of Information Flows in IoT Infrastructures

EAGER：USBRCCR：协作：物联网基础设施中信息流的轻量级策略执行

• 批准号: 1740897
• 负责人: Atul Prakash
• 金额: $ 16.37万
• 依托单位: Regents of the University of Michigan - Ann Arbor
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-09-01 至 2020-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1740897&HistoricalAwards=false
• 关键词: EAGER; USBRCCR; Collaborative; Lightweight; Policy

As Internet of Things (IoT) systems become deployed more widely, their security is becoming a serious concern in many domains, including smart homes, autonomous cars, or industrial control systems. Security exploits in IoT systems can lead to loss of privacy, data theft, financial losses, and even physical harm. The proposed work will develop a novel approach to harden security of IoT systems via cross-layer defense. The approach will be developed and evaluated in collaboration among three participating institutions in the US and Brazil. The project aims to provide technical foundations to harden the defense against several types of security attacks in IoT systems, and the project will also create broader impact through dissemination of results and education efforts.More technically, the proposed approach considers cross-layer defense at IoT app layer, network layer, and devices. The central concept is flow policies: the proposed work extracts flow policies from IoT apps, and then uses these policies to enforce desired flows and to detect violations at both the device and network layers. In contrast to general-purpose applications, the flows in IoT apps are expected to be often predictable and expressive enough to capture important properties such that detected flow violations indicate real problems and not false alarms. If policies are indeed found to be expressive enough, and checking them is lightweight in IoT systems, the approach will provide substantial benefits to improve defense of IoT systems in practice.

随着物联网(IoT)系统的部署越来越广泛，其安全性在许多领域都成为一个严重的问题，包括智能家居、自动驾驶汽车或工业控制系统。物联网系统中的安全漏洞可能会导致隐私丢失、数据被盗、财务损失，甚至造成人身伤害。这项工作将开发一种新的方法，通过跨层防御来加强物联网系统的安全性。该方法将由美国和巴西的三家参与机构共同开发和评估。该项目旨在为加强对物联网系统中几种类型的安全攻击的防御提供技术基础，该项目还将通过成果传播和教育工作产生更广泛的影响。从更严格的技术角度来看，该方法考虑了物联网应用层、网络层和设备的跨层防御。核心概念是流策略：提议的工作从物联网应用程序中提取流策略，然后使用这些策略来强制执行所需的流并检测设备层和网络层的违规行为。与通用应用程序不同，物联网应用程序中的流通常具有足够的可预测性和表现力，可以捕获重要属性，以便检测到的流违规行为表明存在真正的问题，而不是虚假警报。如果确实发现策略具有足够的表现力，并且在物联网系统中检查它们是轻量级的，那么这种方法将在实践中为改进物联网系统的防御提供实质性的好处。

项目成果

Securing IoT Apps with Fine-grained Control of Information Flows

通过信息流的细粒度控制来保护物联网应用程序

• 发表时间: 2018
• 期刊: XVIII Brazilian Symposium On Information and Computational Systems Security
• 作者: Mauro Junior, Davino;Gama, Kiev;Prakash, Atul
• 通讯作者: Prakash, Atul

Tyche: A Risk-Based Permission Model for Smart Homes

Tyche：智能家居基于风险的权限模型

• DOI: 10.1109/secdev.2018.00012
• 发表时间: 2018
• 期刊: 2018 IEEE Cybersecurity Development (SecDev
• 作者: Rahmati, Amir;Fernandes, Earlence;Eykholt, Kevin;Prakash, Atul
• 通讯作者: Prakash, Atul

Open Source Vulnerability Notification

开源漏洞通知

• DOI: 10.1007/978-3-030-20883-7_2
• 发表时间: 2019
• 期刊: Lenarduzzi V. (eds
• 作者: Carlson, Brandon;Leach, Kevin;Marinov, Darko;Nagappan, Meiyappan;Prakash, Atul
• 通讯作者: Prakash, Atul

Physical Adversarial Examples for Object Detectors

• 发表时间: 2018-07
• 期刊: ArXiv
• 作者: Kevin Eykholt;I. Evtimov;Earlence Fernandes;Bo Li;Amir Rahmati;Florian Tramèr;Atul Prakash