EAGER: USBRCCR: Collaborative: Lightweight Policy Enforcement of Information Flows in IoT Infrastructures

EAGER：USBRCCR：协作：物联网基础设施中信息流的轻量级策略执行

• 批准号: 1740897
• 负责人: Atul Prakash
• 金额: $ 16.37万
• 依托单位: Regents of the University of Michigan - Ann Arbor
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-09-01 至 2020-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1740897&HistoricalAwards=false
• 关键词: EAGER; USBRCCR; Collaborative; Lightweight; Policy

As Internet of Things (IoT) systems become deployed more widely, their security is becoming a serious concern in many domains, including smart homes, autonomous cars, or industrial control systems. Security exploits in IoT systems can lead to loss of privacy, data theft, financial losses, and even physical harm. The proposed work will develop a novel approach to harden security of IoT systems via cross-layer defense. The approach will be developed and evaluated in collaboration among three participating institutions in the US and Brazil. The project aims to provide technical foundations to harden the defense against several types of security attacks in IoT systems, and the project will also create broader impact through dissemination of results and education efforts.More technically, the proposed approach considers cross-layer defense at IoT app layer, network layer, and devices. The central concept is flow policies: the proposed work extracts flow policies from IoT apps, and then uses these policies to enforce desired flows and to detect violations at both the device and network layers. In contrast to general-purpose applications, the flows in IoT apps are expected to be often predictable and expressive enough to capture important properties such that detected flow violations indicate real problems and not false alarms. If policies are indeed found to be expressive enough, and checking them is lightweight in IoT systems, the approach will provide substantial benefits to improve defense of IoT systems in practice.

随着物联网（IoT）系统的部署越来越广泛，其安全性在许多领域（包括智能家居、自动驾驶汽车或工业控制系统）中正成为一个严重的问题。 物联网系统中的安全漏洞可能导致隐私丧失、数据窃取、经济损失甚至身体伤害。 拟议的工作将开发一种新的方法，通过跨层防御来加强物联网系统的安全性。 该方法将由美国和巴西的三个参与机构合作开发和评估。 该项目旨在提供技术基础，以加强对物联网系统中几种类型的安全攻击的防御，该项目还将通过传播成果和教育工作产生更广泛的影响。从技术上讲，所提出的方法考虑了物联网应用层，网络层和设备的跨层防御。 核心概念是流策略：拟议的工作从物联网应用程序中提取流策略，然后使用这些策略来执行所需的流，并在设备和网络层检测违规行为。与通用应用程序相比，物联网应用程序中的流通常具有足够的可预测性和表达性，以捕获重要属性，从而检测到的流违规指示真实的问题，而不是错误警报。 如果确实发现策略具有足够的表达能力，并且在物联网系统中检查它们是轻量级的，那么这种方法将为改善物联网系统的防御提供实质性的好处。

项目成果

Securing IoT Apps with Fine-grained Control of Information Flows

通过信息流的细粒度控制来保护物联网应用程序

• 发表时间: 2018
• 期刊: XVIII Brazilian Symposium On Information and Computational Systems Security
• 作者: Mauro Junior, Davino;Gama, Kiev;Prakash, Atul
• 通讯作者: Prakash, Atul

Tyche: A Risk-Based Permission Model for Smart Homes

Tyche：智能家居基于风险的权限模型

• DOI: 10.1109/secdev.2018.00012
• 发表时间: 2018
• 期刊: 2018 IEEE Cybersecurity Development (SecDev
• 作者: Rahmati, Amir;Fernandes, Earlence;Eykholt, Kevin;Prakash, Atul
• 通讯作者: Prakash, Atul

Open Source Vulnerability Notification

开源漏洞通知

• DOI: 10.1007/978-3-030-20883-7_2
• 发表时间: 2019
• 期刊: Lenarduzzi V. (eds
• 作者: Carlson, Brandon;Leach, Kevin;Marinov, Darko;Nagappan, Meiyappan;Prakash, Atul
• 通讯作者: Prakash, Atul

Physical Adversarial Examples for Object Detectors

• 发表时间: 2018-07
• 期刊: ArXiv
• 作者: Kevin Eykholt;I. Evtimov;Earlence Fernandes;Bo Li;Amir Rahmati;Florian Tramèr;Atul Prakash