CAREER: Foundations for IoT Cloud Security

职业：物联网云安全的基础

• 批准号: 2145675
• 负责人: Luyi Xing
• 金额: $ 55.07万
• 依托单位: Indiana University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-07-01 至 2027-06-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2145675&HistoricalAwards=false
• 关键词: CAREER; Foundations; IoT; Cloud; Security

The Internet of things (IoT) cloud is one of the key pillars of the foundation upon which modern IoT systems rest (Smart Home, Industrial, Smart City, Retail, and Health applications, etc.). Newer IoT devices are taking advantage of the managed Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) IoT cloud services (e.g., AWS IoT Core, Azure IoT Hub), which offload much of the security responsibilities and deployment burden from device manufacturers to the public cloud providers. IoT clouds must manage trust for hundreds of millions of IoT devices and users, and provide device manufacturers reliable and usable tools for secure IoT deployments. In the IoT cloud systems, compromised security or improper deployments can cause hazardous and deadly consequences. The outcomes of the proposed work will (1) establish the foundational scientific theory, security principles, and practices that define the field of IoT cloud security and (2) protect PaaS and IaaS IoT clouds that underlie the wide array of Smart Home, Health, Industrial, Smart City, Retail, and critical infrastructure from cyberattacks. Techniques and tools to be developed in this project will be used by IoT developers, security analysts in industry, academic researchers, and a wide range of students (system security, formal methods, and engineering).IoT cloud systems have specific challenges imposed by their requirements of large-scale distributed trust management and secure support of emerging IoT computing paradigms such as IoT interoperability, which preclude direct application of solutions devised for general-purpose systems. The project will characterize these challenges while addressing three key, novel research thrusts. The first thrust is to formalize the threats concerning the emerging paradigms of IoT interoperability to conduct novel attacks, and formally verify their security in IoT cloud systems and protocols. The second thrust is to explore and understand emerging cyberattacks leveraging misconfiguration of cloud IoT policies by device manufacturers, and develop innovative formal modeling and verification approaches to elevate security assurance of policy specification and cloud-based IoT deployments. The third thrust is informed by the first two thrusts, which identify the threats and challenges, and is to fundamentally address the threats by developing a systematized IoT-cloud security framework with a set of innovative techniques, including secure clean-slate design of IoT interoperability protocols, a novel in-device channel control framework, and hardened supply chain for IoT brokers (a core component of IoT clouds). Through these thrusts, this project will produce new foundational understanding and methods to safeguard modern and the next generation of IoT cloud systems.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

物联网（IoT）云是现代物联网系统（智能家居、工业、智慧城市、零售和健康应用等）的关键支柱之一。较新的物联网设备正在利用托管平台即服务（PaaS）和云结构即服务（IaaS）物联网云服务（例如，AWS IoT Core、Azure IoT Hub），将大部分安全责任和部署负担从设备制造商转移到公共云提供商。物联网云必须管理数亿物联网设备和用户的信任，并为设备制造商提供可靠和可用的工具，以实现安全的物联网部署。在物联网云系统中，安全性受损或部署不当可能会导致危险和致命的后果。拟议工作的成果将（1）建立定义物联网云安全领域的基础科学理论、安全原则和实践，（2）保护作为智能家居、健康、工业、智能城市、零售和关键基础设施基础的PaaS和IaaS物联网云免受网络攻击。在这个项目中开发的技术和工具将被物联网开发人员，行业安全分析师，学术研究人员和广泛的学生使用物联网云系统具有由其大规模分布式信任管理和新兴物联网计算范例的安全支持的要求所强加的特定挑战，所述新兴物联网计算范例诸如物联网互操作性、这排除了为通用系统设计的解决方案的直接应用。该项目将描述这些挑战，同时解决三个关键的，新颖的研究重点。第一个重点是正式确定与物联网互操作性的新兴范例有关的威胁，以进行新的攻击，并正式验证其在物联网云系统和协议中的安全性。第二个重点是探索和理解利用设备制造商对云物联网策略的错误配置的新兴网络攻击，并开发创新的正式建模和验证方法，以提高策略规范和基于云的物联网部署的安全保证。第三个重点是由前两个重点确定的，这两个重点确定了威胁和挑战，并通过开发一套创新技术的系统化物联网云安全框架从根本上解决威胁，包括物联网互操作性协议的安全干净设计，新型设备内渠道控制框架和物联网代理的硬化供应链（物联网云的核心组件）。该奖项反映了NSF的法定使命，通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Perils and Mitigation of Security Risks of Cooperation in Mobile-as-a-Gateway IoT

• DOI: 10.1145/3548606.3560590
• 发表时间: 2022-11
• 期刊: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Xin'an Zhou;Jiale Guan;Luyi Xing;Zhiyun Qian

Who's In Control? On Security Risks of Disjointed IoT Device Management Channels

• DOI: 10.1145/3460120.3484592
• 发表时间: 2021-11
• 期刊: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Yan Jia;Bin Yuan;Luyi Xing;Dongfang Zhao;Yifan Zhang;Xiaofeng Wang;Yijing Liu;Kaimin Zheng;Peyton Crnjak;Yuqing Zhang;Deqing Zou;Hai Jin

P-Verifier: Understanding and Mitigating Security Risks in Cloud-based IoT Access Policies

• DOI: 10.1145/3548606.3560680
• 发表时间: 2022-11
• 期刊: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Ze Jin;Luyi Xing;Yiwei Fang;Yan Jia;Bin Yuan;Qixu Liu