FlowFence: Practical Data Protection for Emerging IoT Application Frameworks. Fernandes, E., Paupore, J., Rahmati, A., Simionato, D., Conti, M., & Prakash, A. In Proceedings of the USENIX Security Symposium, pages 531-548, 8, 2016. USENIX Association.
FlowFence: Practical Data Protection for Emerging IoT Application Frameworks [link]Website  abstract   bibtex   
Emerging IoT programming frameworks enable building apps that compute on sensitive data produced by smart homes and wearables. However, these frameworks only support permission-based access control on sensitive data, which is ineffective at controlling how apps use data once they gain access. To address this limitation, we present FlowFence, a system that requires consumers of sensitive data to declare their intended data flow patterns, which it enforces with low overhead, while blocking all other undeclared flows. FlowFence achieves this by explicitly embedding data flows and the related control flows within app structure. Developers use Flow- Fence support to split their apps into two components: (1) A set of Quarantined Modules that operate on sensitive data in sandboxes, and (2) Code that does not operate on sensitive data but orchestrates execution by chaining Quarantined Modules together via taint-tracked opaque handles—references to data that can only be dereferenced inside sandboxes. We studied three existing IoT frameworks to derive key functionality goals for Flow- Fence, and we then ported three existing IoT apps. Securing these apps using FlowFence resulted in an average increase in size from 232 lines to 332 lines of source code. Performance results on ported apps indicate that FlowFence is practical: A face-recognition based doorcontroller app incurred a 4.9% latency overhead to recognize a face and unlock a door.
@inProceedings{
 title = {FlowFence: Practical Data Protection for Emerging IoT Application Frameworks},
 type = {inProceedings},
 year = {2016},
 keywords = {iot,iotsec,security},
 pages = {531-548},
 websites = {https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/fernandes},
 month = {8},
 publisher = {USENIX Association},
 city = {Austin, TX},
 id = {715cba99-5ca4-3a63-9a1d-8312f4068d63},
 created = {2018-07-12T21:32:14.561Z},
 file_attached = {false},
 profile_id = {f954d000-ce94-3da6-bd26-b983145a920f},
 group_id = {b0b145a3-980e-3ad7-a16f-c93918c606ed},
 last_modified = {2018-07-12T21:32:14.561Z},
 read = {false},
 starred = {false},
 authored = {false},
 confirmed = {true},
 hidden = {false},
 citation_key = {fernandes:flowfence},
 source_type = {inproceedings},
 notes = {A method for controlling data flows in appified smart-home platforms. App developers split their code into blocks that handle sensitive data, and control flow that glue together the blocks. FlowFence runs the blocks in safe sandboxes and uses taint tracking to ensure that sensitive data does not leave the blocks except in chunks referenced by opaque handles. They survey existing platforms to understand the security challenges and provide input to design of FlowFence. They build and evaluate a prototype implementation. See their summary and info at https://iotsecurity.eecs.umich.edu/#flowfence},
 private_publication = {false},
 abstract = {Emerging IoT programming frameworks enable building apps that compute on sensitive data produced by smart homes and wearables. However, these frameworks only support permission-based access control on sensitive data, which is ineffective at controlling how apps use data once they gain access. To address this limitation, we present FlowFence, a system that requires consumers of sensitive data to declare their intended data flow patterns, which it enforces with low overhead, while blocking all other undeclared flows. FlowFence achieves this by explicitly embedding data flows and the related control flows within app structure. Developers use Flow- Fence support to split their apps into two components: (1) A set of Quarantined Modules that operate on sensitive data in sandboxes, and (2) Code that does not operate on sensitive data but orchestrates execution by chaining Quarantined Modules together via taint-tracked opaque handles—references to data that can only be dereferenced inside sandboxes. We studied three existing IoT frameworks to derive key functionality goals for Flow- Fence, and we then ported three existing IoT apps. Securing these apps using FlowFence resulted in an average increase in size from 232 lines to 332 lines of source code. Performance results on ported apps indicate that FlowFence is practical: A face-recognition based doorcontroller app incurred a 4.9% latency overhead to recognize a face and unlock a door.},
 bibtype = {inProceedings},
 author = {Fernandes, Earlence and Paupore, Justin and Rahmati, Amir and Simionato, Daniel and Conti, Mauro and Prakash, Atul},
 booktitle = {Proceedings of the USENIX Security Symposium}
}
Downloads: 0