Pyronia: Redesigning Least Privilege and Isolation for the Age of IoT

by   Marcela S. Melara, et al.

Third-party modules play a critical role in IoT applications, which generate and analyze highly privacy-sensitive data. Unlike traditional desktop and server settings, IoT devices are mostly single-purpose running a dedicated, single application. As a result, vulnerabilities in third-party libraries within a process pose a much bigger threat than on traditional platforms. Yet the only practical data protection mechanisms available today for IoT developers are ad-hoc tools that are not designed to prevent data leaks from malicious or vulnerable third-party code imported into an application. We present Pyronia, a privilege separation system for IoT applications written in high-level languages. Pyronia exploits developers' coarse-grained expectations about how imported third-party code operates to restrict access to files and devices, specific network destinations, and even in-memory data objects, at the level of individual library functions. To efficiently protect data as it flows through the application, Pyronia combines three access control techniques: system call interposition, call stack inspection, and memory protection domains. This design obviates the need for prior unintuitive or error-prone data flow analysis or application re-architecting, while enforcing the developer's access policy at run time. Our Pyronia prototype implementation for Python runs on a custom Linux kernel, and incurs low performance overhead on completely unmodified Python applications.


Pyronia: Intra-Process Access Control for IoT Applications

Third-party code plays a critical role in IoT applications, which genera...

EnclaveDom: Privilege Separation for Large-TCB Applications in Trusted Execution Environments

Trusted executions environments (TEEs) such as Intel(R) SGX provide hard...

Securing IoT Apps with Fine-grained Control of Information Flows

Internet of Things is growing rapidly, with many connected devices now a...

StackVault: Protection from Untrusted Functions

Data exfiltration attacks have led to huge data breaches. Recently, the ...

Towards Memory Safe Python Enclave for Security Sensitive Computation

Intel SGX Guard eXtensions (SGX), a hardware-supported trusted execution...

SGX-MR: Regulating Dataflows for Protecting Access Patterns of Data-Intensive SGX Applications

Intel SGX has been a popular trusted execution environment (TEE) for pro...

Does Collaborative Editing Help Mitigate Security Vulnerabilities in Crowd-Shared IoT Code Examples?

Background: With the proliferation of crowd-sourced developer forums, so...

Please sign up or login with your details

Forgot password? Click here to reset