Pyronia: Redesigning Least Privilege and Isolation for the Age of IoT

03/05/2019
by   Marcela S. Melara, et al.
0

Third-party modules play a critical role in IoT applications, which generate and analyze highly privacy-sensitive data. Unlike traditional desktop and server settings, IoT devices are mostly single-purpose running a dedicated, single application. As a result, vulnerabilities in third-party libraries within a process pose a much bigger threat than on traditional platforms. Yet the only practical data protection mechanisms available today for IoT developers are ad-hoc tools that are not designed to prevent data leaks from malicious or vulnerable third-party code imported into an application. We present Pyronia, a privilege separation system for IoT applications written in high-level languages. Pyronia exploits developers' coarse-grained expectations about how imported third-party code operates to restrict access to files and devices, specific network destinations, and even in-memory data objects, at the level of individual library functions. To efficiently protect data as it flows through the application, Pyronia combines three access control techniques: system call interposition, call stack inspection, and memory protection domains. This design obviates the need for prior unintuitive or error-prone data flow analysis or application re-architecting, while enforcing the developer's access policy at run time. Our Pyronia prototype implementation for Python runs on a custom Linux kernel, and incurs low performance overhead on completely unmodified Python applications.

READ FULL TEXT

Please sign up or login with your details

Forgot password? Click here to reset

Sign in with Google

×

Use your Google Account to sign in to DeepAI

×

Consider DeepAI Pro