Aerogel: Lightweight Access Control Framework for WebAssembly-Based Bare-Metal IoT Devices

Renju Liu, Mani Srivastava
{"title":"Aerogel: Lightweight Access Control Framework for WebAssembly-Based Bare-Metal IoT Devices","authors":"Renju Liu, Mani Srivastava","doi":"10.1145/3453142.3491282","DOIUrl":null,"url":null,"abstract":"Application latency requirements, privacy, and security concerns have naturally pushed computing onto smartphone and IoT devices in a decentralized manner. In response to these demands, researchers have developed micro-runtimes for WebAssembly (Wasm) on IoT devices to enable streaming applications to a runtime that can run the target binaries that are independent of the device. However, the migration of Wasm and the associated security research has neglected the urgent needs of access control on bare-metal, memory management unit (MMU)-less IoT devices that are sensing and actuating upon the physical environment. This paper presents Aerogel, an access control framework that addresses security gaps between the bare-metal IoT devices and the Wasm execution environment concerning access control for sensors, actuators, processor energy usage, and memory usage. In particular, we treat the runtime as a multi-tenant environment, where each Wasm-based application is a tenant. We leverage the inherent sandboxing mechanisms of Wasm to enforce the access control policies to sensors and actuators without trusting the bare-metal operating system. We evaluate our approach on a representative IoT development board: a cortexM4 based development board (nRF52840). Our results show that Aerogel can effectively enforce compute resource and peripheral access control policies while introducing as little as 0.19% to 1.04% runtime overhead and consuming only 18.8% to 45.9% extra energy.","PeriodicalId":6779,"journal":{"name":"2021 IEEE/ACM Symposium on Edge Computing (SEC)","volume":"13 1","pages":"94-105"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE/ACM Symposium on Edge Computing (SEC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3453142.3491282","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2

Abstract

Application latency requirements, privacy, and security concerns have naturally pushed computing onto smartphone and IoT devices in a decentralized manner. In response to these demands, researchers have developed micro-runtimes for WebAssembly (Wasm) on IoT devices to enable streaming applications to a runtime that can run the target binaries that are independent of the device. However, the migration of Wasm and the associated security research has neglected the urgent needs of access control on bare-metal, memory management unit (MMU)-less IoT devices that are sensing and actuating upon the physical environment. This paper presents Aerogel, an access control framework that addresses security gaps between the bare-metal IoT devices and the Wasm execution environment concerning access control for sensors, actuators, processor energy usage, and memory usage. In particular, we treat the runtime as a multi-tenant environment, where each Wasm-based application is a tenant. We leverage the inherent sandboxing mechanisms of Wasm to enforce the access control policies to sensors and actuators without trusting the bare-metal operating system. We evaluate our approach on a representative IoT development board: a cortexM4 based development board (nRF52840). Our results show that Aerogel can effectively enforce compute resource and peripheral access control policies while introducing as little as 0.19% to 1.04% runtime overhead and consuming only 18.8% to 45.9% extra energy.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
气凝胶:用于基于webassembly的裸金属物联网设备的轻量级访问控制框架
应用程序延迟需求、隐私和安全问题自然将计算以分散的方式推到了智能手机和物联网设备上。为了响应这些需求,研究人员已经为物联网设备上的WebAssembly (Wasm)开发了微运行时,以使流应用程序能够运行独立于设备的目标二进制文件。然而,Wasm的迁移和相关的安全研究忽视了对裸机、内存管理单元(MMU)较少的物联网设备的访问控制的迫切需求,这些设备对物理环境进行感知和驱动。本文介绍了一种名为Aerogel的访问控制框架,该框架解决了裸机物联网设备与Wasm执行环境之间的安全漏洞,涉及传感器、执行器、处理器能耗和内存使用的访问控制。特别是,我们将运行时视为多租户环境,其中每个基于wasm的应用程序都是一个租户。我们利用Wasm固有的沙箱机制对传感器和执行器强制执行访问控制策略,而无需信任裸机操作系统。我们在一个具有代表性的物联网开发板上评估了我们的方法:基于cortex - m4的开发板(nRF52840)。我们的研究结果表明,Aerogel可以有效地执行计算资源和外围设备访问控制策略,同时引入的运行时开销仅为0.19%至1.04%,消耗的额外能量仅为18.8%至45.9%。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
A Data-Driven Optimal Control Decision-Making System for Multiple Autonomous Vehicles The Performance Argument for Blockchain-based Edge DNS Caching LotteryFL: Empower Edge Intelligence with Personalized and Communication-Efficient Federated Learning Collaborative Cloud-Edge-Local Computation Offloading for Multi-Component Applications Poster: Enabling Flexible Edge-assisted XR
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1