More Web Proxy on the site http://driver.im/

research-article

SμV - the security microvisor: a virtualisation-based security middleware for the internet of things

Authors:

Wilfried Daniels,

Nelson Matthys,

Wouter JoosenAuthors Info & Claims

Middleware '17: Proceedings of the 18th ACM/IFIP/USENIX Middleware Conference: Industrial Track

Pages 36 - 42

https://doi.org/10.1145/3154448.3154454

Published: 11 December 2017 Publication History

Abstract

The Internet of Things (IoT) creates value by connecting digital processes to the physical world using embedded sensors, actuators and wireless networks. The IoT is increasingly intertwined with critical industrial processes, yet contemporary IoT devices offer limited security features, creating a large new attack surface and inhibiting the adoption of IoT technologies. Hardware security modules address this problem, however, their use increases the cost of embedded IoT devices. Furthermore, millions of IoT devices are already deployed without hardware security support. This paper addresses this problem by introducing a Security MicroVisor (SμV) middleware, which provides memory isolation and custom security operations using software virtualisation and assembly-level code verification. We showcase SμV by implementing a key security feature: remote attestation. Evaluation shows extremely low overhead in terms of memory, performance and battery lifetime for a representative IoT device.

References

[1]

Atmel. 2009. AVR ATmega 1284p 8-bit microcontroller. http://www.atmel.com/images/doc8059.pdf. (2009). [Online; accessed 13-February-2017].

[2]

Ray Beaulieu, Douglas Shors, Jason Smith, Stefan Treatman-Clark, Bryan Weeks, and Louis Wingers. 2015. The SIMON and SPECK lightweight block ciphers. In Proceedings of the 52nd Annual Design Automation Conference. ACM Press, New York, New York, USA, 1--6.

Digital Library

[3]

Ferdinand Brasser, Brahim El Mahjoub, Ahmad-Reza Sadeghi, Christian Wachsmann, and Patrick Koeberl. 2015. TyTAN: Tiny trust anchor for tiny devices. In Proceedings of the 52nd Annual Design Automation Conference. ACM, New York, New York, USA, 6.

Digital Library

[4]

Claude Castelluccia, Aurélien Francillon, Daniele Perito, and Claudio Soriente. 2009. On the difficulty of software-based attestation of embedded devices. In Proceedings of the 16th ACM conference on Computer and communications security. ACM Press, New York, New York, USA, 400--409.

Digital Library

[5]

Karim Eldefrawy, Gene Tsudik, Aurélien Francillon, and Daniele Perito. 2012. SMART: Secure and Minimal Architecture for (Establishing Dynamic) Root of Trust. In 19th Annual Network and Distributed System Security Symposium (NDSS). The Internet Society.

[6]

Aurélien Francillon, Quan Nguyen, Kasper B Rasmussen, and Gene Tsudik. 2014. A Minimalist Approach to Remote Attestation. In Proceedings of the Conference on Design, Automation & Test in Europe. European Design and Automation Association, 3001 Leuven, Belgium, 6.

[7]

Google. 2017. Announcing the first SHA1 collision. https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html. (2017). [Online; accessed 19-May-2017].

[8]

Danny Hughes, Eduardo Canete, Wilfried Daniels, R Gowri Sankar, James Meneghello, Nelson Matthys, Jef Maerien, Sam Michiels, Christophe Huygens, Wouter Joosen, Maarten Wijnants, Wim Lamotte, Erik Hulsmans, Bart Lannoo, and Ingrid Moerman. 2013. Energy aware software evolution for Wireless Sensor Networks. In IEEE 14th International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM). IEEE, 1--9.

[9]

Qi Jing, Athanasios V. Vasilakos, Jiafu Wan, Jingwei Lu, and Dechao Qiu. 2014. Security of the Internet of Things: perspectives and challenges. Wireless Networks 20, 8 (01 Nov 2014), 2481--2501.

Digital Library

[10]

Julian Skidmore. 2014. BootJacker: The Amazing AVR Boot-loader Hack! http://oneweekwonder.blogspot.be/2014/07/bootjacker-amazing-avr-bootloader-hack.html. (2014). [Online; accessed 10-August-2017].

[11]

Ram Kumar, Eddie Kohler, and Mani Srivastava. 2007. Harbor: Software-based Memory Protection For Sensor Nodes. In International Symposium on Information Processing in Sensor Networks (IPSN). IEEE, 340--349.

Digital Library

[12]

Yanlin Li, Jonathan M. McCune, and Adrian Perrig. 2010. SBAP: Software-Based Attestation for Peripherals. In Proceedings of the 3rd International Conference on Trust and Trustworthy Computing. Springer-Verlag, Berlin, Heidelberg, 16--29.

[13]

Yanlin Li, Jonathan M McCune, and Adrian Perrig. 2011. VIPER: Verifying the Integrity of Peripherals' Firmware. In Proceedings of the 18th ACM conference on Computer and communications security. ACM Press, New York, New York, USA, 3--16.

Digital Library

[14]

Arvind Seshadri, Mark Luk, and Adrian Perrig. 2008. SAKE: Software Attestation for Key Establishment in Sensor Networks. In Distributed Computing in Sensor Systems. Springer Berlin Heidelberg, Berlin, Heidelberg, 372--385.

[15]

Arvind Seshadri, Mark Luk, Elaine Shi, Adrian Perrig, Leendert van Doorn, and Pradeep Khosla. 2005. Pioneer: : Verifying Code Integrity and Enforcing Untampered Code Execution on Legacy Systems. ACM SIGOPS Operating Systems Review 39, 5 (oct 2005), 1--16.

Digital Library

[16]

Umesh Shankar, Monica Chew, and J. D. Tygar. 2004. Side Effects Are Not Sufficient to Authenticate Software. In Proceedings of the 13th USENIX Conference on Security, Vol. 13. USENIX Association, Berkeley, CA, USA, 89--101.

[17]

Robert Wahbe, Steven Lucco, Thomas E Anderson, and Susan L Graham. 1993. Efficient software-based fault isolation. ACM SIGOPS Operating Systems Review 27, 5 (dec 1993), 203--216.

Digital Library

[18]

Fan Yang, Nelson Matthys, Rafael Bachiller, Sam Michiels, Wouter Joosen, and Danny Hughes. 2015. μPnP: Plug and Play Peripherals for the Internet of Things. In Proceedings of the 10th European Conference on Computer Systems (EuroSys). ACM Press, New York, New York, USA, 1--14.

Digital Library

Cited By

Park JPark S(2025)TM-Chain: TCB Measurement Management Using Cloud Blockchain for IoT DevicesIEEE Access10.1109/ACCESS.2025.352580713(8941-8950)Online publication date: 2025
https://doi.org/10.1109/ACCESS.2025.3525807
Shur DDi Crescenzo GChen TPatni ZLin YAlexander SFlin BLevonas R(2024)Energy-efficient Hardening of the SEDIMENT Methodology for Scalable IoT Network Security2024 IEEE International Conference on Cyber Security and Resilience (CSR)10.1109/CSR61664.2024.10679493(235-240)Online publication date: 2-Sep-2024
https://doi.org/10.1109/CSR61664.2024.10679493
Ahmadi SDongol BGriffin M(2024)Operationally proving memory access violations in Isabelle/HOLScience of Computer Programming10.1016/j.scico.2024.103088234:COnline publication date: 1-May-2024
https://dl.acm.org/doi/10.1016/j.scico.2024.103088
Show More Cited By

Recommendations

Internet of Things security

The Internet of things (IoT) has recently become an important research topic because it integrates various sensors and objects to communicate directly with one another without human intervention. The requirements for the large-scale deployment of the IoT ...
Cyberentity Security in the Internet of Things

A proposed Internet of Things system architecture offers a solution to the broad array of challenges researchers face in terms of general system security, network security, and application security.
Security threats and countermeasures on the internet of things

Internet of things (IoT) refers to intelligent technologies and services that connect all objects based on the internet to communicate information between people and things, things and systems. However, these IoT-based devices are exposed to many security ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

Middleware '17: Proceedings of the 18th ACM/IFIP/USENIX Middleware Conference: Industrial Track

December 2017

55 pages

ISBN:9781450352000

DOI:10.1145/3154448

Program Chairs:
Xiaoyun Zhu
HyperPilot
,
Indrajit Roy
Google

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

ACM: Association for Computing Machinery

In-Cooperation

USENIX Assoc: USENIX Assoc
IFIP

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 December 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Agentschap voor Innovatie door Wetenschap en Technologie

Conference

Middleware '17

Sponsor:

ACM

Middleware '17: 18th International Middleware Conference

December 11 - 15, 2017

Nevada, Las Vegas

Acceptance Rates

Middleware '17 Paper Acceptance Rate 7 of 20 submissions, 35%;

Overall Acceptance Rate 203 of 948 submissions, 21%

Upcoming Conference

MIDDLEWARE '25

26th International Middleware Conference

December 15 - 19, 2025

Nashville , TN , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

20
Total Citations
View Citations
445
Total Downloads

Downloads (Last 12 months)17
Downloads (Last 6 weeks)3

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Park JPark S(2025)TM-Chain: TCB Measurement Management Using Cloud Blockchain for IoT DevicesIEEE Access10.1109/ACCESS.2025.352580713(8941-8950)Online publication date: 2025
https://doi.org/10.1109/ACCESS.2025.3525807
Shur DDi Crescenzo GChen TPatni ZLin YAlexander SFlin BLevonas R(2024)Energy-efficient Hardening of the SEDIMENT Methodology for Scalable IoT Network Security2024 IEEE International Conference on Cyber Security and Resilience (CSR)10.1109/CSR61664.2024.10679493(235-240)Online publication date: 2-Sep-2024
https://doi.org/10.1109/CSR61664.2024.10679493
Ahmadi SDongol BGriffin M(2024)Operationally proving memory access violations in Isabelle/HOLScience of Computer Programming10.1016/j.scico.2024.103088234:COnline publication date: 1-May-2024
https://dl.acm.org/doi/10.1016/j.scico.2024.103088
Van Eyck TTrimech HMichiels SHughes DSalehi MJanjuaa HTa T(2023)Mr-TEEProceedings of the 24th International Middleware Conference: Industrial Track10.1145/3626562.3626831(22-28)Online publication date: 11-Dec-2023
https://dl.acm.org/doi/10.1145/3626562.3626831
Le-Papin JDongol BTreharne HWesemeyer SBoureanu ISchneider SReaves BTippenhauer N(2023)Verifying List Swarm Attestation ProtocolsProceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3558482.3581778(163-174)Online publication date: 29-May-2023
https://dl.acm.org/doi/10.1145/3558482.3581778
R MR BKrishnakumar P(2023)Preserving Patient Privacy in IoT Based Breast Cancer Monitoring System2023 2nd International Conference on Edge Computing and Applications (ICECAA)10.1109/ICECAA58104.2023.10212114(1370-1374)Online publication date: 19-Jul-2023
https://doi.org/10.1109/ICECAA58104.2023.10212114
Makhdoom IAbolhasan MFranklin DLipman JZimmermann CPiccardi MShariati N(2023)Detecting compromised IoT devicesComputers and Security10.1016/j.cose.2023.103384132:COnline publication date: 1-Sep-2023
https://dl.acm.org/doi/10.1016/j.cose.2023.103384
Ahmadi SDongol BGriffin MArtho CÖlveczky P(2022)Proving Memory Access Violations in Isabelle/HOLProceedings of the 8th ACM SIGPLAN International Workshop on Formal Techniques for Safety-Critical Systems10.1145/3563822.3568010(45-55)Online publication date: 29-Nov-2022
https://dl.acm.org/doi/10.1145/3563822.3568010
Shur DDi Crescenzo GZhang QChen TKrishnan RLin YPatni ZAlexander STsudik G(2022)SEDIMENT: An IoT-device-centric Methodology for Scalable 5G Network Security2022 IEEE Wireless Communications and Networking Conference (WCNC)10.1109/WCNC51071.2022.9771654(49-54)Online publication date: 10-Apr-2022
https://doi.org/10.1109/WCNC51071.2022.9771654
Ma SWang YLei LNiu YShi HWang J(2022)Booting IoT Terminal Device Securely with eMMC2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom56396.2022.00012(1-8)Online publication date: Dec-2022
https://doi.org/10.1109/TrustCom56396.2022.00012
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten