Embedded Policing and Policy Enforcement Approach for Future Secure IoT Technologies

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Citations (Scopus)
300 Downloads (Pure)

Abstract

The Internet of Things (IoT) holds great potential for productivity, quality control, supply chain efficiencies and overall business operations. However, with this broader connectivity, new vulnerabilities and attack vectors are being introduced, increasing opportunities for systems to be compromised by hackers and targeted attacks. These vulnerabilities pose severe threats to a myriad of IoT applications within areas such as manufacturing, healthcare, power and energy grids, transportation and commercial building management. While embedded OEMs offer technologies, such as hardware Trusted Platform Module (TPM), that deploy strong chain-of-trust and authentication mechanisms, still they struggle to protect against vulnerabilities introduced by vendors and end users, as well as additional threats posed by potential technical vulnerabilities and zero-day attacks. This paper proposes a pro-active policy-based approach, enforcing the principle of least privilege, through hardware Security Policy Engine (SPE) that actively monitors communication of applications and system resources on the system communication bus (ARM AMBA-AXI4). Upon detecting a policy violation, for example, a malicious application accessing protected storage, it counteracts with predefined mitigations to limit the attack. The proposed SPE approach widely complements existing embedded hardware and software security technologies, targeting the mitigation of risks imposed by unknown vulnerabilities of embedded applications and protocols.
Original languageEnglish
Title of host publicationLiving in the Internet of Things: Cybersecurity of the IoT - 2018: Proceedings
PublisherIET
Pages10 (10 pp.)-10 (10 pp.)
Number of pages10
ISBN (Electronic)978-1-78561-843-7
ISBN (Print)978-1-78561-843-7
DOIs
Publication statusPublished - 14 Mar 2018
EventIET Conference on Living in Internet of Things - Savoy Place, London, United Kingdom
Duration: 28 Mar 201829 Mar 2018

Publication series

NameLiving in the Internet of Things: Cybersecurity of the IoT - 2018

Conference

ConferenceIET Conference on Living in Internet of Things
CountryUnited Kingdom
CityLondon
Period28/03/201829/03/2018

Fingerprint

Engines
Hardware
Communication
Authentication
Supply chains
Quality control
Productivity
Network protocols
Internet of things
Industry
Hardware security

Keywords

  • FPGA
  • MPSoC
  • ARM TrustZone
  • Root-of-trust
  • IoT

Cite this

Siddiqui, F. M., Hagan, M., & Sezer, S. (2018). Embedded Policing and Policy Enforcement Approach for Future Secure IoT Technologies. In Living in the Internet of Things: Cybersecurity of the IoT - 2018: Proceedings (pp. 10 (10 pp.)-10 (10 pp.)). (Living in the Internet of Things: Cybersecurity of the IoT - 2018). IET. https://doi.org/10.1049/cp.2018.0010, https://doi.org/10.1049/cp.2018.0010
Siddiqui, Fahad Manzoor ; Hagan, Matthew ; Sezer, Sakir. / Embedded Policing and Policy Enforcement Approach for Future Secure IoT Technologies. Living in the Internet of Things: Cybersecurity of the IoT - 2018: Proceedings. IET, 2018. pp. 10 (10 pp.)-10 (10 pp.) (Living in the Internet of Things: Cybersecurity of the IoT - 2018).
@inproceedings{6112694c809a4b0f8c7ae0a2a0e5973a,
title = "Embedded Policing and Policy Enforcement Approach for Future Secure IoT Technologies",
abstract = "The Internet of Things (IoT) holds great potential for productivity, quality control, supply chain efficiencies and overall business operations. However, with this broader connectivity, new vulnerabilities and attack vectors are being introduced, increasing opportunities for systems to be compromised by hackers and targeted attacks. These vulnerabilities pose severe threats to a myriad of IoT applications within areas such as manufacturing, healthcare, power and energy grids, transportation and commercial building management. While embedded OEMs offer technologies, such as hardware Trusted Platform Module (TPM), that deploy strong chain-of-trust and authentication mechanisms, still they struggle to protect against vulnerabilities introduced by vendors and end users, as well as additional threats posed by potential technical vulnerabilities and zero-day attacks. This paper proposes a pro-active policy-based approach, enforcing the principle of least privilege, through hardware Security Policy Engine (SPE) that actively monitors communication of applications and system resources on the system communication bus (ARM AMBA-AXI4). Upon detecting a policy violation, for example, a malicious application accessing protected storage, it counteracts with predefined mitigations to limit the attack. The proposed SPE approach widely complements existing embedded hardware and software security technologies, targeting the mitigation of risks imposed by unknown vulnerabilities of embedded applications and protocols.",
keywords = "FPGA, MPSoC, ARM TrustZone, Root-of-trust, IoT",
author = "Siddiqui, {Fahad Manzoor} and Matthew Hagan and Sakir Sezer",
year = "2018",
month = "3",
day = "14",
doi = "10.1049/cp.2018.0010",
language = "English",
isbn = "978-1-78561-843-7",
series = "Living in the Internet of Things: Cybersecurity of the IoT - 2018",
publisher = "IET",
pages = "10 (10 pp.)--10 (10 pp.)",
booktitle = "Living in the Internet of Things: Cybersecurity of the IoT - 2018: Proceedings",

}

Siddiqui, FM, Hagan, M & Sezer, S 2018, Embedded Policing and Policy Enforcement Approach for Future Secure IoT Technologies. in Living in the Internet of Things: Cybersecurity of the IoT - 2018: Proceedings. Living in the Internet of Things: Cybersecurity of the IoT - 2018, IET, pp. 10 (10 pp.)-10 (10 pp.), IET Conference on Living in Internet of Things, London, United Kingdom, 28/03/2018. https://doi.org/10.1049/cp.2018.0010, https://doi.org/10.1049/cp.2018.0010

Embedded Policing and Policy Enforcement Approach for Future Secure IoT Technologies. / Siddiqui, Fahad Manzoor; Hagan, Matthew; Sezer, Sakir.

Living in the Internet of Things: Cybersecurity of the IoT - 2018: Proceedings. IET, 2018. p. 10 (10 pp.)-10 (10 pp.) (Living in the Internet of Things: Cybersecurity of the IoT - 2018).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Embedded Policing and Policy Enforcement Approach for Future Secure IoT Technologies

AU - Siddiqui, Fahad Manzoor

AU - Hagan, Matthew

AU - Sezer, Sakir

PY - 2018/3/14

Y1 - 2018/3/14

N2 - The Internet of Things (IoT) holds great potential for productivity, quality control, supply chain efficiencies and overall business operations. However, with this broader connectivity, new vulnerabilities and attack vectors are being introduced, increasing opportunities for systems to be compromised by hackers and targeted attacks. These vulnerabilities pose severe threats to a myriad of IoT applications within areas such as manufacturing, healthcare, power and energy grids, transportation and commercial building management. While embedded OEMs offer technologies, such as hardware Trusted Platform Module (TPM), that deploy strong chain-of-trust and authentication mechanisms, still they struggle to protect against vulnerabilities introduced by vendors and end users, as well as additional threats posed by potential technical vulnerabilities and zero-day attacks. This paper proposes a pro-active policy-based approach, enforcing the principle of least privilege, through hardware Security Policy Engine (SPE) that actively monitors communication of applications and system resources on the system communication bus (ARM AMBA-AXI4). Upon detecting a policy violation, for example, a malicious application accessing protected storage, it counteracts with predefined mitigations to limit the attack. The proposed SPE approach widely complements existing embedded hardware and software security technologies, targeting the mitigation of risks imposed by unknown vulnerabilities of embedded applications and protocols.

AB - The Internet of Things (IoT) holds great potential for productivity, quality control, supply chain efficiencies and overall business operations. However, with this broader connectivity, new vulnerabilities and attack vectors are being introduced, increasing opportunities for systems to be compromised by hackers and targeted attacks. These vulnerabilities pose severe threats to a myriad of IoT applications within areas such as manufacturing, healthcare, power and energy grids, transportation and commercial building management. While embedded OEMs offer technologies, such as hardware Trusted Platform Module (TPM), that deploy strong chain-of-trust and authentication mechanisms, still they struggle to protect against vulnerabilities introduced by vendors and end users, as well as additional threats posed by potential technical vulnerabilities and zero-day attacks. This paper proposes a pro-active policy-based approach, enforcing the principle of least privilege, through hardware Security Policy Engine (SPE) that actively monitors communication of applications and system resources on the system communication bus (ARM AMBA-AXI4). Upon detecting a policy violation, for example, a malicious application accessing protected storage, it counteracts with predefined mitigations to limit the attack. The proposed SPE approach widely complements existing embedded hardware and software security technologies, targeting the mitigation of risks imposed by unknown vulnerabilities of embedded applications and protocols.

KW - FPGA

KW - MPSoC

KW - ARM TrustZone

KW - Root-of-trust

KW - IoT

UR - http://digital-library.theiet.org/content/conferences/10.1049/cp.2018.0010

UR - http://www.mendeley.com/research/embedded-policing-policy-enforcement-approach-future-secure-iot-technologies

U2 - 10.1049/cp.2018.0010

DO - 10.1049/cp.2018.0010

M3 - Conference contribution

C2 - 19534825

SN - 978-1-78561-843-7

T3 - Living in the Internet of Things: Cybersecurity of the IoT - 2018

SP - 10 (10 pp.)-10 (10 pp.)

BT - Living in the Internet of Things: Cybersecurity of the IoT - 2018: Proceedings

PB - IET

ER -

Siddiqui FM, Hagan M, Sezer S. Embedded Policing and Policy Enforcement Approach for Future Secure IoT Technologies. In Living in the Internet of Things: Cybersecurity of the IoT - 2018: Proceedings. IET. 2018. p. 10 (10 pp.)-10 (10 pp.). (Living in the Internet of Things: Cybersecurity of the IoT - 2018). https://doi.org/10.1049/cp.2018.0010, https://doi.org/10.1049/cp.2018.0010