Advanced System Resiliency Based on Virtualization Techniques for IoT Devices

Röckl J, Protsenko M, Huber M, Müller T, Freiling F (2021)

Publication Type: Conference contribution, Original article

Publication year: 2021

Original Authors: Jonas Röckl, Mykolai Protsenko, Monika Huber, Tilo Müller, Felix C. Freiling

Event location: Virtual Event US

DOI: 10.1145/3485832.3485836

Abstract

An increasing number of powerful devices are equipped with network connectivity and are connected to the Internet of Things (IoT). Influenced by the steady growth of computing power of the devices, the paradigm of IoT-based service deployment is expected to change, following the example of cloud-based infrastructure: An embedded platform can be provided as-a-service to several independent application service suppliers. This fosters additional challenges concerning security and isolation. At the same time, recently revealed critical vulnerabilities like Ripple20 and Amnesia:33 show that embedded devices are not spared from wide-spread attacks.

In this paper, we define new trusted computing concepts, focusing on privilege separation among several entities sharing one physical device. The concepts guarantee remote recovery capabilities within a bounded amount of time, even if notable portions of the software stack have been compromised. We derive a resilient system architecture suitable for the secure operation of multiple isolated services on one embedded device. We integrate an interface for detecting intrusions and anomalies to enable the automatic recovery of compromised devices and prototype our system on a Nitrogen8M development board. Our evaluation shows that the overhead in terms of network throughput and CPU performance is low so that we believe that our concept is a meaningful step towards more resilient future IoT devices.

Authors with CRIS profile

Jonas Röckl Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) Tilo Müller Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) Felix Freiling Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)

Involved external institutions

Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC DE Germany (DE)

How to cite

APA:

Röckl, J., Protsenko, M., Huber, M., Müller, T., & Freiling, F. (2021). Advanced System Resiliency Based on Virtualization Techniques for IoT Devices. In Proceedings of the ACSAC: Annual Computer Security Applications Conference. Virtual Event, US.

MLA:

Röckl, Jonas, et al. "Advanced System Resiliency Based on Virtualization Techniques for IoT Devices." Proceedings of the ACSAC: Annual Computer Security Applications Conference, Virtual Event 2021.

BibTeX: Download