TeeFilter: High-Assurance Network Filtering Engine for High-End IoT and Edge Devices based on TEEs

Röckl J, Bernsdorf N, Müller T (2024)

Publication Language: English

Publication Type: Conference contribution

Publication year: 2024

Original Authors: Jonas Röckl, Nils Bernsdorf, Tilo Müller

Publisher: Association for Computing Machinery

City/Town: New York, NY

Pages Range: 1568-1583

Conference Proceedings Title: Proceedings of the 19th ACM Asia Conference on Computer and Communications Security

Event location: Singapore SG

ISBN: 979-8-4007-0482-6

DOI: 10.1145/3634737.3637643

Abstract

Large botnets like Mirai, with 600,000 infected devices, prove that cyber criminals have recognized the potential of attacks against the fast-growing Internet of Things. Moreover, recent critical vulnerabilities like Ripple20 and Amnesia:33 show that taking over a remote system via the network is a real threat. Alarmingly, modern strains of malware rely on exploiting such vulnerabilities to spread, with an increasing tendency. Hence, effective techniques to mitigate the consequences of modern IoT malware are necessary.
To that end, we propose TeeFilter, a novel network filtering engine that allows manufacturers and operators of IoT devices to restrict the network traffic of their devices. By selectively executing parts of the network stack in a Trusted Execution Environment, TeeFilter remains untampered even if the operating system is compromised. The operators can specify filtering rules in an LLVM-compatible programming language and compile them into eBPF code. Subsequently, TeeFilter can load and enforce the rules.
We formally verify the majority of TeeFilter for correctness and memory safety to eradicate whole classes of vulnerabilities and prototype our system on real hardware to show that the network overhead is negligible. Therefore, we believe that our system is an impactful step to enhance the resiliency of future IoT infrastructure.

Authors with CRIS profile

Jonas Röckl Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) Tilo Müller

Involved external institutions

Hochschule für Angewandte Wissenschaften Hof DE Germany (DE)

How to cite

APA:

Röckl, J., Bernsdorf, N., & Müller, T. (2024). TeeFilter: High-Assurance Network Filtering Engine for High-End IoT and Edge Devices based on TEEs. In Proceedings of the 19th ACM Asia Conference on Computer and Communications Security (pp. 1568-1583). Singapore, SG: New York, NY: Association for Computing Machinery.

MLA:

Röckl, Jonas, Nils Bernsdorf, and Tilo Müller. "TeeFilter: High-Assurance Network Filtering Engine for High-End IoT and Edge Devices based on TEEs." Proceedings of the ACM AsiaCCS 2024: 19th ACM Asia Conference on Computer and Communications Security, Singapore New York, NY: Association for Computing Machinery, 2024. 1568-1583.

BibTeX: Download