查看文章

Improvement in the security and availability is important for the success of the Internet of Things (IoT). Given that recent IoT devices are likely to have multiple functionalities and support third-party applications, this goal becomes challenging to achieve. Through an in-depth investigation of existing IoT frameworks, we focused on two inherent security flaws in their design caused by their device-centric approaches: (1) coarse-grained access control and (2) lack of resource isolation. Because of the coarse-grained access control, IoT devices suffer from over-privileged applications. Furthermore, the lack of resource isolation allows the possibility of Denial-of-Service attacks.

In this paper, we propose a functionality-centric approach to manage IoT devices, called FACT, which has two design goals, namely, the principle of least privilege and the availability in terms of device functionalities. FACT isolates each functionality …