2019 Pyronia

Reference 1

IoT devices are mostly single-purpose running a dedicated, single application. As a result, vulnerabilities in third party libraries within a process pose a much bigger threat than on traditional platforms.

Pyronia: protects against untrusted third-party code with unmodified source code.

Goals:

  • control how an application may obtain data from files/devices;
  • control how in-memory data is propagated within an application, specifically between lib and app;
  • control to which remote network destinations an application may export data

Design:

function level access rules: developer specifies access rules of which third-party functions can access which private data;

good: developer does not need to reason about third-party code (e.g. to track the data flow);

3 Techniques:

  • system call interposition: control OS resources;
  • stack inspection: indentify all lib functions in the call chain that led to a given system call; Checks the runtiem call stack to determine where to grant access to a requested resource based on the full provenance of the intercepted system call;
  • memory domains: sensitive in memory data; call stack; managed dynamically by page permissions (LLM: IoT usually dont have pages…);

Evaluation:

  • Intel Core i7-3770, 3.4GHz, 1.95 GB of RAM;
  • Ubuntu 18.04 LTS
  • Three IoT Applications:
    • twitterPhoto,
    • alexa,
    • plant_watering (AWS).

==> LLM: not a regular IoT, but a ‘high performance’ IoT device.

  1. Pyronia: Redesigning Least Privilege and Isolation for the Age of IoT. arXiv, 2019. ↩
Created Oct 13, 2019 // Last Updated Dec 19, 2020

If you could revise
the fundmental principles of
computer system design
to improve security...

... what would you change?