Brokering Policies and Execution Monitors for IoT Middleware

TL;DR

This paper enhances IoT middleware with brokering policies and execution monitors to improve security, control, and robustness against malicious disconnections and compromised devices in cloud-based systems.

Contribution

It extends the modular event-based architecture with formalized protection schemes, implementing and evaluating them in an open-source MQTT broker.

Findings

Protection schemes enforce information flow control and protection domains.

Implementation in MQTT broker demonstrates practical feasibility.

Performance impact of security mechanisms is evaluated.

Abstract

Event-based systems lie at the heart of many cloud-based Internet-of-Things (IoT) platforms. This combination of the Broker architectural style and the Publisher-Subscriber design pattern provides a way for smart devices to communicate and coordinate with one another. The present design of these cloud-based IoT frameworks lacks measures to (i) protect devices against malicious cloud disconnections, (ii) impose information flow control among communicating parties, and (iii) enforce coordination protocols in the presence of compromised devices. In this work, we propose to extend the modular event-based system architecture of Fiege et al., to incorporate brokering policies and execution monitors, in order to address the three protection challenges mentioned above. We formalized the operational semantics of our protection scheme, explored how the scheme can be used to enforce BLP-style information flow control and RBAC-style protection domains, implemented the proposal in an open-source MQTT broker, and evaluated the performance impact of the protection mechanisms.