On the Analysis of MUD-Files' Interactions, Conflicts, and Configuration Requirements Before Deployment

TL;DR

This paper introduces MUD-Visualizer, a tool that visualizes, merges, and detects conflicts in MUD-Files for IoT devices, aiding developers in creating correct access control configurations.

Contribution

The paper presents MUD-Visualizer, a scalable visualization tool that simplifies validation, integration, and conflict detection of MUD-Files for multiple IoT devices.

Findings

MUD-Visualizer effectively visualizes multiple MUD-Files.

It identifies conflicts and inconsistencies in access control rules.

The tool supports format correction and integration of MUD-Files.

Abstract

Manufacturer Usage Description (MUD) is an Internet Engineering Task Force (IETF) standard designed to protect IoT devices and networks by creating an out-of-the-box access control list for an IoT device. %The protocol defines a conceptually straightforward method to implement an isolation-based defensive mechanism based on the rules that are introduced by the manufacturer of the device. However, in practice, the access control list of each device is defined in its MUD-File and may contain possibly hundreds of access control rules. As a result, reading and validating these files is a challenge; and determining how multiple IoT devices interact is difficult for the developer and infeasible for the consumer. To address this we introduce the MUD-Visualizer to provide a visualization of any number of MUD-Files. MUD-Visualizer is designed to enable developers to produce correct MUD-Files by providing format correction, integrating them with other MUD-Files, and identifying conflicts through visualization. MUD-Visualizer is scalable and its core task is to merge and illustrate ACEs for multiple devices; both within and beyond the local area network. MUD-Visualizer is made publicly available and can be found on GitHub.