Making Access Control Easy in IoT

TL;DR

This paper introduces MUD-Visualizer, an interactive tool that simplifies the validation of IoT device access control rules defined by the MUD standard, making it accessible regardless of user expertise.

Contribution

The paper presents MUD-Visualizer, a novel visualization system that improves usability and accuracy in analyzing complex IoT access control lists for diverse users.

Findings

MUD-Visualizer enhances analysis accuracy across different user expertise levels.

The tool reduces the impact of user knowledge on validation accuracy.

Participants found the visualization system effective and easy to use.

Abstract

Secure installation of Internet of Things (IoT) devices requires configuring access control correctly for each device. In order to enable correct configuration the Manufacturer Usage Description (MUD) has been developed by Internet Engineering Task Force (IETF) to automate the protection of IoT devices by micro-segmentation using dynamic access control lists. The protocol defines a conceptually straightforward method to implement access control upon installation by providing a list of every authorized access for each device. This access control list may contain a few rules or hundreds of rules for each device. As a result, validating these rules is a challenge. In order to make the MUD standard more usable for developers, system integrators, and network operators, we report on an interactive system called MUD-Visualizer that visualizes the files containing these access control rules. We show that, unlike manual analysis, the level of the knowledge and experience does not affect the accuracy of the analysis when MUD-Visualizer is used, indicating that the tool is effective for all participants in our study across knowledge and experience levels.