Visible to the public LUCON: Data Flow Control for Message-Based IoT Systems

TitleLUCON: Data Flow Control for Message-Based IoT Systems
Publication TypeConference Paper
Year of Publication2018
AuthorsSchuette, J., Brost, G. S.
Conference Name2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)
Date Publishedaug
ISBN Number978-1-5386-4388-4
KeywordsAccess Control, authorisation, composability, computer network security, data flow control, data flows, data privacy, data-centric security policy framework, Distributed Systems, Industrial Internet of Things, Information Flow Control, information leaks, Internet of Things, IoT applications, LUCON policies, message routes, message-based IoT systems, Metrics, middleware, personal information, policy enforcement, private data, process control, pubcrawl, real-world IoT middleware, Runtime, Semantics, Sensors, taint analysis, Temperature measurement, usage control, usage control mechanisms

Today's emerging Industrial Internet of Things (IIoT) scenarios are characterized by the exchange of data between services across enterprises. Traditional access and usage control mechanisms are only able to determine if data may be used by a subject, but lack an understanding of how it may be used. The ability to control the way how data is processed is however crucial for enterprises to guarantee (and provide evidence of) compliant processing of critical data, as well as for users who need to control if their private data may be analyzed or linked with additional information - a major concern in IoT applications processing personal information. In this paper, we introduce LUCON, a data-centric security policy framework for distributed systems that considers data flows by controlling how messages may be routed across services and how they are combined and processed. LUCON policies prevent information leaks, bind data usage to obligations, and enforce data flows across services. Policy enforcement is based on a dynamic taint analysis at runtime and an upfront static verification of message routes against policies. We discuss the semantics of these two complementing enforcement models and illustrate how LUCON policies are compiled from a simple policy language into a first-order logic representation. We demonstrate the practical application of LUCON in a real-world IoT middleware and discuss its integration into Apache Camel. Finally, we evaluate the runtime impact of LUCON and discuss performance and scalability aspects.

Citation Keyschuette_lucon:_2018