TY - GEN
T1 - Virtual-Device-Based Policy Enforcement in Multi-Admin Smart Environments
AU - Fang, Yunping
AU - Fu, Chenglong
AU - Du, Xiaojiang
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - The Matter standard, formerly known as Connected Home over IP, has emerged as the preferred choice for most smart home IoT vendors and service providers for the next-generation smart home IoT systems. It enhances interoperability across different smart home ecosystems and introduces the multi-admin feature, allowing a device to be commissioned and managed by multiple platforms simultaneously. While this standard offers considerable convenience, it also presents challenges for security policy enforcement. Policy enforcement has been highlighted in various studies as a crucial countermeasure against smart home IoT system vulnerabilities. Existing smart home policy enforcement methods, designed for individual IoT admin platforms, operate under the assumption of having a global view and control over all IoT devices in a smart home. This assumption, however, is untenable in a multi-admin environment, where an admin may only have partial device access or a partial view. In this work, we thoroughly analyze these challenges in a multi-admin setting and propose the first cross-admin policy enforcement solution. Our solution can parse complex policies into deployable sub-policies for each admin, and create virtual device instances and virtual automation rules to interconnect various admins. We test our solution on a real-world testbed involving 12 IoT devices and three popular Matter-enabled IoT platforms. Our results show that our solution can enforce cross-admin policies with a 100% success rate and a very small delay.
AB - The Matter standard, formerly known as Connected Home over IP, has emerged as the preferred choice for most smart home IoT vendors and service providers for the next-generation smart home IoT systems. It enhances interoperability across different smart home ecosystems and introduces the multi-admin feature, allowing a device to be commissioned and managed by multiple platforms simultaneously. While this standard offers considerable convenience, it also presents challenges for security policy enforcement. Policy enforcement has been highlighted in various studies as a crucial countermeasure against smart home IoT system vulnerabilities. Existing smart home policy enforcement methods, designed for individual IoT admin platforms, operate under the assumption of having a global view and control over all IoT devices in a smart home. This assumption, however, is untenable in a multi-admin environment, where an admin may only have partial device access or a partial view. In this work, we thoroughly analyze these challenges in a multi-admin setting and propose the first cross-admin policy enforcement solution. Our solution can parse complex policies into deployable sub-policies for each admin, and create virtual device instances and virtual automation rules to interconnect various admins. We test our solution on a real-world testbed involving 12 IoT devices and three popular Matter-enabled IoT platforms. Our results show that our solution can enforce cross-admin policies with a 100% success rate and a very small delay.
KW - IoT
KW - Matter
KW - Policy Enforcement
KW - Security
KW - Smart Home
UR - http://www.scopus.com/inward/record.url?scp=85191258118&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85191258118&partnerID=8YFLogxK
U2 - 10.1109/CloudNet59005.2023.10490072
DO - 10.1109/CloudNet59005.2023.10490072
M3 - Conference contribution
AN - SCOPUS:85191258118
T3 - 2023 IEEE 12th International Conference on Cloud Networking, CloudNet 2023
SP - 343
EP - 351
BT - 2023 IEEE 12th International Conference on Cloud Networking, CloudNet 2023
T2 - 12th IEEE International Conference on Cloud Networking, CloudNet 2023
Y2 - 1 November 2023 through 3 November 2023
ER -