HCAP: A History-Based Capability System for IoT Devices
This work addresses security vulnerabilities in IoT systems for users and developers by implementing the Principle of Least Privilege through sequencing constraints, though it is incremental as it builds on existing capability systems.
The paper tackles the problem of enforcing permission sequencing constraints in IoT devices to enhance security by proposing HCAP, a history-based capability system, and demonstrates its effectiveness through formal security guarantees and empirical performance evaluation.
Permissions are highly sensitive in Internet-of-Things (IoT) applications, as IoT devices collect our personal data and control the safety of our environment. Rather than simply granting permissions, further constraints shall be imposed on permission usage so as to realize the Principle of Least Privilege. Since IoT devices are physically embedded, they are often accessed in a particular sequence based on their relative physical positions. Monitoring if such sequencing constraints are honoured when IoT devices are accessed provides a means to fence off malicious accesses. This paper proposes a history-based capability system, HCAP, for enforcing permission sequencing constraints in a distributed authorization environment. We formally establish the security guarantees of HCAP, and empirically evaluate its performance.