On the Analysis of MUD-Files' Interactions, Conflicts, and Configuration Requirements Before Deployment
This addresses a practical problem for IoT developers and consumers by simplifying the management of security configurations, though it is incremental as it builds on the existing MUD standard.
The paper tackles the challenge of reading and validating complex Manufacturer Usage Description (MUD) files for IoT device security by introducing MUD-Visualizer, a tool that visualizes and merges access control rules to help developers identify conflicts and produce correct configurations, with the tool being publicly available on GitHub.
Manufacturer Usage Description (MUD) is an Internet Engineering Task Force (IETF) standard designed to protect IoT devices and networks by creating an out-of-the-box access control list for an IoT device. %The protocol defines a conceptually straightforward method to implement an isolation-based defensive mechanism based on the rules that are introduced by the manufacturer of the device. However, in practice, the access control list of each device is defined in its MUD-File and may contain possibly hundreds of access control rules. As a result, reading and validating these files is a challenge; and determining how multiple IoT devices interact is difficult for the developer and infeasible for the consumer. To address this we introduce the MUD-Visualizer to provide a visualization of any number of MUD-Files. MUD-Visualizer is designed to enable developers to produce correct MUD-Files by providing format correction, integrating them with other MUD-Files, and identifying conflicts through visualization. MUD-Visualizer is scalable and its core task is to merge and illustrate ACEs for multiple devices; both within and beyond the local area network. MUD-Visualizer is made publicly available and can be found on GitHub.