Making Access Control Easy in IoT
This addresses usability issues for developers, system integrators, and network operators in configuring IoT security, though it is incremental as it builds on the existing MUD standard.
The researchers tackled the challenge of validating complex access control rules in IoT security by developing MUD-Visualizer, an interactive system that visualizes Manufacturer Usage Description (MUD) files, and showed it improves analysis accuracy regardless of user knowledge or experience levels.
Secure installation of Internet of Things (IoT) devices requires configuring access control correctly for each device. In order to enable correct configuration the Manufacturer Usage Description (MUD) has been developed by Internet Engineering Task Force (IETF) to automate the protection of IoT devices by micro-segmentation using dynamic access control lists. The protocol defines a conceptually straightforward method to implement access control upon installation by providing a list of every authorized access for each device. This access control list may contain a few rules or hundreds of rules for each device. As a result, validating these rules is a challenge. In order to make the MUD standard more usable for developers, system integrators, and network operators, we report on an interactive system called MUD-Visualizer that visualizes the files containing these access control rules. We show that, unlike manual analysis, the level of the knowledge and experience does not affect the accuracy of the analysis when MUD-Visualizer is used, indicating that the tool is effective for all participants in our study across knowledge and experience levels.