Let the Cloud Watch Over Your IoT File Systems

Smart devices produce security-sensitive data and keep them in on-device storage for persistence. The current storage stack on smart devices, however, offers weak security guarantees: not only because the stack depends on a vulnerable commodity OS, but also because smart device deployment is known weak on security measures. To safeguard such data on smart devices, we present a novel storage stack architecture that i) protects file data in a trusted execution environment (TEE); ii) outsources file system logic and metadata out of TEE; iii) running a metadata-only file system replica in the cloud for continuously verifying the on-device file system behaviors. To realize the architecture, we build Overwatch, aTrustZone-based storage stack. Overwatch addresses unique challenges including discerning metadata at fine grains, hiding network delays, and coping with cloud disconnection. On a suite of three real-world applications, Overwatch shows moderate security overheads.

[1]  Samuel T. King,et al.  Using replicated execution for a more secure and reliable web browser , 2012, NDSS.

[2]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[3]  Alec Wolman,et al.  Protecting Data on Smartphones and Tablets from Memory Attacks , 2015, ASPLOS.

[4]  Emery D. Berger,et al.  DieHard: probabilistic memory safety for unsafe languages , 2006, PLDI '06.

[5]  Andy Hopper,et al.  Non-repudiable disk I/O in untrusted kernels , 2017, APSys.

[6]  Yang Wang,et al.  All about Eve: Execute-Verify Replication for Multi-Core Servers , 2012, OSDI.

[7]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[8]  Yubin Xia,et al.  vTZ: Virtualizing ARM TrustZone , 2017, USENIX Security Symposium.

[9]  Alec Wolman,et al.  Using ARM trustzone to build a trusted language runtime for mobile applications , 2014, ASPLOS.

[10]  Bo Cheng,et al.  TrustGyges: A Hidden Volume Solution with Cloud Safe Storage and TEE , 2018, MobiSys.

[11]  Scott A. Mahlke,et al.  Accelerating Mobile Applications through Flip-Flop Replication , 2015, MobiSys.

[12]  Michael Austin Halcrow eCryptfs: An Enterprise-class Encrypted Filesystem for Linux , 2010 .

[13]  Xiaoxin Chen,et al.  Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems , 2008, ASPLOS.

[14]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[15]  David Evans,et al.  N-Variant Systems: A Secretless Framework for Security through Diversity , 2006, USENIX Security Symposium.

[16]  Kyungtae Kim,et al.  OBLIVIATE: A Data Oblivious Filesystem for Intel SGX , 2018, NDSS.

[17]  Emmett Witchel,et al.  Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data , 2016, OSDI.

[18]  Dennis Shasha,et al.  Secure Untrusted Data Repository (SUNDR) , 2004, OSDI.

[19]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[20]  Hovav Shacham,et al.  Iago attacks: why the system call API is a bad untrusted RPC interface , 2013, ASPLOS '13.

[21]  Trent Jaeger,et al.  TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone , 2017, MobiSys.

[22]  Peng Ning,et al.  SKEE: A lightweight Secure Kernel-level Execution Environment for ARM , 2016, NDSS.

[23]  Quan Chen,et al.  Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World , 2014, CCS.

[24]  William R. Schwartz,et al.  A Robust Real-Time Automatic License Plate Recognition Based on the YOLO Detector , 2018, 2018 International Joint Conference on Neural Networks (IJCNN).

[25]  Tom Ridge,et al.  SibylFS: formal specification and oracle-based testing for POSIX and real-world file systems , 2015, SOSP.

[26]  Adam Chlipala,et al.  Using Crash Hoare logic for certifying the FSCQ file system , 2015, USENIX Annual Technical Conference.

[27]  Ion Stoica,et al.  Opaque: An Oblivious and Encrypted Distributed Analytics Platform , 2017, NSDI.

[28]  Zinaida Benenson,et al.  Tampering with Motes: Real-World Physical Attacks on Wireless Sensor Networks , 2006, SPC.

[29]  David M. Eyers,et al.  SCONE: Secure Linux Containers with Intel SGX , 2016, OSDI.

[30]  Matt Blaze,et al.  A cryptographic file system for UNIX , 1993, CCS '93.

[31]  Byung-Gon Chun,et al.  CloneCloud: elastic execution between mobile device and cloud , 2011, EuroSys '11.

[32]  Yong Ho Hwang IoT Security & Privacy: Threats and Challenges , 2015, IoTPTS@AsiaCCS.

[33]  Ning Zhang,et al.  CaSE: Cache-Assisted Secure Execution on ARM Processors , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[34]  Margo I. Seltzer,et al.  Provenance for the Cloud , 2010, FAST.

[35]  Mahadev Satyanarayanan,et al.  Self-tuned remote execution for pervasive computing , 2001, Proceedings Eighth Workshop on Hot Topics in Operating Systems.

[36]  Donald E. Porter,et al.  Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX , 2017, USENIX Annual Technical Conference.

[37]  Feng Qian,et al.  A close examination of performance and power characteristics of 4G LTE networks , 2012, MobiSys '12.

[38]  Kenneth C. Knowlton,et al.  A Combination Hardware-Software Debugging System , 1968, IEEE Transactions on Computers.

[39]  Hovav Shacham,et al.  SiRiUS: Securing Remote Untrusted Storage , 2003, NDSS.

[40]  Stefanos Gritzalis,et al.  Evolution and Trends in IoT Security , 2018, Computer.

[41]  Alec Wolman,et al.  MAUI: making smartphones last longer with code offload , 2010, MobiSys '10.

[42]  Vikram S. Adve,et al.  Virtual ghost: protecting applications from hostile operating systems , 2014, ASPLOS.

[43]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[44]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[45]  Dong Zhou,et al.  Rex: replication at the speed of multi-core , 2014, EuroSys '14.

[46]  Dennis Giese,et al.  Having fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices , 2018 .

[47]  Emmett Witchel,et al.  InkTag: secure applications on an untrusted operating system , 2013, ASPLOS '13.

[48]  David M. Eyers,et al.  Glamdring: Automatic Application Partitioning for Intel SGX , 2017, USENIX Annual Technical Conference.

[49]  Christof Fetzer,et al.  Pesos: policy enhanced secure object store , 2018, EuroSys.

[50]  Andrea C. Arpaci-Dusseau,et al.  SQCK: A Declarative File System Checker , 2008, OSDI.

[51]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[52]  Prabal Dutta,et al.  The Internet of Things Has a Gateway Problem , 2015, HotMobile.

[53]  Jason Flinn,et al.  Knockoff: Cheap Versions in the Cloud , 2017, FAST.

[54]  Trent Jaeger,et al.  Sprobes: Enforcing Kernel Code Integrity on the TrustZone Architecture , 2014, ArXiv.

[55]  Fernando Pedone,et al.  High performance state-machine replication , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN).

[56]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[57]  Angela Demke Brown,et al.  Recon: Verifying file system consistency at runtime , 2012, TOS.

[58]  Miguel Correia,et al.  SCFS: A Shared Cloud-backed File System , 2014, USENIX Annual Technical Conference.

[59]  Karen A. Scarfone,et al.  Computer Security Incident Handling Guide , 2004 .