Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

LUCON: Data Flow Control for Message-Based IoT Systems

: Schütte, J.; Brost, G.S.


Institute of Electrical and Electronics Engineers -IEEE-:
17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2018. 12th IEEE International Conference on Big Data Science and Engineering, BigDataSE 2018. Proceedings : 31 July - 3 August 2018, New York, New York
Piscataway, NJ: IEEE, 2018
ISBN: 978-1-5386-4388-4
ISBN: 978-1-5386-4387-7
ISBN: 978-1-5386-4389-1
International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) <17, 2018, New York/NY>
International Conference on Big Data Science and Engineering (BigDataSE) <12, 2018, New York/NY>
International Symposium on Security, Privacy and Trust in Internet of Things (SPTIoT) <2, 2018, New York/NY>
Fraunhofer AISEC ()

Today's emerging Industrial Internet of Things (IIoT) scenarios are characterized by the exchange of data between services across enterprises. Traditional access and usage control mechanisms are only able to determine if data may be used by a subject, but lack an understanding of how it may be used. The ability to control the way how data is processed is however crucial for enterprises to guarantee (and provide evidence of) compliant processing of critical data, as well as for users who need to control if their private data may be analyzed or linked with additional information - a major concern in IoT applications processing personal information. In this paper, we introduce LUCON, a data-centric security policy framework for distributed systems that considers data flows by controlling how messages may be routed across services and how they are combined and processed. LUCON policies prevent information leaks, bind data usage to obligations, and enforce data flows across services. Policy enforcement is based on a dynamic taint analysis at runtime and an upfront static verification of message routes against policies. We discuss the semantics of these two complementing enforcement models and illustrate how LUCON policies are compiled from a simple policy language into a first-order logic representation. We demonstrate the practical application of LUCON in a real-world IoT middleware and discuss its integration into Apache Camel. Finally, we evaluate the runtime impact of LUCON and discuss performance and scalability aspects.