ISSN: 2182-2069 (printed) / ISSN: 2182-2077 (online)
Effectiveness of MAC Systems based on LSM and their Security Policy Configuration for Protecting IoT Devices
The number of attacks exploiting Internet of Things (IoT) devices has been increasing with the emergence of IoT malware targeting IoT devices. The use of IoT devices in a wide variety of situations has resulted in an urgent need to improve the security of the IoT devices themselves. However, the IoT devices themselves have low hardware performance and their operating systems and applications are not frequently updated, leaving many devices vulnerable to IoT malware attacks. Mandatory Access Control (MAC) systems based on Linux Security Modules (LSM), such as SELinux and AppArmor, can mitigate the impact of these attacks, even if software vulnerabilities are discovered and exploited. However, most IoT devices do not currently employ these systems. While existing approaches have examined on-board resources as one factor affecting the applicability of MAC systems, they are insufficient to address all relevant factors. In this paper, we report the factors that may prevent the deployment of LSM-based secure OS in IoT devices and the results of our evaluation of the effectiveness of LSM-based secure OS against IoT malware attacks. First, we comprehensively investigated the impact of each factor of IoT devices on the deployment of LSM-based secure OS. To improve the comprehensiveness of the factors affecting the deployment, we investigated the kernel version, CPU architecture, and BusyBox support. Next, we conducted an attack experiment that simulated the attack method of Mirai, a typical IoT malware, to investigate whether it is possible to protect against IoT malware. We also showed how to modify the security policy, and the cost of modifying it, for secure OSs that cannot prevent attacks from IoT malware with the default security policy. Finally, we report the results of our investigation into the impact of these factors in combination.