Author:

Keywords:

Multiple Applications, Virtualization, Resource Security, Internet of things, Operating System

Abstract:

To continue to grow, the Internet of Things (IoT) requires scalable and secure system software solutions for resource constrained devices. To maximize return on investment of these devices, IoT platforms should support multiple third party applications and adaptation of software over time. However, realizing the vision of shared IoT platforms de mands not only strong guarantees on the confidentiality and integrity of application data, but also guarantees on the use of critical resources such as computation, sensors and energy. We refer to this vision as resource security. Prior research on Operating Systems (OS) for tiny IoT devices has focused on miniaturizing core functionality such as scheduling and communication and does not consider resource security. To address this problem, we introduce CerberOS, a resource secure OS for sharing IoT devices. CerberOS enables mul tiple applications on constrained IoT devices while, for the first time, guaranteeing data confidentiality, integrity and se cure resource management. Our approach is based upon the twin pillars of virtualization, which isolates applications, and contracts, which control application resource usage. Evalu ation shows that CerberOS supports the secure coexistence of up to seven applications on a representative IoT device with a memory usage of 40KB ROM and 5KB RAM while preserving multi-year battery lifetimes.