FlowFence: Practical Data Protection for Emerging IoT Application Frameworks


Emerging IoT programming frameworks enable building apps that compute on sensitive data produced by smart homes and wearables. However, these frameworks only support permission-based access control on sensitive data, which is ineffective at controlling how apps use data once they gain access. To address this limitation, we present FlowFence, a system that requires consumers of sensitive data to declare their intended dataflow patterns, which it enforces with low overhead, while blocking all other undeclared flows. FlowFence achieves this by explicitly embedding data flows and the related control flows within app structure. Developers use FlowFence support to split their apps into two components: (1) A set of Quarantined Modules that operate on sensitive data in sandboxes, and (2) Code that does not operate on sensitive data but orchestrates execution by chaining Quarantined Modules together via taint-tracked opaque handles—references to data that can only be dereferenced inside sandboxes. We studied three existing IoT frameworks to derive key functionality goals for FlowFence, and we then ported three existing IoT apps. Securing these apps using FlowFence resulted in an average increase in size from 232 lines to 332 lines of source code. Performance results on ported apps indicate that FlowFence is practical: A face-recognition based doorcontroller app incurred a 4.9% latency overhead to recognize a face and unlock a door.


Code on GitHub We accept pull requests!

Research Papers

  1. Earlence Fernandes, Justin Paupore, Amir Rahmati, Daniel Simionato, Mauro Conti, and Atul Prakash 
    FlowFence: Practical Data Protection for Emerging IoT Application Frameworks 
    In Proceedings of the 25th USENIX Security Symposium, August 2016.

Download PDF 

BibTeX for citation:

@InProceedings{flowfence16, author = {Earlence Fernandes and Justin Paupore and Amir Rahmati and Daniel Simionato and Mauro Conti and Atul Prakash}, title = {{F}low{F}ence: {P}ractical {D}ata {P}rotection for {E}merging {I}o{T} {A}pplication {F}rameworks}, booktitle = {Proceedings of the 25th {USENIX} Security Symposium}, month = August, year = 2016 }

2. A. Rahmati, E. Fernandes and A. Prakash, “Applying the Opacified Computation Model to Enforce Information Flow Policies in IoT Applications,” 2016 IEEE Cybersecurity Development (SecDev), Boston, MA, 2016, pp. 88-93.
doi: 10.1109/SecDev.2016.031


Earlence Fernandes, Ph.D. Candidate, University of Michigan

Justin Paupore, Software Engineer, Google

Amir Rahmati, Ph.D. Candidate, University of Michigan

Daniel Simionato

Mauro Conti, Associate Professor, University of Padova

Atul Prakash, Professor, University of Michigan