Manufacturer Usage Description (MUD)
Defending the IoT devices in home environment
Creating the rules for such firewall, is beyond the knowledge of a end user or even a super user. Even an experienced sysadmin will get frustrated for maintaining such firewall since the communication destination of each of the IoT devices might change throughout its lifetime. Introducing MUD: a self-install and self-maintain fine grained firewall, providing "a means for end devices to signal to the network what sort of access and network functionality they require to properly function" [1].
MUD works based on a usage description that is defined by the manufacturer, hence the name Manufacturer Usage Description. The manufacturer of a device, knows better than anyone where their device is supposed to initiate a communication to, or to which domain or service it should respond. Using this description, a smart bulb manufacturer that is aware its products will not communicate with any domain other than the company's domain, can enforce this rule to the future network where the IoT device is going to be deployed.
References
[1]https://tools.ietf.org/html/draft-ietf-opsawg-mud-25
Publications
Conference publications (7) |
-
Vafa Andalibi,
Eliot Lear,
DongInn Kim,
and L Jean Camp.
On the analysis of MUD-files’ interactions, conflicts, and configuration requirements before deployment.
In The Fifth International Conference on Safety and Security with IoT: SaSeIoT 2021,
pages 137--157,
2022.
Springer International Publishing.
Keywords: MUD. [bibtex-entry] -
Vafa Andalibi,
Jayati Dev,
DongInn Kim,
Eliot Lear,
and Jean Camp.
Making Access Control Easy in IoT.
In IFIP International Symposium on Human Aspects of Information Security & Assurance,
June 2021.
Keywords: IoT, MUD, MUD-Visualizer. [bibtex-entry] -
Vafa Andalibi,
Eliot Lear,
DongInn Kim,
and Jean Camp.
On the Analysis of MUD-Files' Interactions, Conflicts, and Configuration Requirements Before Deployment.
In 5th EAI International Conference on Safety and Security in Internet of Things, SaSeIoT,
May 2021.
Springer.
Keywords: IoT, MUD, MUD-Visualizer. [bibtex-entry] -
Vafa Andalibi,
Jayati Dev,
DongInn Kim,
Eliot Lear,
and L Jean Camp.
Is Visualization Enough? Evaluating the Efficacy of MUD-Visualizer in Enabling Ease of Deployment for Manufacturer Usage Description (MUD).
In Annual Computer Security Applications Conference,
pages 337--348,
2021.
Keywords: MUD, access control, IoT, user studies. [bibtex-entry] -
Vafa Andalibi,
DongInn Kim,
and L. Jean Camp.
Throwing MUD into the FOG: Defending IoT and Fog by expanding MUD to Fog network.
In 2nd USENIX Workshop on Hot Topics in Edge Computing (HotEdge 19),
Renton, WA,
July 2019.
USENIX Association.
Keywords: MUD, IoT. [bibtex-entry]