Towards an Architecture for Trusted Edge IoT Security Gateways


Matt McCormack, Carnegie Mellon University - CyLab; Amit Vasudevan, Carnegie Mellon Software Engineering Institute; Guyue Liu, Carnegie Mellon University - CyLab; Sebastián Echeverría, Kyle O'Meara, and Grace Lewis, Carnegie Mellon Software Engineering Institute; Vyas Sekar, Carnegie Mellon University - CyLab


Today's edge networks continue to see an increasing number of deployed IoT devices. These IoT devices aim to increase productivity and efficiency; however, they are plagued by a myriad of vulnerabilities. Industry and academia have proposed protecting these devices by deploying a "bolt-on" security gateway to these edge networks. The gateway applies security protections at the network level. While security gateways are an attractive solution, they raise a fundamental concern: Can the bolt-on security gateway be trusted?

This paper identifies key challenges in realizing this goal and sketches a roadmap for providing trust in bolt-on edge IoT security gateways. Specifically, we show the promise of using a micro-hypervisor driven approach for delivering practical (deployable today) trust that is catered to both end-users and gateway vendors alike in terms of cost, generality, capabilities, and performance. We describe the challenges in establishing trust on today's edge security gateways, formalize the adversary and trust properties, describe our system architecture, present preliminary results, and discuss open questions. We foresee our trusted security gateway architecture becoming a practical and extensible foundation towards realizing robust trust properties on edge security gateways.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {253366,
author = {Matt McCormack and Amit Vasudevan and Guyue Liu and Sebasti{\'a}n Echeverr{\'\i}a and Kyle O{\textquoteright}Meara and Grace Lewis and Vyas Sekar},
title = {Towards an Architecture for Trusted Edge {IoT} Security Gateways},
booktitle = {3rd USENIX Workshop on Hot Topics in Edge Computing (HotEdge 20)},
year = {2020},
url = {},
publisher = {USENIX Association},
month = jun

Presentation Video