Pyronia: Intra-Process Access Control for IoT Applications

Third-party code plays a critical role in IoT applications, which generate and analyze highly privacy-sensitive data. Unlike traditional desktop and server settings, IoT devices mostly run a dedicated, single application. As a result, vulnerabilities in third-party libraries within a process pose a much bigger threat than on traditional platforms. We present Pyronia, a fine-grained access control system for IoT applications written in high-level languages. Pyronia exploits developers' coarse-grained expectations about how imported third-party code operates to restrict access to files, devices, and specific network destinations, at the granularity of individual functions. To efficiently protect such sensitive OS resources, Pyronia combines three techniques: system call interposition, stack inspection, and memory domains. This design avoids the need for application refactoring, or unintuitive data flow analysis, while enforcing the developer's access policy at run time. Our Pyronia prototype for Python runs on a custom Linux kernel, and incurs moderate performance overhead on unmodified Python applications.