Software Engineering Institute

Commercial Internet of Things (IoT) devices are increasingly being integrated into software systems. However, given the also increasing number of IoT vulnerability reports, there is a pressing need to enable organizations to achieve such integration with high assurance, especially for systems with high security and safety requirements. We present KalKi, a software-defined IoT security platform that moves security enforcement to the network to enable safe integration of IoT devices, even if the devices are not fully trusted or configurable. KalKi leverages software-defined networking (SDN) concepts and constructs, combined with a rich policy model that specifies both cyber and kinetic attacks, to create a safe, highly-dynamic and extensible IoT integration platform. Our experiments demonstrate high performance, scalability and resilience, even in the presence of a powerful attacker.