Evaluation of Effectiveness of MAC Systems Based on LSM for Protecting IoT Devices

Numerous active attacks targeting Internet of Things (IoT) devices exist. They exploit the latest vulnerabilities discovered in IoT devices. Therefore, Mandatory Access Control (MAC) systems based on Linux Security Modules (LSM), such as SELinux and AppArmor, are effective security features for IoT devices because they can mitigate the impact of attacks even if software vulnerabilities are discovered. However, they are not adopted by most IoT devices. The existing approaches are insufficient for investigating the causes of this problem.In this study, we comprehensively investigated what factors can affect the applicability of MAC systems based on LSM in IoT devices. We focused on how frequently cases can occur where they cannot be adopted, owing to each factor. To increase the comprehensiveness of the factors affecting the adoption of MAC systems in IoT devices, we investigated the kernel version, CPU architecture, and support for BusyBox in addition to the investigation of resources, which conducted in previous studies. We also conducted simulated experiments based on the attack method of Mirai to investigate whether MAC systems can protect against IoT malware. Finally, we discuss the impact of a combination of these factors on MAC system adoption.

© 2023 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

This fulltext file will be available in Jan. 2026.