Advancing IoT System Dependability: A Deep Dive into Management and Operation Plane Separation
Luoyao Hao, Shuo Zhang, Henning Schulzrinne
TL;DR
The paper tackles dependability in large-scale IoT by separating the management plane from the operation plane and introducing an Identity-Independent Policy (IIP) framework for policy specification. The management plane, comprising a Policy Database, Policy Engine, and Device Directory, enforces overarching safety and compliance policies using forward-compatible descriptors rather than fixed identities, while the operation plane preserves existing workflows. Evaluations on IFTTT datasets show IIP can express approximately 99% of recipes and detect hazards effectively in unreliable settings, and a gas-sensor study demonstrates strong hazard detection with voting-based policies, highlighting practical gains in governance and safety. By leveraging standards such as W3C WoT TD and Brick, the approach minimizes fragmentation and supports scalable, policy-driven IoT ecosystems.
Abstract
We propose to enhance the dependability of large-scale IoT systems by separating the management and operation plane. We innovate the management plane to enforce overarching policies, such as safety norms, operation standards, and energy restrictions, and integrate multi-faceted management entities, including regulatory agencies and manufacturers, while the current IoT operational workflow remains unchanged. Central to the management plane is a meticulously designed, identity-independent policy framework that employs flexible descriptors rather than fixed identifiers, allowing for proactive deployment of overarching policies with adaptability to system changes. Our evaluation across three datasets indicates that the proposed framework can achieve near-optimal expressiveness and dependable policy enforcement.