We designed and implemented Umbra (available on GitHub), an application-layer firewall that targets embedded web interfaces. Umbra is designed to be simple for manufacturers to configure and add to existing embedded systems. Umbra works by acting as a friendly man-in-the-middle that enforces a set security policy.

Umbra diagram

Umbra can protect against attacks such as cross-site request forgery (CSRF), information leaks, and authentication bypass vulnerabilities; we found that Umbra would have prevented half of the vulnerabilities that we investigated in the CVE database.

More details are available in our peer-reviewed paper, which appeared at 1st Workshop on the Security of Cyber-Physical Systems (WOS-CPS 2015), which was co-located with ESORICS.

Our prototype of Umbra is available as free and open source software on GitHub.


  title = {Umbra: Embedded Web Security through Application-Layer Firewalls},
  author = {Travis Finkenauer and J. Alex Halderman},
  booktitle = {Proc. of the 1st Workshop on the Security of Cyber-Physical Systems},
  month = sep,
  year = 2015,