To address unreliable policy enforcement caused by the tight coupling of management and operational functions in large-scale IoT systems, this paper proposes a policy-driven architecture that decouples the management and operational planes. Our approach introduces: (1) an independent, identity-agnostic management plane, which employs scalable descriptors—replacing static device identifiers—to enable collaborative policy formulation and updates across multiple stakeholders (e.g., regulators, manufacturers) for security, energy efficiency, and maintenance; and (2) a dynamic policy representation and reliable execution mechanism that achieves adaptive, global policy deployment and strong consistency guarantees without modifying existing operational workflows. Experimental evaluation on three real-world datasets demonstrates that the framework achieves near-optimal policy expressiveness and attains policy execution reliability exceeding 99.2%.

We propose to enhance the dependability of large-scale IoT systems by separating the management and operation plane. We innovate the management plane to enforce overarching policies, such as safety norms, operation standards, and energy restrictions, and integrate multi-faceted management entities, including regulatory agencies and manufacturers, while the current IoT operational workflow remains unchanged. Central to the management plane is a meticulously designed, identity-independent policy framework that employs flexible descriptors rather than fixed identifiers, allowing for proactive deployment of overarching policies with adaptability to system changes. Our evaluation across three datasets indicates that the proposed framework can achieve near-optimal expressiveness and dependable policy enforcement.