A systematic literature review

Bahaa, A., Abdelaziz, A., Sayed, A., Elfangary, L., & Fahmy, H. (2021). Monitoring real time security attacks for iot systems using devsecops: A systematic literature review. Information (Switzerland), 12(4), 1-23. [154]. https://doi.org/10.3390/info12040154In many enterprises and the private sector, the Internet of Things (IoT) has spread globally. The growing number of different devices connected to the IoT and their various protocols have contributed to the increasing number of attacks, such as denial-of-service (DoS) and remote-to-local (R2L) ones. There are several approaches and techniques that can be used to construct attack detection models, such as machine learning, data mining, and statistical analysis. Nowadays, this technique is commonly used because it can provide precise analysis and results. Therefore, we decided to study the previous literature on the detection of IoT attacks and machine learning in order to understand the process of creating detection models. We also evaluated various datasets used for the models, IoT attack types, independent variables used for the models, evaluation metrics for assessment of models, and monitoring infrastructure using DevSecOps pipelines. We found 49 primary studies, and the detection models were developed using seven different types of machine learning techniques. Most primary studies used IoT device testbed datasets, and others used public datasets such as NSL-KDD and UNSW-NB15. When it comes to measuring the efficiency of models, both numerical and graphical measures are commonly used. Most IoT attacks occur at the network layer according to the literature. If the detection models applied DevSecOps pipelines in development processes for IoT devices, they were more secure. From the results of this paper, we found that machine learning techniques can detect IoT attacks, but there are a few issues in the design of detection models. We also recommend the continued use of hybrid frameworks for the improved detection of IoT attacks, advanced monitoring infrastructure configurations using methods based on software pipelines, and the use of machine learning techniques for advanced supervision and monitoring.publishersversionpublishe

Understanding the Benefits of Agile Software Development in Regulated Environments

Agile software development has become increasingly popular in recent years. Applying agile methods, companies expect flexible planning, early delivery of the software product, and a continuous improvement of the development process itself. However, in regulated environments the use of agile development is not yet common practice. In such environments, various regulatory requirements apply which affect the software development process. This paper examines the use of agile software development in the regulated medical device industry and explores reasons for using agile methods although their use is limited. We interviewed agile software development teams in three different companies using semi-structured interviews. Using grounded theory methodology, we identify reasons why companies are using agile methods, even though problems and barriers exist. Our main achievement is the development of four categories, which describe the benefit of agile software development in regulated environments. These categories are master complexity, reduce effort, improve usability, and promote collaboration

Towards Improving Resilience of Smart Urban Electricity Networks by Interactively Assessing Potential Microgrids

When a city adds a renewable generation to improve its carbon footprint, this step towards a greener city can be a step towards a smarter city. Strategical positioning of new urban electricity components makes the city more resilient to electricity outages. Money and resilience are two conflicting goals in this case. In case of blackouts, renewable generation, other than distributed combustion generations, can serve critical demand to essential city nodes, such as hospitals, water purification facilities, and police stations. Not the last, the city level stakeholders might be interested in envisioning monetary saving related to introducing a renewable. To provide decision makers with resilience and monetary information, it is needed to analyze the impact of introducing the renewable into the grid. This paper introduces a novel tool suitable for this purpose and reports on the validation efforts. The outcomes indicate that predicted outcomes of two alternative points of introducing renewables into the grid can be analyzed with the help of the tool and ultimately be meaningfully compared

Holding on to Compliance While Adopting DevSecOps: An SLR

The software industry has witnessed a growing interest in DevSecOps due to the premises of integrating security in the software development lifecycle. However, security compliance cannot be disregarded, given the importance of adherence to regulations, laws, industry standards, and frameworks. This study aims to provide an overview of compliance aspects in the context of DevSecOps and explore how compliance is ensured. Furthermore, this study reveals the trends of compliance according to the extant literature and identifies potential directions for further research in this context. Therefore, we carried out a systematic literature review on the integration of compliance aspects in DevSecOps, which rigorously followed the guidelines proposed by Kitchenham and Charters. We found 934 articles related to the topic by searching five bibliographic databases (163) and Google Scholar (771). Through a rigorous selection process, we selected 15 papers as primary studies. Then, we identified the compliance aspects of DevSecOps and grouped them into three main categories: compliance initiation, compliance management, and compliance technicalities. We observed a low number of studies; therefore, we encourage further efforts into the exploration of compliance aspects, their automated integration, and the development of metrics to evaluate such a process in the context of DevSecOps.publishedVersio

Safety, security and privacy in machine learning based Internet of Things

Recent developments in communication and information technologies, especially in the internet of things (IoT), have greatly changed and improved the human lifestyle. Due to the easy access to, and increasing demand for, smart devices, the IoT system faces new cyber-physical security and privacy attacks, such as denial of service, spoofing, phishing, obfuscations, jamming, eavesdropping, intrusions, and other unforeseen cyber threats to IoT systems. The traditional tools and techniques are not very efficient to prevent and protect against the new cyber-physical security challenges. Robust, dynamic, and up-to-date security measures are required to secure IoT systems. The machine learning (ML) technique is considered the most advanced and promising method, and opened up many research directions to address new security challenges in the cyber-physical systems (CPS). This research survey presents the architecture of IoT systems, investigates different attacks on IoT systems, and reviews the latest research directions to solve the safety and security of IoT systems based on machine learning techniques. Moreover, it discusses the potential future research challenges when employing security methods in IoT systems

GLASS: A Citizen-Centric Distributed Data-Sharing Model within an e-Governance Architecture

E-governance is a process that aims to enhance a government’s ability to simplify all the processes that may involve government, citizens, businesses, and so on. The rapid evolution of digital technologies has often created the necessity for the establishment of an e-Governance model. There is often a need for an inclusive e-governance model with integrated multiactor governance services and where a single market approach can be adopted. e-Governance often aims to minimise bureaucratic processes, while at the same time including a digital-by-default approach to public services. This aims at administrative efficiency and the reduction of bureaucratic processes. It can also improve government capabilities, and enhances trust and security, which brings confidence in governmental transactions. However, solid implementations of a distributed data sharing model within an e-governance architecture is far from a reality; hence, citizens of European countries often go through the tedious process of having their confidential information verified. This paper focuses on the sinGLe sign-on e-GovernAnce Paradigm based on a distributed file-exchange network for security, transparency, cost-effectiveness and trust (GLASS) model, which aims to ensure that a citizen can control their relationship with governmental agencies. The paper thus proposes an approach that integrates a permissioned blockchain with the InterPlanetary File System (IPFS). This method demonstrates how we may encrypt and store verifiable credentials of the GLASS ecosystem, such as academic awards, ID documents and so on, within IPFS in a secure manner and thus only allow trusted users to read a blockchain record, and obtain the encryption key. This allows for the decryption of a given verifiable credential that stored on IPFS. This paper outlines the creation of a demonstrator that proves the principles of the GLASS approach

Detecting IoT user behavior and sensitive information in encrypted IoT -app traffic

Many people use smart-home devices, also known as the Internet of Things (IoT), in their daily lives. Most IoT devices come with a companion mobile application that users need to install in their smartphone or tablet in order to control, configure, and interface with the IoT device. IoT devices send information about their users from their app directly to the IoT manufacturer's cloud; we call this the ''app-to-cloud way''. In this research, we invent a tool called IoT-app privacy inspector that can automatically infer the following from the IoT network traffic: the packet that reveals user interaction type with the IoT device via its app (e.g. login), the packets that carry sensitive Personal Identifiable Information (PII), the content type of such sensitive information (e.g. user's location). We use Random Forest classifier as a supervised machine learning algorithm to extract features from network traffic. To train and test the three different multi-class classifiers, we collect and label network traffic from different IoT devices via their apps. We obtain the following classification accuracy values for the three aforementioned types of information: 99.4%, 99.8%, and 99.8%. This tool can help IoT users take an active role in protecting their privacy