Semi­Automatic Generation of Tests for Assessing Correct Integration of Security Mechanisms in the Internet of Things

Internet of Things (IoT) is expanding at a global level and its influence in our daily lives is increasing. This fast expansion, with companies competing to be the first to deploy new IoT systems, has led to the majority of the software being created and produced without due attention being given to security considerations and without adequate security testing. Software quality and security testing are inextricably linked. The most successful approach to achieve secure software is to adhere to secure development, deployment, and maintenance principles and practices throughout the development process. Security testing is a procedure for ensuring that a system keeps the users data secure and performs as expected. However, extensively testing a system can be a very daunting task, that usually requires professionals to be well versed in the subject, so as to be performed correctly. Moreover, not all development teams can have access to a security expert to perform security testing in their IoT systems. The need to automate security testing emerged as a potential means to solve this issue. This dissertation describes the process undertaken to design and develop a module entitled Assessing Correct Integration of Security Mechanisms (ACISM) that aims to provide system developers with the means to improve system security by anticipating and preventing potential attacks. Using the list of threats that the system is vulnerable as inputs, this tool provides developers with a set of security tests and tools that will allow testing how susceptible the system is to each of those threats. This tool outputs a set of possible attacks derived from the threats and what tools could be used to simulate these attacks. The tool developed in this dissertation has the purpose to function as a plugin of a framework called Security Advising Modules (SAM). It has the objective of advising users in the development of secure IoT, cloud and mobile systems during the design phases of these systems. SAM is a modular framework composed by a set of modules that advise the user in different stages of the security engineering process. To validate the usefulness of the ACISM module in real life, it was tested by 17 computer science practitioners. The feedback received from these users was very positive. The great majority of the participants found the tool to be extremely helpful in facilitating the execution of security tests in IoT. The principal contributions achieved with this dissertation were: the creation of a tool that outputs a set of attacks and penetration tools to execute the attacks mentioned, all starting from the threats an IoT system is susceptible to. Each of the identified attacking tools will be accompanied with a brief instructional guide; all summing up to an extensive review of the state of the art in testing.A Internet das Coisas (IoT) é um dos paradigmas com maior expansão mundial à data de escrita da dissertação, traduzindo­se numa influência incontornável no quotidiano. As empresas pretendem ser as primeiras a implantar novos sistemas de IoT como resultado da sua rápida expansão, o que faz com que a maior parte do software seja criado e produzido sem considerações de segurança ou testes de segurança adequados. A qualidade do software e os testes de segurança estão intimamente ligados. A abordagem mais bemsucedida para obter software seguro é aderir aos princípios e práticas de desenvolvimento, implantação e manutenção seguros em todo o processo de desenvolvimento. O teste de segurança é um procedimento para garantir que um sistema proteja os dados do utilizador e execute conforme o esperado. Esta dissertação descreve o esforço despendido na concepção e desenvolvimento de uma ferramenta que, tendo em consideração as ameaças às quais um sistema é vulnerável, produz um conjunto de testes e identifica um conjunto de ferramentas de segurança para verificar a susceptibilidade do sistema às mesmas. A ferramenta mencionada anteriormente foi desenvolvida em Python e tem como valores de entrada uma lista de ameaças às quais o sistema é vulnerável. Depois de processar estas informações, a ferramenta produz um conjunto de ataques derivados das ameaças e possíveis ferramentas a serem usadas para simular esses ataques. Para verificar a utilidade da ferramenta em cenários reais, esta foi testada por 17 pessoas com conhecimento na área de informática. A ferramenta foi avaliada pelos sujeitos de teste de uma forma muito positiva. A grande maioria dos participantes considerou a ferramenta extremamente útil para auxiliar a realização de testes de segurança em IoT. As principais contribuições alcançadas com esta dissertação foram: a criação de uma ferramenta que, através das ameaças às quais um sistema IoT é susceptível, produzirá um conjunto de ataques e ferramentas de penetração para executar os ataques mencionados. Cada uma das ferramentas será acompanhada por um breve guia de instruções; uma extensa revisão do estado da arte em testes.The work described in this dissertation was carried out at the Instituto de Telecomunicações, Multimedia Signal Processing – Covilhã Laboratory, in Universidade da Beira Interior, at Covilhã, Portugal. This research work was funded by the S E C U R I o T E S I G N Project through FCT/COMPETE/FEDER under Reference Number POCI­01­0145­FEDER030657 and by Fundação para Ciência e Tecnologia (FCT) research grant with reference BIL/Nº11/2019­B00701

Systematic review of features for co‐simulating security incidents in Cyber‐Physical Systems

Cyber-Physical Systems (CPS) and Internet-of-Things (IoT) plus energy are the enabling technology of modern power systems also known as the Smart Grid (SG). A SG may consist of thousands of interconnected components communicating and exchanging data across layers that stretch beyond technical capabilities, for instance, markets and customer interactions. Cyber-physical security is a major source of concern due to the high reliance of the SG on Information and Communication Technologies (ICT) and their widespread use. Addressing security requires developing modeling and simulation tools that approximate and replicate adversarial behavior in the SG. These tools have in fact two simulators, one handling continuous power flows and another for capturing the discrete behavior when communicating across CPS or IoT components. The technique of composing two models of computation in a global simulation of these coupled systems is called co-simulation. Although there are many frameworks and tools for co-simulation, the set of features for modeling cyber-physical security incidents in the SG lacks thorough understanding. We present a systematic review of features and tools for co-simulating these concerns in CPS. We also highlight and discuss research gaps with respect to the most used tools in industry and academia and comment on their relevant features

Protocol fuzz testing as a part of secure software development life cycle

During the last couple of years the importance of software security has gained a lot of press recognition and it has become very important part of different software products especially in the embedded industry. To prevent software security vulnerabilities the secure software development life cycle is recommended as a development method to prevent implementation bugs and design flaws in the early phase of the product development. Secure software development life cycle recommends various different security actions to be taken in different phases of the development life cycle. Fuzz testing is one of these recommendations. Fuzz testing is an automated testing technique where the system under test is given modified and malformed also known as fuzzed input data. The purpose of fuzz testing is to find implementation bugs and security related vulnerabilities. Fuzz testing has been proven to be cost effective method to identify such issues. To increase the effectiveness of fuzz testing, such methods can be directly included in the implementation phase of the secure software development life cycle. The purpose of this thesis is to create a fuzz testing framework to fuzz proprietary protocols

A Review of Digital Twins and their Application in Cybersecurity based on Artificial Intelligence

The potential of digital twin technology is yet to be fully realized due to its diversity and untapped potential. Digital twins enable systems' analysis, design, optimization, and evolution to be performed digitally or in conjunction with a cyber-physical approach to improve speed, accuracy, and efficiency over traditional engineering methods. Industry 4.0, factories of the future, and digital twins continue to benefit from the technology and provide enhanced efficiency within existing systems. Due to the lack of information and security standards associated with the transition to cyber digitization, cybercriminals have been able to take advantage of the situation. Access to a digital twin of a product or service is equivalent to threatening the entire collection. There is a robust interaction between digital twins and artificial intelligence tools, which leads to strong interaction between these technologies, so it can be used to improve the cybersecurity of these digital platforms based on their integration with these technologies. This study aims to investigate the role of artificial intelligence in providing cybersecurity for digital twin versions of various industries, as well as the risks associated with these versions. In addition, this research serves as a road map for researchers and others interested in cybersecurity and digital security.Comment: 60 pages, 8 Figures, 15 Table

System Security Assurance: A Systematic Literature Review

System security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. Alongside the significant benefits of security assurance, the evolution of new information and communication technology (ICT) introduces new challenges regarding information protection. Security assurance methods based on the traditional tools, techniques, and procedures may fail to account new challenges due to poor requirement specifications, static nature, and poor development processes. The common criteria (CC) commonly used for security evaluation and certification process also comes with many limitations and challenges. In this paper, extensive efforts have been made to study the state-of-the-art, limitations and future research directions for security assurance of the ICT and cyber-physical systems (CPS) in a wide range of domains. We conducted a systematic review of requirements, processes, and activities involved in system security assurance including security requirements, security metrics, system and environments and assurance methods. We highlighted the challenges and gaps that have been identified by the existing literature related to system security assurance and corresponding solutions. Finally, we discussed the limitations of the present methods and future research directions

Optimising a defence-aware threat modelling diagram incorporating a defence-in-depth approach for the internet-of-things

Modern technology has proliferated into just about every aspect of life while improving the quality of life. For instance, IoT technology has significantly improved over traditional systems, providing easy life, time-saving, financial saving, and security aspects. However, security weaknesses associated with IoT technology can pose a significant threat to the human factor. For instance, smart doorbells can make household life easier, save time, save money, and provide surveillance security. Nevertheless, the security weaknesses in smart doorbells could be exposed to a criminal and pose a danger to the life and money of the household. In addition, IoT technology is constantly advancing and expanding and rapidly becoming ubiquitous in modern society. In that case, increased usage and technological advancement create security weaknesses that attract cybercriminals looking to satisfy their agendas. Perfect security solutions do not exist in the real world because modern systems are continuously improving, and intruders frequently attempt various techniques to discover security flaws and bypass existing security control in modern systems. In that case, threat modelling is a great starting point in understanding the threat landscape of the system and its weaknesses. Therefore, the threat modelling field in computer science was significantly improved by implementing various frameworks to identify threats and address them to mitigate them. However, most mature threat modelling frameworks are implemented for traditional IT systems that only consider software-related weaknesses and do not address the physical attributes. This approach may not be practical for IoT technology because it inherits software and physical security weaknesses. However, scholars employed mature threat modelling frameworks such as STRIDE on IoT technology because mature frameworks still include security concepts that are significant for modern technology. Therefore, mature frameworks cannot be ignored but are not efficient in addressing the threat associated with modern systems. As a solution, this research study aims to extract the significant security concept of matured threat modelling frameworks and utilise them to implement robust IoT threat modelling frameworks. This study selected fifteen threat modelling frameworks from among researchers and the defence-in-depth security concept to extract threat modelling techniques. Subsequently, this research study conducted three independent reviews to discover valuable threat modelling concepts and their usefulness for IoT technology. The first study deduced that integration of threat modelling approach software-centric, asset-centric, attacker-centric and data-centric with defence-in-depth is valuable and delivers distinct benefits. As a result, PASTA and TRIKE demonstrated four threat modelling approaches based on a classification scheme. The second study deduced the features of a threat modelling framework that achieves a high satisfaction level toward defence-in-depth security architecture. Under evaluation criteria, the PASTA framework scored the highest satisfaction value. Finally, the third study deduced IoT systematic threat modelling techniques based on recent research studies. As a result, the STRIDE framework was identified as the most popular framework, and other frameworks demonstrated effective capabilities valuable to IoT technology. Respectively, this study introduced Defence-aware Threat Modelling (DATM), an IoT threat modelling framework based on the findings of threat modelling and defence-in-depth security concepts. The steps involved with the DATM framework are further described with figures for better understatement. Subsequently, a smart doorbell case study is considered for threat modelling using the DATM framework for validation. Furthermore, the outcome of the case study was further assessed with the findings of three research studies and validated the DATM framework. Moreover, the outcome of this thesis is helpful for researchers who want to conduct threat modelling in IoT environments and design a novel threat modelling framework suitable for IoT technology

Threat Modeling Solution for Internet of Things in a Web­based Security Framework

The Internet of Things (IoT) is a growing paradigm that provides daily life benefits for its users, motivating a fast paced deployment of IoT devices in sensitive scenarios. However, current IoT devices do not correctly apply or integrate security controls or technology, potentially leading to a wide panoply of problems, most of them with harmful impact to the user. Thus, this work proposes the development of a tool that helps developers create properly secure IoT devices by identifying possible weaknesses in the system. This tool consists of a module of a framework, denominated Security Advising Modules (SAM) in the scope of this work, and achieves the referred objective by identifying possible weaknesses found in the software and hardware of IoT devices. To define the weaknesses, a set of databases containing information about vulnerabilities and weaknesses found in a system were investigated throughout this project, and a restricted set of weaknesses to be presented was chosen. Since some databases contain hundreds of thousands of vulnerabilities, it was neither feasible nor pertinent to present them completely in the developed tool. Additionally, the questions to retrieve system information were identified in this work, allowing us to map the chosen weaknesses to the answers given by the developer to those questions. The tool developed was properly tested by running automated tests, with the Selenium framework, and also validated by security experts and evaluated by a set of 18 users. Finally, based on user feedback, it was concluded that the developed tool was useful, simple and straightforward to use, and that 89% of respondents had never interacted with a similar tool (adding, in this way, to the innovative character).A Internet das Coisas (do inglês Internet of Things, IoT) é um paradigma em acentuado crescimento com benefícios inegáveis para o dia a dia dos utilizadores, com uma elevada aplicação dos dispositivos da IoT em cenários sensíveis. No entanto, atualmente os dispositivos da IoT não garantem corretamente as propriedades de segurança, o que pode levar a toda uma panóplia de problemas, muitos com impacto no utilizador. Este trabalho propõe o desenvolvimento de uma ferramenta que auxilie os programadores a criar dispositivos da IoT seguros. A ferramenta é um módulo de uma framework denominada Security Advising Modules (SAM), e procura atingir o referido objetivo através da identificação de fraquezas que possam existir no software ou hardware dos dispositivos IoT. Com o objetivo de delinear as fraquezas, consultou­se ao longo deste projeto um conjunto de bases de dados que contêm informações sobre vulnerabilidades e fraquezas encontradas em sistemas, do qual se escolheram um conjunto restrito de fraquezas a apresentar. A escolha deste conjunto deve­se a algumas das bases de dados consultadas conterem centenas de milhares de vulnerabilidades, pelo que não é exequível nem pertinente a sua completa apresentação na nossa ferramenta. Complementarmente, identificaramse neste trabalho as questões que permitem obter informações sobre o sistema em desenvolvimento que depois nos permitem mapear as fraquezas em função das respostas do programador. A ferramenta desenvolvida foi devidamente testada através da execução de testes automáticos, com a framework Selenium, e também validada por especialistas de segurança e avaliada por um conjunto de 18 utilizadores. Por fim, com base no feedback dos utilizadores, concluiu­se que a ferramenta desenvolvida era útil, de utilização simples e direta, e que 89% dos inquiridos nunca tinham interagido com uma ferramenta similar (nesse sentido inovadora).The work described in this dissertation was carried out at the Instituto de Telecomunicações, Multimedia Signal Processing ­ Cv Laboratory, in Universidade da Beira Interior, at Covilhã, Portugal. This research work was funded by the S E C U R I o T E S I G N Project through FCT/COMPETE/FEDER under Reference Number POCI­01­0145­FEDER­030657 and by Fundação para Ciência e Tecnologia (FCT) research grant with reference BIL/ Nº12/2019­B00702