Verifying and Monitoring IoTs Network Behavior using MUD Profiles

IoT devices are increasingly being implicated in cyber-attacks, raising community concern about the risks they pose to critical infrastructure, corporations, and citizens. In order to reduce this risk, the IETF is pushing IoT vendors to develop formal specifications of the intended purpose of their IoT devices, in the form of a Manufacturer Usage Description (MUD), so that their network behavior in any operating environment can be locked down and verified rigorously. This paper aims to assist IoT manufacturers in developing and verifying MUD profiles, while also helping adopters of these devices to ensure they are compatible with their organizational policies and track devices network behavior based on their MUD profile. Our first contribution is to develop a tool that takes the traffic trace of an arbitrary IoT device as input and automatically generates the MUD profile for it. We contribute our tool as open source, apply it to 28 consumer IoT devices, and highlight insights and challenges encountered in the process. Our second contribution is to apply a formal semantic framework that not only validates a given MUD profile for consistency, but also checks its compatibility with a given organizational policy. We apply our framework to representative organizations and selected devices, to demonstrate how MUD can reduce the effort needed for IoT acceptance testing. Finally, we show how operators can dynamically identify IoT devices using known MUD profiles and monitor their behavioral changes on their network.Comment: 17 pages, 17 figures. arXiv admin note: text overlap with arXiv:1804.0435

Data-Flow Modeling: A Survey of Issues and Approaches

This paper presents a survey of previous research on modeling the data flow perspective of business processes. When it comes to modeling and analyzing business process models the current research focuses on control flow modeling (i.e. the activities of the process) and very little attention is paid to the data-flow perspective. But data is essential in a process. In order to execute a workflow, the tasks need data. Without data or without data available on time, the control flow cannot be executed. For some time, various researchers tried to investigate the data flow perspective of process models or to combine the control and data flow in one model. This paper surveys those approaches. We conclude that there is no model showing a clear data flow perspective focusing on how data changes during a process execution. The literature offers some similar approaches ranging from data modeling using elements from relational database domain, going through process model verification and ending with elements related to Web Services

Clear as MUD: Generating, Validating and Applying IoT Behaviorial Profiles (Technical Report)

IoT devices are increasingly being implicated in cyber-attacks, driving community concern about the risks they pose to critical infrastructure, corporations, and citizens. In order to reduce this risk, the IETF is pushing IoT vendors to develop formal specifications of the intended purpose of their IoT devices, in the form of a Manufacturer Usage Description (MUD), so that their network behavior in any operating environment can be locked down and verified rigorously. This paper aims to assist IoT manufacturers in developing and verifying MUD profiles, while also helping adopters of these devices to ensure they are compatible with their organizational policies. Our first contribution is to develop a tool that takes the traffic trace of an arbitrary IoT device as input and automatically generates a MUD profile for it. We contribute our tool as open source, apply it to 28 consumer IoT devices, and highlight insights and challenges encountered in the process. Our second contribution is to apply a formal semantic framework that not only validates a given MUD profile for consistency, but also checks its compatibility with a given organizational policy. Finally, we apply our framework to representative organizations and selected devices, to demonstrate how MUD can reduce the effort needed for IoT acceptance testing

Decision-enabled dynamic process management for networked enterprises

In todays networked economy face numerous information management challenges, both from a process management perspective as well as a decision support perspective. While there have been significant relevant advances in the areas of business process management as well as decision sciences, several open research issues exist. In this paper, we highlight the following key challenges. First, current process modeling and management techniques lack in providing a seamless integration of decision models and tools in existing business processes, which is critical to achieve organizational objectives. Second, given the dynamic nature of business processes in networked enterprises, process management approaches that enable organizations to react to business process changes in an agile manner are required. Third, current state-of-the-art decision model management techniques are not particularly amenable to distributed settings in networked enterprises, which limits the sharing and reuse of models in different contexts, including their utility within managing business processes. In this paper, we present a framework for decision-enabled dynamic process management that addresses these challenges. The framework builds on computational formalisms, including the structured modeling paradigm for representing decision models, and hierarchical task networks from the artificial intelligence (AI) planning area for process modeling. Within the framework, interleaved process planning (modeling), execution and monitoring for dynamic process management throughout the process lifecycle is proposed. A service-oriented architecture combined with advances from the semantic Web field for model management support within business processes is proposed

Mining Product Data Models: A Case Study

This paper presents two case studies used to prove the validity of some data-flow mining algorithms. We proposed the data-flow mining algorithms because most part of mining algorithms focuses on the control-flow perspective. First case study uses event logs generated by an ERP system (Navision) after we set several trackers on the data elements needed in the process analyzed; while the second case study uses the event logs generated by YAWL system. We offered a general solution of data-flow model extraction from different data sources. In order to apply the data-flow mining algorithms the event logs must comply a certain format (using InputOutput extension). But to respect this format, a set of conversion tools is needed. We depicted the conversion tools used and how we got the data-flow models. Moreover, the data-flow model is compared to the control-flow model

On semantic annotation of decision models

The growth of service sector in recent years has led to renewed research interests in the design and management of service systems. Decision support systems (DSS) play an important role in supporting this endeavor, through management of organizational resources such as models and data, thus forming the “back stage” of service systems. In this article, we identify the requirements for semantically annotating decision models and propose a model representation scheme, termed Semantically Annotated Structure Modeling Markup Language (SA-SMML) that extends Structure Modeling Markup Language (SMML) by incorporating mechanisms for linking semantic models such as ontologies that represent problem domain knowledge concepts. This model representation format is also amenable to a scalable Service-Oriented Architecture (SOA) for managing models in distributed environments. The proposed model representation technique leverages recent advances in the areas of semantic web, and semantic web services. Along with design considerations, we demonstrate the utility of this representation format with an illustrative usage scenarios with a particular emphasis on model discovery and composition in a distributed environment

A Novel Graph-Based Modelling Approach for Reducing Complexity in Model-Based Systems Engineering Environment

Field of systems engineering (SE) is developing rapidly and becoming more complex, where multiple issues arise such as overcomplexity, lack of communication or understanding of the design process on different stages of its lifecycle. Model-based systems engineering (MBSE) has been introduced to overcome the communication issues and reduce systems complexity. A novel approach for modelling interactions is proposed to enhance the existing MBSE methodologies and further address the identified challenges. The approach is based on graph theory, where pre-defined rules and relationships are substituted and reorganised dynamically with graphical constructs. A framework for reducing complexity and improving logic modelling in MBSE with metagraph object-oriented approach is presented. This framework is tested in use cases from literature, where the model-based systems approach is applied to design an automobile system to match the acceleration requirements, and to improve a CubeSat nanosatellite communication subsystem. Through the use case scenarios, it has been proven that the methodology framework meets all the identified functional and design requirements and achieves the aim of the research. This work may be viewed as a step forward towards more consistent and automatic modelling of interactions among subsystems and components in MBSE. Automation techniques have multiple applications in systems engineering field as engineers always aim to produce higher quality and cost-effective products in less time and that is achieved by integrating knowledge on every stage of a development lifecycle. In addition to those advantages for SE field, the research provides basis for potential research proposals for future work in various engineering fields such as knowledge based engineering or virtual engineering