1,456 research outputs found

    Cyber-Physical Systems: a multi-criteria assessment for Internet-of-Things (IoT) systems

    Get PDF
    This research work was partially supported by funds provided by the European Commission in the scope of FoF/H2020-636909 C2NET, FoF/H2020-723710 vf-OS and ICT/H2020-825631 ZDMP.This article addresses a multi-criteria decision problem regarding the more suitable device (system) to perform a task for cyber-physical systems. New embedded systems provided everyday makes engineers’ decision very difficult. Components are proposed to formally describe solutions, criteria, constraints and priorities, taking into account users’ specific aspects. To materialise all formal descriptions, a model-driven approach is followed, allowing the design of enablers for interoperability with standards. It is enabled the use of different software languages and decision methods. Proposed framework enables a better Internet-of-Things system selection, and therefore stakeholders can perform a more suitable design of their cyber-physical enterprise systems.authorsversioninpres

    Optimising a defence-aware threat modelling diagram incorporating a defence-in-depth approach for the internet-of-things

    Get PDF
    Modern technology has proliferated into just about every aspect of life while improving the quality of life. For instance, IoT technology has significantly improved over traditional systems, providing easy life, time-saving, financial saving, and security aspects. However, security weaknesses associated with IoT technology can pose a significant threat to the human factor. For instance, smart doorbells can make household life easier, save time, save money, and provide surveillance security. Nevertheless, the security weaknesses in smart doorbells could be exposed to a criminal and pose a danger to the life and money of the household. In addition, IoT technology is constantly advancing and expanding and rapidly becoming ubiquitous in modern society. In that case, increased usage and technological advancement create security weaknesses that attract cybercriminals looking to satisfy their agendas. Perfect security solutions do not exist in the real world because modern systems are continuously improving, and intruders frequently attempt various techniques to discover security flaws and bypass existing security control in modern systems. In that case, threat modelling is a great starting point in understanding the threat landscape of the system and its weaknesses. Therefore, the threat modelling field in computer science was significantly improved by implementing various frameworks to identify threats and address them to mitigate them. However, most mature threat modelling frameworks are implemented for traditional IT systems that only consider software-related weaknesses and do not address the physical attributes. This approach may not be practical for IoT technology because it inherits software and physical security weaknesses. However, scholars employed mature threat modelling frameworks such as STRIDE on IoT technology because mature frameworks still include security concepts that are significant for modern technology. Therefore, mature frameworks cannot be ignored but are not efficient in addressing the threat associated with modern systems. As a solution, this research study aims to extract the significant security concept of matured threat modelling frameworks and utilise them to implement robust IoT threat modelling frameworks. This study selected fifteen threat modelling frameworks from among researchers and the defence-in-depth security concept to extract threat modelling techniques. Subsequently, this research study conducted three independent reviews to discover valuable threat modelling concepts and their usefulness for IoT technology. The first study deduced that integration of threat modelling approach software-centric, asset-centric, attacker-centric and data-centric with defence-in-depth is valuable and delivers distinct benefits. As a result, PASTA and TRIKE demonstrated four threat modelling approaches based on a classification scheme. The second study deduced the features of a threat modelling framework that achieves a high satisfaction level toward defence-in-depth security architecture. Under evaluation criteria, the PASTA framework scored the highest satisfaction value. Finally, the third study deduced IoT systematic threat modelling techniques based on recent research studies. As a result, the STRIDE framework was identified as the most popular framework, and other frameworks demonstrated effective capabilities valuable to IoT technology. Respectively, this study introduced Defence-aware Threat Modelling (DATM), an IoT threat modelling framework based on the findings of threat modelling and defence-in-depth security concepts. The steps involved with the DATM framework are further described with figures for better understatement. Subsequently, a smart doorbell case study is considered for threat modelling using the DATM framework for validation. Furthermore, the outcome of the case study was further assessed with the findings of three research studies and validated the DATM framework. Moreover, the outcome of this thesis is helpful for researchers who want to conduct threat modelling in IoT environments and design a novel threat modelling framework suitable for IoT technology

    Securing Node-RED Applications

    Get PDF
    Trigger-Action Platforms (TAPs) play a vital role in fulfilling the promise of the Internet of Things (IoT) by seamlessly connecting otherwise unconnected devices and services. While enabling novel and exciting applications across a variety of services, security and privacy issues must be taken into consideration because TAPs essentially act as persons-in-the-middle between trigger and action services. The issue is further aggravated since the triggers and actions on TAPs are mostly provided by third parties extending the trust beyond the platform providers. Node-RED, an open-source JavaScript-driven TAP, provides the opportunity for users to effortlessly employ and link nodes via a graphical user interface. Being built upon Node.js, third-party developers can extend the platform’s functionality through publishing nodes and their wirings, known as flows. This paper proposes an essential model for Node-RED, suitable to reason about nodes and flows, be they benign, vulnerable, or malicious. We expand on attacks discovered in recent work, ranging from exfiltrating data from unsuspecting users to taking over the entire platform by misusing sensitive APIs within nodes. We present a formalization of a runtime monitoring framework for a core language that soundly and transparently enforces fine-grained allowlist policies at module-, API-, value-, and context-level. We introduce the monitoring framework for Node-RED that isolates nodes while permitting them to communicate via well-defined API calls complying with the policy specified for each node

    Microservice Transition and its Granularity Problem: A Systematic Mapping Study

    Get PDF
    Microservices have gained wide recognition and acceptance in software industries as an emerging architectural style for autonomic, scalable, and more reliable computing. The transition to microservices has been highly motivated by the need for better alignment of technical design decisions with improving value potentials of architectures. Despite microservices' popularity, research still lacks disciplined understanding of transition and consensus on the principles and activities underlying "micro-ing" architectures. In this paper, we report on a systematic mapping study that consolidates various views, approaches and activities that commonly assist in the transition to microservices. The study aims to provide a better understanding of the transition; it also contributes a working definition of the transition and technical activities underlying it. We term the transition and technical activities leading to microservice architectures as microservitization. We then shed light on a fundamental problem of microservitization: microservice granularity and reasoning about its adaptation as first-class entities. This study reviews state-of-the-art and -practice related to reasoning about microservice granularity; it reviews modelling approaches, aspects considered, guidelines and processes used to reason about microservice granularity. This study identifies opportunities for future research and development related to reasoning about microservice granularity.Comment: 36 pages including references, 6 figures, and 3 table

    Software Development Support for Shared Sensing Infrastructures: A Generative and Dynamic Approach

    Get PDF
    International audienceSensors networks are the backbone of large sensing infras-tructures such as Smart Cities or Smart Buildings. Classical approaches suffer from several limitations hampering developers' work (e.g., lack of sensor sharing, lack of dynamicity in data collection policies, need to dig inside big data sets, absence of reuse between implementation platforms). This paper presents a tooled approach that tackles these issues. It couples (i) an abstract model of developers' requirements in a given infrastructure to (ii) timed automata and code generation techniques, to support the efficient deployment of reusable data collection policies on different infrastructures. The approach has been validated on several real-world scenarios and is currently experimented on an academic campus

    A Multi-Criteria Framework to Assist on the Design of Internet-of-Things Systems

    Get PDF
    The Internet-of-Things (IoT), considered as Internet first real evolution, has become immensely important to society due to revolutionary business models with the potential to radically improve Human life. Manufacturers are engaged in developing embedded systems (IoT Systems) for different purposes to address this new variety of application domains and services. With the capability to agilely respond to a very dynamic market offer of IoT Systems, the design phase of IoT ecosystems can be enhanced. However, select the more suitable IoT System for a certain task is currently based on stakeholder’s knowledge, normally from lived experience or intuition, although it does not mean that a proper decision is being made. Furthermore, the lack of methods to formally describe IoT Systems characteristics, capable of being automatically used by methods is also an issue, reinforced by the growth of available information directly connected to Internet spread. Contributing to improve IoT Ecosystems design phase, this PhD work proposes a framework capable of fully characterise an IoT System and assist stakeholder’s on the decision of which is the proper IoT System for a specific task. This enables decision-makers to perform a better reasoning and more aware analysis of diverse and very often contradicting criteria. It is also intended to provide methods to integrate energy consumptionsimulation tools and address interoperability with standards, methods or systems within the IoT scope. This is addressed using a model-driven based framework supporting a high openness level to use different software languages and decision methods, but also for interoperability with other systems, tools and methods
    • 

    corecore