IoT-DDL—Device Description Language for the “T” in IoT

We argue that the success of the Internet of Things (IoT) vision will greatly depend on how its main ingredient—the “thing”—is architected and prepared to engage. The IoT’s fragmented and wide-varying nature introduces the need for additional effort to homogenize these things so they may blend together with the surrounding space to create opportunities for powerful and unprecedented IoT applications. We introduce the IoT Device Description Language (IoT-DDL), a machine- and human-readable descriptive language for things, seeking to achieve such integration and homogenization. IoT-DDL explicitly tools things to self-discover and securely share their own capabilities, entities, and services, including the various cloudbased accessories that may be attached to them. We also present the Atlas thing architecture—a lightweight architecture for things that fully exploits IoT-DDL and its specifications. Our architecture provides new OS layers, services, and capabilities we believe a thing must have in order to be prepared to engage in IoT scenarios and applications. The architecture and IoT-DDL enable things to generate their offered services and self-formulate APIs for such services, on the fly, at power-on or whenever a thing description changes. The architecture takes advantage of widely used device management, micro-services, security, and communication standards and protocols. We present details of IoT-DDL and corresponding parts of the thing architecture. We demonstrate some features of IoT-DDL and the architecture through proof-of-concept implementations. Finally, we present a benchmarking study to measure and assess time performance and energy consumption characteristics of our architecture and IoT-DDL on real hardware platforms

IoTility:Architectural Requirements for Enabling Health IoT Ecosystems

The increasing ubiquity of the Internet of Things (IoT) has the potential to drastically alter the way healthcare systems are utilized at home or in a care environment. Smart things offer new ways to assist in general patient wellness, such as promoting an active and healthy lifestyle and simplifying treatment management. We believe smart health things bring new requirements not typically addressed in traditional IoT systems, and that an architecture targeting these devices must address such requirements to fully utilize their potential and safe usage. We believe such an architecture will help improve adoption and efficacy, closing gaps between the variety of emerging health IoT systems. In this paper, we present a number of requirements we consider integral to the continued expansion of the digital health IoT ecosystem (Health IoT). We consider the current landscape of IoT in relation to these requirements and present solutions that address two pressing requirements: 1) democratizing mobile health apps (giving users control and ownership over their app and data), and 2) making mobile apps act and behave like any other thing in an IoT. We present an implementation and evaluation of these Health IoT requirements to show how health-specific solutions can drive and influence the design of more generalized IoT architectures

Service-Relationship Programming Framework for the Social IoT

We argue that for a true realization of innovative programming opportunities for smart spaces, the developers should be equipped with informative tools that assist them in building domain-related applications. Such tools should utilize the services offered by the space's smart things and consider the different relationships that may tie these services opportunistically to build applications. In this paper, we utilize our Inter-thing relationships programming framework to present a distributed programming ecosystem. The framework broadens the restricted set of thing-level relationships of the evolving social IoT paradigm with a set of service-level relationships. Such relationships provide guidance into how services belonging to different things can be combined to build meaningful applications. We also present a uniform way of describing the thing services and the service-level relationships along with new capabilities for the things to dynamically generate their own services, formulate the corresponding programmable interfaces (APIs) and create an ad-hoc network of socially related smart things at runtime. We then present the semantic rules that guide the establishment of IoT applications and finally demonstrate the features of the framework through a proof-of-concept application

The Importance of Being Thing:Or the Trivial Role of Powering Serious IoT Scenarios

In this article, we call for a "Walk Before You Run" adjustment in the Internet-of-Things (IoT) research and development exercise. Without first settling the quest for what thing is or could be or do, we run the risk of presumptuous visions, or hypes, that can only fail the realities and limits of what is actually possible, leading to customers and consumers confusion as well as market hesitations. Specifically, without a carefully-designed Thing architecture in place, it will be very difficult to find the “magic” we are so addicted and accustomed to – programming! Programming the IoT, as we once programmed the mainframe, the workstation, the PC and the mobile devices, is the natural way to realize a fancy IoT scenario or an application. Without Thing architectures and their enablement of new programming models for IoT – we will continue to only envision fancy scenarios but unable to unleash the IoT full potential. This article raises these concerns and provides a view into the future by first looking back into our short history of pervasive computing. The article focuses on the domain of “Personal” IoT and will address key new requirements for such Thing architecture. Also, practicing what we preach, we present our ongoing efforts on the Atlas Thing Architecture showing how it supports a variety of thing notions, and how it enables novel models for programmability

Protecting Systems From Exploits Using Language-Theoretic Security

Any computer program processing input from the user or network must validate the input. Input-handling vulnerabilities occur in programs when the software component responsible for filtering malicious input---the parser---does not perform validation adequately. Consequently, parsers are among the most targeted components since they defend the rest of the program from malicious input. This thesis adopts the Language-Theoretic Security (LangSec) principle to understand what tools and research are needed to prevent exploits that target parsers. LangSec proposes specifying the syntactic structure of the input format as a formal grammar. We then build a recognizer for this formal grammar to validate any input before the rest of the program acts on it. To ensure that these recognizers represent the data format, programmers often rely on parser generators or parser combinators tools to build the parsers. This thesis propels several sub-fields in LangSec by proposing new techniques to find bugs in implementations, novel categorizations of vulnerabilities, and new parsing algorithms and tools to handle practical data formats. To this end, this thesis comprises five parts that tackle various tenets of LangSec. First, I categorize various input-handling vulnerabilities and exploits using two frameworks. First, I use the mismorphisms framework to reason about vulnerabilities. This framework helps us reason about the root causes leading to various vulnerabilities. Next, we built a categorization framework using various LangSec anti-patterns, such as parser differentials and insufficient input validation. Finally, we built a catalog of more than 30 popular vulnerabilities to demonstrate the categorization frameworks. Second, I built parsers for various Internet of Things and power grid network protocols and the iccMAX file format using parser combinator libraries. The parsers I built for power grid protocols were deployed and tested on power grid substation networks as an intrusion detection tool. The parser I built for the iccMAX file format led to several corrections and modifications to the iccMAX specifications and reference implementations. Third, I present SPARTA, a novel tool I built that generates Rust code that type checks Portable Data Format (PDF) files. The type checker I helped build strictly enforces the constraints in the PDF specification to find deviations. Our checker has contributed to at least four significant clarifications and corrections to the PDF 2.0 specification and various open-source PDF tools. In addition to our checker, we also built a practical tool, PDFFixer, to dynamically patch type errors in PDF files. Fourth, I present ParseSmith, a tool to build verified parsers for real-world data formats. Most parsing tools available for data formats are insufficient to handle practical formats or have not been verified for their correctness. I built a verified parsing tool in Dafny that builds on ideas from attribute grammars, data-dependent grammars, and parsing expression grammars to tackle various constructs commonly seen in network formats. I prove that our parsers run in linear time and always terminate for well-formed grammars. Finally, I provide the earliest systematic comparison of various data description languages (DDLs) and their parser generation tools. DDLs are used to describe and parse commonly used data formats, such as image formats. Next, I conducted an expert elicitation qualitative study to derive various metrics that I use to compare the DDLs. I also systematically compare these DDLs based on sample data descriptions available with the DDLs---checking for correctness and resilience

IoT requirements and architecture for personal health

Personal health devices and wearables have the potential to drastically change the current landscape of wellness and care delivery. As these devices become commonplace, more and more patients are gaining access to new forms of simplified health monitoring and data collection, empowering them to engage in their own health and well-being in unprecedented ways. Cheap and easy-to-use health IoT devices are leading the transformation towards a continuum-of-care health system—focused on detection and prevention—where health issues can be caught before hospital care or professional intervention is needed. However, this vision is set to outpace the expectations and capabilities of today’s connected health devices, challenging existing ecosystems with unique requirements on functionality, connectivity, and usability. This thesis presents a set of health IoT requirements that are especially relevant to the design of a connected device’s low-level software features: its thing architecture. These requirements represent shared concerns in health-related IoT scenarios that can be solved with the features and capabilities of smart things. The thesis presents an architectural design and implementation of concrete features influenced by some of these requirements—leading to the Atlas Health IoT Architecture—which explores the role of safe and meaningful interactions between devices and users, referred to as IoTility. The thesis also considers the IoTility of smartphone applications in health scenarios, called Mobile Apps As Things (MAAT), resulting in a programming enabler that more closely integrates app features with those of physical thing devices. Alongside these implementations, this thesis presents a set of experimental evaluations investigating the feasibility of both MAAT and the architectural requirements as a whole

The Monkey, the Ant, and the Elephant:Addressing Safety in Smart Spaces

Smart spaces deliver digital services to optimize space use and enhance user experience. The impact of ill-programmed applications in such spaces goes beyond loss of data or a computer crash; there is the potential risk of physical harm to the space and its users. Ensuring safety in this type of cyberphysical system is critically important

Interoperable communication framework for bridging RESTful and topic-based communication in IoT

The promise of the Internet of Things (IoT) and the many visions of unprecedented and transforming IoT applications are challenged by the realities of a highly fragmented ecosystem of devices, standards and industries. Systems research in IoT is shifting priorities to explore explicit “thing architectures” that promote and enable the friction-free interactions of things despite such fragmentations. In this paper, we focus on overcoming light-weight communication protocol fragmentation. We introduce the Atlas IoT communication framework which enables interactions among things that speak similar or different communication protocols. The framework tools up Atlas things with protocol translator “attachments” that could be either hosted on board the Atlas thing platform, or in the cloud. The translator enables the seamless communication between heterogeneous things through a set of well-defined interfaces. The proposed framework supports seamless communication among the widely adopted Constrained Application Protocol (CoAP), Representational State Transfer (REST) over Hypertext Transfer protocol HTTP, and the Message Queue Telemetry Transport protocol (MQTT). Our framework is carefully designed to facilitate interoperability among heterogeneously communicating things without taxing the performance of things that are homogenously communicating. The framework itself utilizes the topic concept and uses a meta-topic hierarchy to map out and guide the translations. We present the details of the Atlas IoT communication framework and give a detailed benchmarking study to measure the energy consumption and code footprint characteristics of the different aspects of the framework on real hardware platforms. In addition to basic characterizations, we compare our framework to the Eclipse Ponte framework and show how our framework is advantageous in energy consumption and how it is unique in that it does not tangibly penalize the homogeneous communication case

Leveraging Application Development for the Internet of Mobile Things

So far, most of research and development for the Internet of Things has been focused at systems where the smart objects, WPAN beacons, sensors, and actuators are mainly stationary and associated with a fixed location (such as appliances in a home or office, an energy meter for a building), and are not capable of handling unrestricted/arbitrary forms of mobility. However, our current lifestyle and economy are increasingly mobile, as people, vehicles, and goods move independently in public and private areas (e.g., automated logistics, retail). Therefore, we are witnessing an increasing need to support Machine to Machine (M2M) communication, data collection, and processing and actuation control for mobile smart things, establishing what is called the Internet of Mobile Things (IoMT). Examples of mobile smart things that fit in the definition of IoMT include Unmanned Aerial Vehicles (UAVs), all sorts of human-crewed vehicles (e.g., cars, buses), and even people with wearable devices such as smart watches or fitness and health monitoring devices. Among these mobile IoT applications, there are several that only require occasional data probes from a mobile sensor, or need to control a smart device only in some specific conditions, or context, such as only when any user is in the ambient. While IoT systems still lack some general programming concepts and abstractions, this is even more so for IoMT. This paper discusses the definition and implementation of suitable programming concepts for mobile smart things - given several examples and scenarios of mobility-specific sensoring and actuation control, both regarding smart things individually, or in terms of collective smart things behaviors. We then show a proposal of programming constructs and language, and show how we will implement an IoMT application programming model, namely OBSACT, on the top of our current middleware ContextNet

Delivering IoT Services in Smart Cities and Environmental Monitoring through Collective Awareness, Mobile Crowdsensing and Open Data

The Internet of Things (IoT) is the paradigm that allows us to interact with the real world by means of networking-enabled devices and convert physical phenomena into valuable digital knowledge. Such a rapidly evolving field leveraged the explosion of a number of technologies, standards and platforms. Consequently, different IoT ecosystems behave as closed islands and do not interoperate with each other, thus the potential of the number of connected objects in the world is far from being totally unleashed. Typically, research efforts in tackling such challenge tend to propose a new IoT platforms or standards, however, such solutions find obstacles in keeping up the pace at which the field is evolving. Our work is different, in that it originates from the following observation: in use cases that depend on common phenomena such as Smart Cities or environmental monitoring a lot of useful data for applications is already in place somewhere or devices capable of collecting such data are already deployed. For such scenarios, we propose and study the use of Collective Awareness Paradigms (CAP), which offload data collection to a crowd of participants. We bring three main contributions: we study the feasibility of using Open Data coming from heterogeneous sources, focusing particularly on crowdsourced and user-contributed data that has the drawback of being incomplete and we then propose a State-of-the-Art algorith that automatically classifies raw crowdsourced sensor data; we design a data collection framework that uses Mobile Crowdsensing (MCS) and puts the participants and the stakeholders in a coordinated interaction together with a distributed data collection algorithm that prevents the users from collecting too much or too less data; (3) we design a Service Oriented Architecture that constitutes a unique interface to the raw data collected through CAPs through their aggregation into ad-hoc services, moreover, we provide a prototype implementation