A Roadmap Towards Resilient Internet of Things for Cyber-Physical Systems

The Internet of Things (IoT) is a ubiquitous system connecting many different devices - the things - which can be accessed from the distance. The cyber-physical systems (CPS) monitor and control the things from the distance. As a result, the concepts of dependability and security get deeply intertwined. The increasing level of dynamicity, heterogeneity, and complexity adds to the system's vulnerability, and challenges its ability to react to faults. This paper summarizes state-of-the-art of existing work on anomaly detection, fault-tolerance and self-healing, and adds a number of other methods applicable to achieve resilience in an IoT. We particularly focus on non-intrusive methods ensuring data integrity in the network. Furthermore, this paper presents the main challenges in building a resilient IoT for CPS which is crucial in the era of smart CPS with enhanced connectivity (an excellent example of such a system is connected autonomous vehicles). It further summarizes our solutions, work-in-progress and future work to this topic to enable "Trustworthy IoT for CPS". Finally, this framework is illustrated on a selected use case: A smart sensor infrastructure in the transport domain.Comment: preprint (2018-10-29

Internet of Things: Current Challenges in the Quality Assurance and Testing Methods

Contemporary development of the Internet of Things (IoT) technology brings a number of challenges in the Quality Assurance area. Current issues related to security, user's privacy, the reliability of the service, interoperability, and integration are discussed. All these create a demand for specific Quality Assurance methodology for the IoT solutions. In the paper, we present the state of the art of this domain and we discuss particular areas of system testing discipline, which is not covered by related work sufficiently so far. This analysis is supported by results of a recent survey we performed among ten IoT solutions providers, covering various areas of IoT applications.Comment: 10 pages Internet of Things (IoT

Towards Logical Architecture and Formal Analysis of Dependencies Between Services

This paper presents a formal approach to modelling and analysis of data and control flow dependencies between services within remotely deployed distributed systems of services. Our work aims at elaborating for a concrete system, which parts of the system (or system model) are necessary to check a given property. The approach allows services decomposition oriented towards efficient checking of system properties as well as analysis of dependencies within a system.Comment: Preprint, The 2014 Asia-Pacific Services Computing Conference (APSCC 2014

Certifying Services in Cloud: The Case for a Hybrid, Incremental and Multi-layer Approach

The use of clouds raises significant security concerns for the services they provide. Addressing these concerns requires novel models of cloud service certification based on multiple forms of evidence including testing and monitoring data, and trusted computing proofs. CUMULUS is a novel infrastructure for realising such certification models

Assessing Excel VBA Suitability for Monte Carlo Simulation

Monte Carlo (MC) simulation includes a wide range of stochastic techniques used to quantitatively evaluate the behavior of complex systems or processes. Microsoft Excel spreadsheets with Visual Basic for Applications (VBA) software is, arguably, the most commonly employed general purpose tool for MC simulation. Despite the popularity of the Excel in many industries and educational institutions, it has been repeatedly criticized for its flaws and often described as questionable, if not completely unsuitable, for statistical problems. The purpose of this study is to assess suitability of the Excel (specifically its 2010 and 2013 versions) with VBA programming as a tool for MC simulation. The results of the study indicate that Microsoft Excel (versions 2010 and 2013) is a strong Monte Carlo simulation application offering a solid framework of core simulation components including spreadsheets for data input and output, VBA development environment and summary statistics functions. This framework should be complemented with an external high-quality pseudo-random number generator added as a VBA module. A large and diverse category of Excel incidental simulation components that includes statistical distributions, linear and non-linear regression and other statistical, engineering and business functions require execution of due diligence to determine their suitability for a specific MC project

Big Data Analytics for QoS Prediction Through Probabilistic Model Checking

As competitiveness increases, being able to guaranting QoS of delivered services is key for business success. It is thus of paramount importance the ability to continuously monitor the workflow providing a service and to timely recognize breaches in the agreed QoS level. The ideal condition would be the possibility to anticipate, thus predict, a breach and operate to avoid it, or at least to mitigate its effects. In this paper we propose a model checking based approach to predict QoS of a formally described process. The continous model checking is enabled by the usage of a parametrized model of the monitored system, where the actual value of parameters is continuously evaluated and updated by means of big data tools. The paper also describes a prototype implementation of the approach and shows its usage in a case study.Comment: EDCC-2014, BIG4CIP-2014, Big Data Analytics, QoS Prediction, Model Checking, SLA compliance monitorin

Secure OTA Software Updates in Connected Vehicles: A survey

This survey highlights and discusses remote OTA software updates in the automotive sector, mainly from the security perspective. In particular, the major objective of this survey is to provide a comprehensive and structured outline of various research directions and approaches in OTA update technologies in vehicles. At first, we discuss the connected car technology and then integrate the relationship of remote OTA update features with the connected car. We also present the benefits of remote OTA updates for cars along with relevant statistics. Then, we emphasize on the security challenges and requirements of remote OTA updates along with use cases and standard road safety regulations followed in different countries. We also provide for a classification of the existing works in literature that deal with implementing different secured techniques for remote OTA updates in vehicles. We further provide an analytical discussion on the present scenario of remote OTA updates with respect to care manufacturers. Finally, we identify possible future research directions of remote OTA updates for automobiles, particularly in the area of security.Comment: 18 page

A Preliminary Study On Emerging Cloud Computing Security Challenges

Cloud computing is the internet based provisioning of the computing resources, software, and information on demand. Cloud Computing is referred to as one of most recent emerging paradigms of computing utilities. Since Cloud computing is the dominant infrastructure of the shared services over the internet, it is important to be aware of the security risk and the challenges associated with this emerging computing paradigm. This survey provides a brief introduction to the cloud computing, its major characteristics, and service models. It also explores cloud security threats, lists a few security solutions , and proposes a promsing research direction to deal with the evolving security challenges in Cloud computing

A Survey on Software-Defined VANETs: Benefits, Challenges, and Future Directions

The evolving of Fifth Generation (5G) networks isbecoming more readily available as a major driver of the growthof new applications and business models. Vehicular Ad hocNetworks (VANETs) and Software Defined Networking (SDN)represent the key enablers of 5G technology with the developmentof next generation intelligent vehicular networks and applica-tions. In recent years, researchers have focused on the integrationof SDN and VANET, and look at different topics related to thearchitecture, the benefits of software-defined VANET servicesand the new functionalities to adapt them. However, securityand robustness of the complete architecture is still questionableand have been largely negleted. Moreover, the deployment andintegration of novel entities and several architectural componentsdrive new security threats and vulnerabilities.In this paper, first we survey the state-of-the-art SDN basedVehicular ad-hoc Network (SDVN) architectures for their net-working infrastructure design, functionalities, benefits, and chal-lenges. Then we discuss these SDVN architectures against majorsecurity threats that violate the key security services such asavailability, confidentiality, authentication, and data integrity.We also propose different countermeasures to these threats.Finally, we discuss the lessons learned with the directions offuture research work towards provisioning stringent security andprivacy solutions in future SDVN architectures. To the best of ourknowledge, this is the first comprehensive work that presents sucha survey and analysis on SDVNs in the era of future generationnetworks (e.g., 5G, and Information centric networking) andapplications (e.g., intelligent transportation system, and IoT-enabled advertising in VANETs).Comment: 17 pages, 2 figure

FactSheets: Increasing Trust in AI Services through Supplier's Declarations of Conformity

Accuracy is an important concern for suppliers of artificial intelligence (AI) services, but considerations beyond accuracy, such as safety (which includes fairness and explainability), security, and provenance, are also critical elements to engender consumers' trust in a service. Many industries use transparent, standardized, but often not legally required documents called supplier's declarations of conformity (SDoCs) to describe the lineage of a product along with the safety and performance testing it has undergone. SDoCs may be considered multi-dimensional fact sheets that capture and quantify various aspects of the product and its development to make it worthy of consumers' trust. Inspired by this practice, we propose FactSheets to help increase trust in AI services. We envision such documents to contain purpose, performance, safety, security, and provenance information to be completed by AI service providers for examination by consumers. We suggest a comprehensive set of declaration items tailored to AI and provide examples for two fictitious AI services in the appendix of the paper.Comment: 31 page