Modeling 4.0: Conceptual Modeling in a Digital Era

Digitization provides entirely new affordances for our economies and societies. This leads to previously unseen design opportunities and complexities as systems and their boundaries are re-defined, creating a demand for appropriate methods to support design that caters to these new demands. Conceptual modeling is an established means for this, but it needs to be advanced to adequately depict the requirements of digitization. However, unlike the actual deployment of digital technologies in various industries, the domain of conceptual modeling itself has not yet undergone a comprehensive renewal in light of digitization. Therefore, inspired by the notion of Industry 4.0, an overarching concept for digital manufacturing, in this commentary paper, we propose Modeling 4.0 as the notion for conceptual modeling mechanisms in a digital environment. In total, 12 mechanisms of conceptual modeling are distinguished, providing ample guidance for academics and professionals interested in ensuring that modeling techniques and methods continue to fit contemporary and emerging requirements

Security and trust in cloud computing and IoT through applying obfuscation, diversification, and trusted computing technologies

Cloud computing and Internet of Things (IoT) are very widely spread and commonly used technologies nowadays. The advanced services offered by cloud computing have made it a highly demanded technology. Enterprises and businesses are more and more relying on the cloud to deliver services to their customers. The prevalent use of cloud means that more data is stored outside the organization’s premises, which raises concerns about the security and privacy of the stored and processed data. This highlights the significance of effective security practices to secure the cloud infrastructure. The number of IoT devices is growing rapidly and the technology is being employed in a wide range of sectors including smart healthcare, industry automation, and smart environments. These devices collect and exchange a great deal of information, some of which may contain critical and personal data of the users of the device. Hence, it is highly significant to protect the collected and shared data over the network; notwithstanding, the studies signify that attacks on these devices are increasing, while a high percentage of IoT devices lack proper security measures to protect the devices, the data, and the privacy of the users. In this dissertation, we study the security of cloud computing and IoT and propose software-based security approaches supported by the hardware-based technologies to provide robust measures for enhancing the security of these environments. To achieve this goal, we use obfuscation and diversification as the potential software security techniques. Code obfuscation protects the software from malicious reverse engineering and diversification mitigates the risk of large-scale exploits. We study trusted computing and Trusted Execution Environments (TEE) as the hardware-based security solutions. Trusted Platform Module (TPM) provides security and trust through a hardware root of trust, and assures the integrity of a platform. We also study Intel SGX which is a TEE solution that guarantees the integrity and confidentiality of the code and data loaded onto its protected container, enclave. More precisely, through obfuscation and diversification of the operating systems and APIs of the IoT devices, we secure them at the application level, and by obfuscation and diversification of the communication protocols, we protect the communication of data between them at the network level. For securing the cloud computing, we employ obfuscation and diversification techniques for securing the cloud computing software at the client-side. For an enhanced level of security, we employ hardware-based security solutions, TPM and SGX. These solutions, in addition to security, ensure layered trust in various layers from hardware to the application. As the result of this PhD research, this dissertation addresses a number of security risks targeting IoT and cloud computing through the delivered publications and presents a brief outlook on the future research directions.Pilvilaskenta ja esineiden internet ovat nykyään hyvin tavallisia ja laajasti sovellettuja tekniikkoja. Pilvilaskennan pitkälle kehittyneet palvelut ovat tehneet siitä hyvin kysytyn teknologian. Yritykset enenevässä määrin nojaavat pilviteknologiaan toteuttaessaan palveluita asiakkailleen. Vallitsevassa pilviteknologian soveltamistilanteessa yritykset ulkoistavat tietojensa käsittelyä yrityksen ulkopuolelle, minkä voidaan nähdä nostavan esiin huolia taltioitavan ja käsiteltävän tiedon turvallisuudesta ja yksityisyydestä. Tämä korostaa tehokkaiden turvallisuusratkaisujen merkitystä osana pilvi-infrastruktuurin turvaamista. Esineiden internet -laitteiden lukumäärä on nopeasti kasvanut. Teknologiana sitä sovelletaan laajasti monilla sektoreilla, kuten älykkäässä terveydenhuollossa, teollisuusautomaatiossa ja älytiloissa. Sellaiset laitteet keräävät ja välittävät suuria määriä informaatiota, joka voi sisältää laitteiden käyttäjien kannalta kriittistä ja yksityistä tietoa. Tästä syystä johtuen on erittäin merkityksellistä suojata verkon yli kerättävää ja jaettavaa tietoa. Monet tutkimukset osoittavat esineiden internet -laitteisiin kohdistuvien tietoturvahyökkäysten määrän olevan nousussa, ja samaan aikaan suuri osuus näistä laitteista ei omaa kunnollisia teknisiä ominaisuuksia itse laitteiden tai niiden käyttäjien yksityisen tiedon suojaamiseksi. Tässä väitöskirjassa tutkitaan pilvilaskennan sekä esineiden internetin tietoturvaa ja esitetään ohjelmistopohjaisia tietoturvalähestymistapoja turvautumalla osittain laitteistopohjaisiin teknologioihin. Esitetyt lähestymistavat tarjoavat vankkoja keinoja tietoturvallisuuden kohentamiseksi näissä konteksteissa. Tämän saavuttamiseksi työssä sovelletaan obfuskaatiota ja diversifiointia potentiaalisiana ohjelmistopohjaisina tietoturvatekniikkoina. Suoritettavan koodin obfuskointi suojaa pahantahtoiselta ohjelmiston takaisinmallinnukselta ja diversifiointi torjuu tietoturva-aukkojen laaja-alaisen hyödyntämisen riskiä. Väitöskirjatyössä tutkitaan luotettua laskentaa ja luotettavan laskennan suoritusalustoja laitteistopohjaisina tietoturvaratkaisuina. TPM (Trusted Platform Module) tarjoaa turvallisuutta ja luottamuksellisuutta rakentuen laitteistopohjaiseen luottamukseen. Pyrkimyksenä on taata suoritusalustan eheys. Työssä tutkitaan myös Intel SGX:ää yhtenä luotettavan suorituksen suoritusalustana, joka takaa suoritettavan koodin ja datan eheyden sekä luottamuksellisuuden pohjautuen suojatun säiliön, saarekkeen, tekniseen toteutukseen. Tarkemmin ilmaistuna työssä turvataan käyttöjärjestelmä- ja sovellusrajapintatasojen obfuskaation ja diversifioinnin kautta esineiden internet -laitteiden ohjelmistokerrosta. Soveltamalla samoja tekniikoita protokollakerrokseen, työssä suojataan laitteiden välistä tiedonvaihtoa verkkotasolla. Pilvilaskennan turvaamiseksi työssä sovelletaan obfuskaatio ja diversifiointitekniikoita asiakaspuolen ohjelmistoratkaisuihin. Vankemman tietoturvallisuuden saavuttamiseksi työssä hyödynnetään laitteistopohjaisia TPM- ja SGX-ratkaisuja. Tietoturvallisuuden lisäksi nämä ratkaisut tarjoavat monikerroksisen luottamuksen rakentuen laitteistotasolta ohjelmistokerrokseen asti. Tämän väitöskirjatutkimustyön tuloksena, osajulkaisuiden kautta, vastataan moniin esineiden internet -laitteisiin ja pilvilaskentaan kohdistuviin tietoturvauhkiin. Työssä esitetään myös näkemyksiä jatkotutkimusaiheista

Identity Management in M2M Networks

Evolving communication technologies stimulate a rapid growth in utilisation of communication-capable devices and therefore amount of transmitted data. This imposes new requirements for automatic device and data management necessary for successful exploitation of new opportunities. Unfortunately, currently developed systems, including Internet of Things and Machine-to-Machine communications, mainly focus on industrial applications that involve fixed users, proprietary environments as well as ad-hoc devices and things, whereas regular users along with possibilities and challenges created by growing sets of personal user equipment remain ignored. This thesis addresses the defined problem by analysing currently developed and utilised communication technologies and identity management systems as well as proposing an advanced identity management system that considers user-related needs and enables user-aware automatic device-to-device communications. Our system is unique compared to other automatic communication systems in that it enables global communication of devices owned or used by different parties and supports dynamic connection and relationship establishment based on data administered in a sophisticated identity management infrastructure. Unlike existing identity management mechanisms, our system extends the notion of an identified and authenticated entity to a combination of both user and device. Furthermore, the system introduces an original Single Device Sign-On feature that simplifies user login procedure when accessing a service with multiple devices. As a consequence, this thesis suggests a new direction for evolution of communication technologies as well as user-targeted Internet-based services and applications

Design and Optimization of Mobile Cloud Computing Systems with Networked Virtual Platforms

A Mobile Cloud Computing (MCC) system is a cloud-based system that is accessed by the users through their own mobile devices. MCC systems are emerging as the product of two technology trends: 1) the migration of personal computing from desktop to mobile devices and 2) the growing integration of large-scale computing environments into cloud systems. Designers are developing a variety of new mobile cloud computing systems. Each of these systems is developed with different goals and under the influence of different design constraints, such as high network latency or limited energy supply. The current MCC systems rely heavily on Computation Offloading, which however incurs new problems such as scalability of the cloud, privacy concerns due to storing personal information on the cloud, and high energy consumption on the cloud data centers. In this dissertation, I address these problems by exploring different options in the distribution of computation across different computing nodes in MCC systems. My thesis is that "the use of design and simulation tools optimized for design space exploration of the MCC systems is the key to optimize the distribution of computation in MCC." For a quantitative analysis of mobile cloud computing systems through design space exploration, I have developed netShip, the first generation of an innovative design and simulation tool, that offers large scalability and heterogeneity support. With this tool system designers and software programmers can efficiently develop, optimize, and validate large-scale, heterogeneous MCC systems. I have enhanced netShip to support the development of ever-evolving MCC applications with a variety of emerging needs including the fast simulation of new devices, e.g., Internet-of-Things devices, and accelerators, e.g., mobile GPUs. Leveraging netShip, I developed three new MCC systems where I applied three variations of a new computation distributing technique, called Reverse Offloading. By more actively leveraging the computational power on mobile devices, the MCC systems can reduce the total execution times, the burden of concentrated computations on the cloud, and the privacy concerns about storing personal information available in the cloud. This approach also creates opportunities for new services by utilizing the information available on the mobile device instead of accessing the cloud. Throughout my research I have enabled the design optimization of mobile applications and cloud-computing platforms. In particular, my design tool for MCC systems becomes a vehicle to optimize not only the performance but also the energy dissipation, an aspect of critical importance for any computing system

Goal-based Workflow Adaptation for Role-based Resources in the Internet of Things

In recent years, the Internet of Things (IoT) has increasingly received attention from the Business Process Management (BPM) community. The integration of sensors and actuators into Process-Aware Information Systems (PAIS) enables the collection of real-time data about physical properties and the direct manipulation of real-world objects. In a broader sense, IoT-aware workflows provide means for context-aware workflow execution involving virtual and physical entities. However, IoT-aware workflow management imposes new requirements on workflow modeling and execution that are outside the scope of current modeling languages and workflow management systems. Things in the IoT may vanish, appear or stay unknown during workflow execution, which renders their allocation as workflow resources infeasible at design time. Besides, capabilities of Things are often intended to be available only in a particular real-world context at runtime, e.g., a service robot inside a smart home should only operate at full speed, if there are no residents in direct proximity. Such contextual restrictions for the dynamic exposure of resource capabilities are not considered by current approaches in IoT resource management that use services for exposing device functionalities. With this work, we aim at providing the modeling and runtime support for defining such restrictions on workflow resources at design time and enabling the dynamic and context-sensitive runtime allocation of Things as workflow resources. To achieve this goal, we propose contributions to the fields of resource management, i.e., resource perspective, and workflow management in the Internet of Things (IoT), divided into the user perspective representing the workflow modeling phase and the workflow perspective representing the runtime resource allocation phase. In the resource perspective, we propose an ontology for the modeling of Things, Roles, capabilities, physical entities, and their context-sensitive interrelations. The concept of Role is used to define non-exclusive subsets of capabilities of Things. A Thing can play a certain Role only under certain contextual restrictions defined by Semantic Web Rule Language (SWRL) rules. At runtime, the existing relations between the individuals of the ontology represent the current state of interactions between the physical and the cyber world. Through the dynamic activation and deactivation of Roles at runtime, the behavior of a Thing can be adapted to the current physical context. In the user perspective, we allow workflow modelers to define the goal of a workflow activity either by using semantic queries or by specifying high-level goals from a Tropos goal model. The goal-based modeling of workflow activities provides the most flexibility regarding the resource allocation as several leaf goals may fulfill the user specified activity goal. Furthermore, the goal model can include additional Quality of Service (QoS) parameters and the positive or negative contribution of goals towards these parameters. The workflow perspective includes the Semantic Access Layer (SAL) middleware to enable the transformation of activity goals into semantic queries as well as their execution on the ontology for role-based Things. The SAL enables the discovery of fitting Things, their allocation as workflow resources, the invocation of referenced IoT services, and the continuous monitoring of the allocated Things as part of the ontology. We show the feasibility and added value of this work in relation to related approaches by evaluation within several application scenarios in a smart home setting. We compare the fulfillment of quantified criteria for IoT-aware workflow management based on requirements extracted from related research. The evaluation shows, that our approach enables an increase in the context-aware modeling of Things as workflow resources, in the query support for workflow resource allocation, and in the modeling support of activities using Things as workflow resources.:1 Introduction 15 1.1 Background 17 1.2 Motivation 17 1.3 Aim and Objective 19 1.3.1 Research Questions and Scope 19 1.3.2 Research Goals 20 1.4 Contribution 20 1.5 Outline 21 2 Background for Workflows in the IoT 23 2.1 Resource Perspective 24 2.1.1 Internet of Things 24 2.1.2 Context and Role Modeling 27 2.2 User Perspective 37 2.2.1 Goal Modeling 38 2.2.2 Tropos Goal Modeling Language 38 2.3 Workflow Perspective 39 2.3.1 Workflow Concepts 39 2.3.2 Workflow Modeling 40 2.3.3 Internet of Things-aware Workflow Management 43 2.4 Summary 44 3 Requirements Analysis and Approach 45 3.1 Requirements 45 3.1.1 IoT Resource Perspective 46 3.1.2 Workflow Resource Perspective 50 3.1.3 Relation to Research Questions 51 3.2 State of the Art Analysis 53 3.2.1 Fulfillment Criteria 54 3.2.2 IoT-aware workflow management 56 3.3 Discussion 65 3.4 Approach 70 3.4.1 Contribution to IoT-aware workflow management 71 3.5 Summary 73 4 Concept for Adaptive Workflow Activities in the IoT 75 4.1 Resource Perspective 75 4.1.1 Role-based Things 75 4.1.2 Semantic Modeling Concepts 79 4.1.3 SWRL Modeling Concepts 81 4.2 User Perspective 81 4.2.1 Semantic Queries in Workflow Activites 81 4.2.2 Goals for Workflow Activites 81 4.2.3 Mapping from Goals to Semantic Queries 82 4.3 Workflow Perspective 83 4.3.1 Workflow metamodel Extensions 83 4.3.2 Middleware for Dynamic Resource Discovery and Allocation 85 4.4 Summary 86 5 Modeling Adaptive Workflow Activities in the IoT 87 5.1 Resource Perspective 87 5.1.1 Role-based Modeling of Context-sensitive Things 87 5.1.2 Ontology Classes 90 5.1.3 Ontology Object properties 93 5.1.4 Ontology Data properties 99 5.1.5 DL-safe SWRL Rules 100 5.2 Discussion of Role Modeling Features 101 5.3 Example Application Scenario Modeling 102 5.3.1 Resource Perspective 102 5.3.2 User Perspective 105 5.3.3 Workflow Perspective 109 5.4 Summary 113 6 Architecture for Adaptive Workflow Activities in the IoT 115 6.1 Overview of the System Architecture 115 6.2 Specification of System Components 117 6.2.1 Resource Perspective 118 6.2.2 User Perspective 118 6.2.3 Workflow Perspective 118 6.3 Summary 123 7 Implementation of Adaptive Workflow Activities in the IoT 125 7.1 Resource Perspective 125 7.2 Workflow Perspective 125 7.2.1 PROtEUS 125 7.2.2 Semantic Access Layer 127 7.3 User Perspective 128 7.4 Summary 128 8 Evaluation 129 8.1 Goal and Evaluation Approach 129 8.1.1 Definition of Test Cases 130 8.2 Scenario Evaluation 134 8.2.1 Ambient Assisted Living Setting 135 8.2.2 Resource Perspective 135 8.2.3 User Perspective 137 8.2.4 Workflow Perspective 138 8.2.5 Execution of Test Cases 139 8.2.6 Discussion of Results 146 8.3 Performance Evaluation 148 8.3.1 Experimental Setup 148 8.3.2 Discussion of Results 151 8.4 Summary 152 9 Discussion 153 9.1 Comparison of Solution to Research Questions 153 9.2 Extendability of the Solutions 155 9.3 Limitations 156 10 Summary and Future Work 157 10.1 Summary of the Thesis 157 10.2 Future Work 159 Appendix 161 Example Semantic Context Model for IoT-Things 171 T-Box of Ontology for Role-based Things in the IoT 178 A-Box for Example Scenario Model 201 A-Box for Extended Example Scenario Model 21

A Reference Architecture and a Software Platform for Engineering Internet of Things Search Engines

The Internet of Things (IoT) is here. Enabled by advances in the wireless networking and the miniaturization of embedded computers, billions of physical things have been connecting to the Internet and offering their ability to sense and react to the real-world phenomena. These abilities form the content of IoT, which enable applications such as smart-city, smartbuilding, assisted living, and supply chain automation. The Internet of Things Search Engines (IoTSE) support human users and software systems to detect and retrieve IoT content for realizing the stated applications. Due to the diversity and sensitivity of IoT content, the literature has suggested that IoTSE will emerge as a large number of small instances, each of which monitors a specific IoT infrastructure and specializes in querying a particular type of IoT content. Various internal activities (i.e., components), as well as the logical and physical arrangement of those activities (i.e., architectural patterns), will overlap between IoTSE instances. The emergence of a large number of IoTSE instances, which possess overlapping operations and architecture, highlights the need for leveraging prior components and architectural patterns in engineering IoTSE instances. However, as an IoTSE reference architecture and a software infrastructure to guide and support such reuse-centric IoTSE engineering have not existed, a majority of IoTSE instances have been engineered from scratch. This thesis aims at proposing the reference architecture and the software infrastructure to support leveraging prior components and architectural patterns in engineering IoTSE instances. The key contributions of this thesis include a reference architecture that describes the constituting components and architectural patterns of an IoTSE instance, and software infrastructure that supports utilizing the reference architecture in developing reusable, composable IoTSE components and engineering IoTSE instances from those components. In order to propose the IoTSE reference architecture, we conducted a systematic and extensive survey of over one decade of IoTSE research and development effort from both an academic and an industrial perspective. We identified commonalities among diverse classes of IoTSE instances and compiled this knowledge into a reference architecture, which defines 18 components, 13 composition patterns, and 6 deployment patterns. We assessed the reference architecture by mapping it onto two IoTSE prototypes that represent the most common types of IoTSE in the literature and possess the more complicated architecture compared to other types. In order to develop the software infrastructure, we first proposed a kernel-based approach to IoTSE engineering, which was inspired by the design of modern operating systems. In this approach, IoTSE instances operate as a collection of independently developed IoTSE components that are plugged into a shared kernel. This kernel provides essential utilities to run IoTSE components and control their interactions to fulfill the functionality of an IoTSE instance. The kernel also provides templates that simplify the development of IoTSE components that are interoperable and compliant with the proposed reference architecture. In a case study, which involves engineering an IoTSE prototype, the kernel managed to reduce the amount of new source line of code to just 30%. The kernel-based approach supports engineering a majority of prominent IoTSE types detected in the literature. To enhance its support for emerging classes of IoTSE and prepare for future features in the reuse-centric IoTSE engineering, we proposed a platform-based approach to IoTSE engineering that extends the kernel-based approach. The platform-based approach revolves around an Internet of Things Search Engine Platform – ISEP – that supports developing interoperable IoTSE components, accumulating those components, and allowing search engine operators to engineer IoTSE instance from them using any valid architectural pattern defined in the reference architecture, without modifying the implementation of the components. In a case study, the platform-based approach enabled engineering complex IoTSE instances entirely from the components of simpler ones. Both the ability to engineer various IoTSE instances from a set of components and the engineering of new IoTSE instances entirely from accumulated components are unprecedented in the IoTSE literature. Future research can focus on devising mechanisms that leverage the architecture and the infrastructure proposed in this thesis to accumulate the knowledge generated in the process of engineering IoTSE instances and use it to introduce automation gradually to IoTSE engineering. Eventually, when the automation is proven to be trustworthy and reliable, machines might compose and deploy IoTSE instances in real-time to adapt to the incoming queries and the state of the computing infrastructure. By achieving this degree of automation, we will have realized a search engine for the Internet of Things.Thesis (Ph.D.) -- University of Adelaide, School of Computer Science, 201

Service level agreement specification for IoT application workflow activity deployment, configuration and monitoring

PhD ThesisCurrently, we see the use of the Internet of Things (IoT) within various domains such as healthcare, smart homes, smart cars, smart-x applications, and smart cities. The number of applications based on IoT and cloud computing is projected to increase rapidly over the next few years. IoT-based services must meet the guaranteed levels of quality of service (QoS) to match users’ expectations. Ensuring QoS through specifying the QoS constraints using service level agreements (SLAs) is crucial. Also because of the potentially highly complex nature of multi-layered IoT applications, lifecycle management (deployment, dynamic reconfiguration, and monitoring) needs to be automated. To achieve this it is essential to be able to specify SLAs in a machine-readable format. currently available SLA specification languages are unable to accommodate the unique characteristics (interdependency of its multi-layers) of the IoT domain. Therefore, in this research, we propose a grammar for a syntactical structure of an SLA specification for IoT. The grammar is based on a proposed conceptual model that considers the main concepts that can be used to express the requirements for most common hardware and software components of an IoT application on an end-to-end basis. We follow the Goal Question Metric (GQM) approach to evaluate the generality and expressiveness of the proposed grammar by reviewing its concepts and their predefined lists of vocabularies against two use-cases with a number of participants whose research interests are mainly related to IoT. The results of the analysis show that the proposed grammar achieved 91.70% of its generality goal and 93.43% of its expressiveness goal. To enhance the process of specifying SLA terms, We then developed a toolkit for creating SLA specifications for IoT applications. The toolkit is used to simplify the process of capturing the requirements of IoT applications. We demonstrate the effectiveness of the toolkit using a remote health monitoring service (RHMS) use-case as well as applying a user experience measure to evaluate the tool by applying a questionnaire-oriented approach. We discussed the applicability of our tool by including it as a core component of two different applications: 1) a contextaware recommender system for IoT configuration across layers; and 2) a tool for automatically translating an SLA from JSON to a smart contract, deploying it on different peer nodes that represent the contractual parties. The smart contract is able to monitor the created SLA using Blockchain technology. These two applications are utilized within our proposed SLA management framework for IoT. Furthermore, we propose a greedy heuristic algorithm to decentralize workflow activities of an IoT application across Edge and Cloud resources to enhance response time, cost, energy consumption and network usage. We evaluated the efficiency of our proposed approach using iFogSim simulator. The performance analysis shows that the proposed algorithm minimized cost, execution time, networking, and Cloud energy consumption compared to Cloud-only and edge-ward placement approaches