Towards Runtime Monitoring of Node.js and Its Application to the Internet of Things

In the last years Node.js has emerged as a framework particularly suitable for implementing lightweight IoT applications, thanks to its underlying asynchronous event-driven, non blocking I/O model. However, verifying the correctness of programs with asynchronous nested callbacks is quite difficult, and, hence, runtime monitoring can be a valuable support to tackle such a complex task. Runtime monitoring is a useful software verification technique that complements static analysis and testing, but has not been yet fully explored in the context of Internet of Things (IoT) systems. Trace expressions have been successfully employed for runtime monitoring in widespread multiagent system platforms. Recently, their expressive power has been extended to allow parametric specifications on data that can be captured and monitored only at runtime. Furthermore, they can be language and system agnostic, through the notion of event domain and type. This paper investigates the use of parametric trace expressions as a first step towards runtime monitoring of programs developed in Node.js and Node-RED, a flow-based IoT programming tool built on top of Node.js. Runtime verification of such systems is a task that mostly seems to have been overlooked so far in the literature. A prototype implementing the proposed system for Node.js, in order to dynamically check with trace expressions the correct usage of API functions, is presented. The tool exploits the dynamic analysis framework Jalangi for monitoring Node.js programs and allows detection of errors that would be difficult to catch with other techniques. Furthermore, it offers a simple REST interface which can be exploited for runtime verification of Node-RED components, and, more generally, IoT devices

Securing Node-RED Applications

Trigger-Action Platforms (TAPs) play a vital role in fulfilling the promise of the Internet of Things (IoT) by seamlessly connecting otherwise unconnected devices and services. While enabling novel and exciting applications across a variety of services, security and privacy issues must be taken into consideration because TAPs essentially act as persons-in-the-middle between trigger and action services. The issue is further aggravated since the triggers and actions on TAPs are mostly provided by third parties extending the trust beyond the platform providers. Node-RED, an open-source JavaScript-driven TAP, provides the opportunity for users to effortlessly employ and link nodes via a graphical user interface. Being built upon Node.js, third-party developers can extend the platform’s functionality through publishing nodes and their wirings, known as flows. This paper proposes an essential model for Node-RED, suitable to reason about nodes and flows, be they benign, vulnerable, or malicious. We expand on attacks discovered in recent work, ranging from exfiltrating data from unsuspecting users to taking over the entire platform by misusing sensitive APIs within nodes. We present a formalization of a runtime monitoring framework for a core language that soundly and transparently enforces fine-grained allowlist policies at module-, API-, value-, and context-level. We introduce the monitoring framework for Node-RED that isolates nodes while permitting them to communicate via well-defined API calls complying with the policy specified for each node

The EnerGAware Middleware Platform

IECON 2017, 43rd Annual Conference of the IEEE Industrial Electronics Society (IES). Beijing, China.More and more cyber-physical systems and the internet of things push for a multitude of devices and systems, which need to work together to provide the services as required by the users. Nevertheless, the speed of development and the heterogeneity of devices introduces considerable challenges in the development of such systems. This paper describes a solution being implemented in the setting of a serious game scenario, connected to real homes energy consumption. The solution provides a publish-subscribe middleware which is able to seamlessly connect all the components of the system.info:eu-repo/semantics/publishedVersio

Evaluation of Arrowhead Framework in Condition Monitoring Application

The technological advancement in the field of electronics and information technology is changing how industrial automation systems are built. This phenomenon is commonly referred to as the fourth industrial revolution. However, before this prophecy on the change can manifest, new architectural solutions are needed to fully leverage the abilities brought by cheaper sensors, more advanced communication technology and more powerful processing units. The Arrowhead Framework tries to tackle this problem by providing means for Service-oriented architecture via System-of-Systems approach, where so-called application systems consume services provided by so-called core systems, which provide means for service discovery, service registration and service authorization. The goal of the thesis was to evaluate The Arrowhead Framework by developing a demo application on the edge-cloud setup used in the condition monitoring system of vibrating screens manufactured by Metso. The demo applications objective was to ease the configuration and installation of industrial Linux PC’s at the edge of the network. The methodological model for the evaluation was based on the design science research process (DSRP), which provides a model for research of IT artefacts. As a result, the Arrowhead Framework’s core features were found helpful in the problem domain, and suitable for small-scale test setup. However, the implementation of the framework was found to be low quality and lacking features from a production-ready software artefact. The found shortcomings were reported as feedback for the ongoing development process of the framework

Isomorphic Internet of Things Architectures With Web Technologies

Internet of Things development needs isomorphic software architectures, in which every kind of device can be programmed with a consistent set of implementation technologies, allowing applications and their components to be statically deployed or dynamically migrated without having to change their shape.Peer reviewe

Towards a Model-Based Serverless Platform for the Cloud-Edge-IoT Continuum

One of the most prominent implementations of the serverless programming model is Function-as-a-Service (FaaS). Using FaaS, application developers provide source code of serverless functions, typically describing only parts of a larger application, and define triggers for executing these functions on infrastructure components managed by the FaaS provider. There are still challenges that hinder the wider adoption of the FaaS model across the whole Cloud-Edge-IoT continuum. These include the high heterogeneity of the Edge and IoT infrastructure, vendor lock-in, the need to deploy and adapt serverless functions as well as their supporting services and software stacks into their cyber-physical execution environment. As a first step towards addressing these challenges, we introduce the SERVERLEss4I0T platform for the design, deployment, and maintenance of applications over the Cloud-Edge-IoT continuum. In particular, our platform enables the specification and deployment of serverless functions on Cloud and Edge resources, as well as the deployment of their supporting services and software stacks over the whole Cloud-Edge-IoT continuum.acceptedVersio

Securing Software in the Presence of Third-Party Modules

Modular programming is a key concept in software development where the program consists of code modules that are designed and implemented independently. This approach accelerates the development process and enhances scalability of the final product. Modules, however, are often written by third parties, aggravating security concerns such as stealing confidential information, tampering with sensitive data, and executing malicious code.Trigger-Action Platforms (TAPs) are concrete examples of employing modular programming. Any user can develop TAP applications by connecting trigger and action services, and publish them on public repositories. In the presence of malicious application makers, users cannot trust applications written by third parties, which can threaten users’ and platform’s security. We present SandTrap, a novel runtime monitor for JavaScript that can be used to securely integrate third-party applications. SandTrap enforces fine-grained access control policies at the levels of module, API, value, and context. We instantiate SandTrap to IFTTT, Zapier, and Node-RED, three popular JavaScript-driven TAPs, and illustrate how it enforces various policies on a set of benchmarks while incurring a tolerable runtime overhead. We also prove soundness and transparency of the monitoring framework on an essential model of Node-RED. Furthermore, nontransitive policies have been recently introduced as a natural fit for coarse-grained information-flow control where labels are specified at the level of modules. The flow relation does not need to be transitive, resulting in nonstandard noninterference and enforcement mechanism. We develop a lattice encoding to prove that nontransitive policies can be reduced to classical transitive policies. We also devise a lightweight program transformation that leverages standard flow-sensitive information-flow analyses to enforce nontransitive policies more permissively