A Middleware for the Internet of Things

The Internet of Things (IoT) connects everyday objects including a vast array of sensors, actuators, and smart devices, referred to as things to the Internet, in an intelligent and pervasive fashion. This connectivity gives rise to the possibility of using the tracking capabilities of things to impinge on the location privacy of users. Most of the existing management and location privacy protection solutions do not consider the low-cost and low-power requirements of things, or, they do not account for the heterogeneity, scalability, or autonomy of communications supported in the IoT. Moreover, these traditional solutions do not consider the case where a user wishes to control the granularity of the disclosed information based on the context of their use (e.g. based on the time or the current location of the user). To fill this gap, a middleware, referred to as the Internet of Things Management Platform (IoT-MP) is proposed in this paper.Comment: 20 pages, International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.2, March 201

Towards alignment of architectural domains in security policy specifications

Large organizations need to align the security architecture across three different domains: access control, network layout and physical infrastructure. Security policy specification formalisms are usually dedicated to only one or two of these domains. Consequently, more than one policy has to be maintained, leading to alignment problems. Approaches from the area of model-driven security enable creating graphical models that span all three domains, but these models do not scale well in real-world scenarios with hundreds of applications and thousands of user roles. In this paper, we demonstrate the feasibility of aligning all three domains in a single enforceable security policy expressed in a Prolog-based formalism by using the Law Governed Interaction (LGI) framework. Our approach alleviates the limitations of policy formalisms that are domain-specific while helping to reach scalability by automatic enforcement provided by LGI

Ensuring Cyber-Security in Smart Railway Surveillance with SHIELD

Modern railways feature increasingly complex embedded computing systems for surveillance, that are moving towards fully wireless smart-sensors. Those systems are aimed at monitoring system status from a physical-security viewpoint, in order to detect intrusions and other environmental anomalies. However, the same systems used for physical-security surveillance are vulnerable to cyber-security threats, since they feature distributed hardware and software architectures often interconnected by ‘open networks’, like wireless channels and the Internet. In this paper, we show how the integrated approach to Security, Privacy and Dependability (SPD) in embedded systems provided by the SHIELD framework (developed within the EU funded pSHIELD and nSHIELD research projects) can be applied to railway surveillance systems in order to measure and improve their SPD level. SHIELD implements a layered architecture (node, network, middleware and overlay) and orchestrates SPD mechanisms based on ontology models, appropriate metrics and composability. The results of prototypical application to a real-world demonstrator show the effectiveness of SHIELD and justify its practical applicability in industrial settings

Big Ideas paper: Policy-driven middleware for a legally-compliant Internet of Things.

Internet of Things (IoT) applications, systems and services are subject to law. We argue that for the IoT to develop lawfully, there must be technical mechanisms that allow the enforcement of speci ed policy, such that systems align with legal realities. The audit of policy enforcement must assist the apportionment of liability, demonstrate compliance with regulation, and indicate whether policy correctly captures le- gal responsibilities. As both systems and obligations evolve dynamically, this cycle must be continuously maintained. This poses a huge challenge given the global scale of the IoT vision. The IoT entails dynamically creating new ser- vices through managed and exible data exchange . Data management is complex in this dynamic environment, given the need to both control and share information, often across federated domains of administration. We see middleware playing a key role in managing the IoT. Our vision is for a middleware-enforced, uni ed policy model that applies end-to-end, throughout the IoT. This is because policy cannot be bound to things, applications, or administrative domains, since functionality is the result of composition, with dynamically formed chains of data ows. We have investigated the use of Information Flow Control (IFC) to manage and audit data ows in cloud computing; a domain where trust can be well-founded, regulations are more mature and associated responsibilities clearer. We feel that IFC has great potential in the broader IoT context. However, the sheer scale and the dynamic, federated nature of the IoT pose a number of signi cant research challenges

Privacy Violation and Detection Using Pattern Mining Techniques

Privacy, its violations and techniques to bypass privacy violation have grabbed the centre-stage of both academia and industry in recent months. Corporations worldwide have become conscious of the implications of privacy violation and its impact on them and to other stakeholders. Moreover, nations across the world are coming out with privacy protecting legislations to prevent data privacy violations. Such legislations however expose organizations to the issues of intentional or unintentional violation of privacy data. A violation by either malicious external hackers or by internal employees can expose the organizations to costly litigations. In this paper, we propose PRIVDAM; a data mining based intelligent architecture of a Privacy Violation Detection and Monitoring system whose purpose is to detect possible privacy violations and to prevent them in the future. Experimental evaluations show that our approach is scalable and robust and that it can detect privacy violations or chances of violations quite accurately. Please contact the author for full text at [email protected]

PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services

Enterprises increasingly recognize the compelling economic and operational benefits from virtualizing and pooling IT resources in the cloud. Nevertheless, the significant and valuable transformation of organizations that adopt cloud computing is accompanied by a number of security threats that should be considered. In this position paper, we outline significant security challenges presented when migrating to a cloud environment and propose PaaSword - a novel holistic framework that aspires to alleviate these challenges. Specifically, this proposed framework involves a context-aware security model, the necessary policies enforcement mechanism along with a physical distribution, encryption and query middleware