Model-Driven Cyber Range Training: A Cyber Security Assurance Perspective

Security demands are increasing for all types of organisations, due to the ever-closer integration of computing infrastructures and smart devices into all aspects of the organisational operations. Consequently, the need for security-aware employees in every role of an organisation increases in accordance. Cyber Range training emerges as a promising solution, allowing employees to train in both realistic environments and scenarios and gaining hands-on experience in security aspects of varied complexity, depending on their role and level of expertise. To that end, this work introduces a model-driven approach for Cyber Range training that facilitates the generation of tailor-made training scenarios based on a comprehensive model-based description of the organisation and its security posture. Additionally, our approach facilitates the auto- mated deployment of such training environments, tailored to each defined scenario, through simulation and emulation means. To further highlight the usability of the proposed approach, this work also presents scenarios focusing on phishing threats, with increasing level of complexity and difficulty

Pattern-driven security, privacy, dependability and interoperability management of iot environments

Achieving Security, Privacy, Dependability and Interoperability (SPDI) is of paramount importance for the ubiquitous deployment and impact maximization of Internet of Things (IoT) applications. Nevertheless, said requirements are not only difficult to achieve at system initialization, but also hard to prove and maintain at run-time. This paper highlights an approach to tackling the above challenges, through the definition of pattern language and a framework that can guarantee SPDI in IoT orchestrations. By integrating pattern reasoning engines at the various layers of the IoT infrastructure, and a machine-processable representation of said pattern through Drools rules, the proposed framework can provide ways to fulfill SPDI requirements at design time, and also provide the means to guarantee those SPDI properties and manage the orchestrations accordingly. Moreover, an application example of the framework is presented in an Industrial IoT monitoring environment

Towards a Security, Privacy, Dependability, Interoperability Framework for the Internet of Things

A popular application of ambient intelligence systems constitutes of assisting living services on smart buildings. As intelligence is imported in embedded equipment, the system becomes able to provide smart services (e.g. control lights, airconditioning, provide energy management services etc.). IoT is the main enabler of such environments. However, the interconnection of these cyber-physical systems and the processing of personal data raise serious security and privacy issues. In this paper we present a framework that can guarantee Security, Privacy, Dependability and Interoperability (SPDI) in IoT. Taking advantage of the underlying IoT deployment, the proposed framework not only implements the requested smart functionality but also provide modelling and administration that can guarantee those SPDI properties. Moreover, we provide an application example of the framework in a smart building scenario

The Interoperability of Things: Interoperable solutions as an enabler for IoT and Web 3.0

This paper presents an overview of the interoperability concepts along with the challenges for the IoT domain and the upcoming Web 3.0. We identify four levels of interoperability and the relevant solutions for accomplishing vertical and horizontal compatibility between the various layers of a modern IoT ecosystem, referred to as: technological, syntactic, semantic, and organizational interoperability. The goal is to achieve cross-domain interaction and facilitate the proper usage and management of the provided IoT services and applications. An interoperability framework is also proposed where the involved system components can cooperate and offer the seamless operation from the device to the backend framework. This by-design end-to-end interoperation enables the interplay of several complex service composition settings and the management of the system via patterns. The overall proposal is adopted by the EU funded project SEMIoTICS as an enabler towards the IoT and Web 3.0, even when products from different vendors are utilized

The green blockchains of circular economy

Eco‐friendly systems are necessitated nowadays, as the global consumption is increasing. A data‐driven aspect is prominent, involving the Internet of Things (IoT) as the main enabler of a Circular Economy (CE). Henceforth, IoT equipment records the system’s functionality, with machine learning (ML) optimizing green computing operations. Entities exchange and reuse CE assets. Transparency is vital as the beneficiaries must track the assets’ history. This article proposes a framework where blockchaining administrates the cooperative vision of CE‐IoT. For the core operation, the blockchain ledger records the changes in the assets’ states via smart contracts that implement the CE business logic and are lightweight, complying with the IoT requirements. Moreover, a federated learning approach is proposed, where computationally intensive ML tasks are distributed via a second contract type. Thus, “green‐miners” devote their resources not only for making money, but also for optimizing operations of real‐systems, which results in actual resource savings

Towards a Collection of Security and Privacy Patterns

Security and privacy (SP)-related challenges constitute a significant barrier to the wider adoption of Internet of Things (IoT)/Industrial IoT (IIoT) devices and the associated novel applications and services. In this context, patterns, which are constructs encoding re-usable solutions to common problems and building blocks to architectures, can be an asset in alleviating said barrier. More specifically, patterns can be used to encode dependencies between SP properties of individual smart objects and corresponding properties of orchestrations (compositions) involving them, facilitating the design of IoT solutions that are secure and privacy-aware by design. Motivated by the above, this work presents a survey and taxonomy of SP patterns towards the creation of a usable pattern collection. The aim is to enable decomposition of higher-level properties to more specific ones, matching them to relevant patterns, while also creating a comprehensive overview of security- and privacy-related properties and sub-properties that are of interest in IoT/IIoT environments. To this end, the identified patterns are organized using a hierarchical taxonomy that allows their classification based on provided property, context, and generality, while also showing the relationships between them. The two high-level properties, Security and Privacy, are decomposed to a first layer of lower-level sub-properties such as confidentiality and anonymity. The lower layers of the taxonomy, then, include implementation-level enablers. The coverage that these patterns offer in terms of the considered properties, data states (data in transit, at rest, and in process), and platform connectivity cases (within the same IoT platform and across different IoT platforms) is also highlighted. Furthermore, pointers to extensions of the pattern collection to include additional patterns and properties, including Dependability and Interoperability, are given. Finally, to showcase the use of the presented pattern collection, a practical application is detailed, involving the pattern-driven composition of IoT/IIoT orchestrations with SP property guarantees

WARDOG: Awareness detection watchbog for Botnet infection on the host device

Botnets constitute nowadays one of the most dangerous security threats worldwide. High volumes of infected machines are controlled by a malicious entity and perform coordinated cyber-attacks. The problem will become even worse in the era of the Internet of Things (IoT) as the number of insecure devices is going to be exponentially increased. This paper presents WARDOG – an awareness and digital forensic system that informs the end-user of the botnet’s infection, exposes the botnet infrastructure, and captures verifiable data that can be utilized in a court of law. The responsible authority gathers all information and automatically generates a unitary documentation for the case. The document contains undisputed forensic information, tracking all involved parties and their role in the attack. The deployed security mechanisms and the overall administration setting ensures non-repudiation of performed actions and enforces accountability. The provided properties are verified through theoretic analysis. In simulated environment, the effectiveness of the proposed solution, in mitigating the botnet operations, is also tested against real attack strategies that have been captured by the FORTHcert honeypots, overcoming state-of-the-art solutions. Moreover, a preliminary version is implemented in real computers and IoT devices, highlighting the low computational/communicational overheads of WARDOG in the field

CIRCE: Architectural Patterns for Circular and Trustworthy By-Design IoT Orchestrations

The adoption of Internet of Things (IoT) devices, applications and services gradually transform our everyday lives. In parallel, the transition from linear to circular economic (CE) models provide an even more fertile ground for novel types of services, and the update and enrichment of legacy ones. To fully realize the potential of the interplay between IoT and CE, the design-time definition of IoT orchestrations with proven circularity properties, and the run-time management of these orchestrations based on said properties, is of paramount importance. Nevertheless, the circularity requirements and associated properties are not only difficult to achieve at the IoT orchestration design and deployment initialization phases, but also hard to prove and maintain at run-time. Motivated by this, this paper presents the CIRCE framework for circular and trustworthy by-design IoT orchestrations. The CIRCE approach leverages concepts from pattern-driven engineering, whereby patterns are used to encode proven dependencies between the Location, Condition, and Availability (LCA) properties of individual smart objects and corresponding properties of orchestrations (compositions) involving them. These are augmented by patterns encoding trustworthiness-related properties, namely Connectivity, Security, Privacy, Dependability, and Interoperability (CSPDI). Thereby, these patterns are used to generate IoT orchestrations with proven LCA and CSPDI properties, as needed, at design time. At runtime, these properties are monitored in real-time, leveraging reasoning engines deployed across system layers, triggering adaptations to return the deployed orchestration to the desired LCA and CSPDI states, when required. Details are provided on the above novel combination of IoT, CE and pattern-based engineering, along with a proposed architecture and implementation approach. Furthermore, an assessment of a proof-of-concept implementation is provided, validating the feasibility of the proposed approach

Pairing a Circular Economy and the 5G-Enabled Internet of Things: Creating a Class of “Looping Smart Assets”

The increase in the world’s population has led to a massive rise in human consumption of the planet’s natural resources, well beyond their replacement rate. Traditional recycling concepts and methods are not enough to counter such effects. In this context, a circular economy (CE), that is, a restorative and regenerative by-design economy, can reform today’s “take–make–dispose” economic model. On the other hand, the Internet of Things (IoT) continues to gradually transform our everyday lives, allowing for the introduction of novel types of services while enhancing legacy ones. Taking this as our motivation, in this article we analyze the CE/IoT interplay, indicating innovative ways in which this interaction can drastically affect products and services, their underlying business models, and the associated ecosystems. Moreover, we present an IoT architecture that enables smart object integration into the IoT ecosystem. The presented architecture integrates circularityenabling features by maximizing the exploitation of assets toward a new type of IoT ecosystem that is circular by design (CbD). Finally, we provide a proof-of-concept implementation and an application study of the proposed architecture and results regarding the applicability of the proposed approach for the telecommunications (telecom) sector

SPD-safe: Secure administration of railway intelligent transportation systems

The railway transport system is critical infrastructure that is exposed to numerous manmade and natural threats, thus protecting this physical asset is imperative. Cyber security, privacy, and dependability (SPD) are also important, as the railway operation relies on cyber-physical systems (CPS) systems. This work presents SPD-Safe—an administration framework for railway CPS, leveraging artificial intelligence for monitoring and managing the system in real-time. The network layer protections integrated provide the core security properties of confidentiality, integrity, and authentication, along with energy-aware secure routing and authorization. The effectiveness in mitigating attacks and the efficiency under normal operation are assessed through simulations with the average delay in real equipment being 0.2–0.6 s. SPD metrics are incorporated together with safety semantics for the application environment. Considering an intelligent transportation scenario, SPD-Safe is deployed on railway critical infrastructure, safeguarding one outdoor setting on the railway’s tracks and one in-carriage setting on a freight train that contains dangerous cargo. As demonstrated, SPD-Safe provides higher security and scalability, while enhancing safety response procedures. Nonetheless, emergence response operations require a seamless interoperation of the railway system with emergency authorities’ equipment (e.g., drones). Therefore, a secure integration with external systems is considered as future work