A Case for IoT Security Assurance

Ardagna, Claudio Agostino; Damiani, Ernesto; Schütte, Julian; Stephanow, Philipp

doi:10.1007/978-981-10-5861-5_8

Cited by 14 publications

(16 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…According to Leuker et al [1], risks related to security, trust, privacy and identity management are major challenges in today's IoT systems. Assessing the quality and security risks of IoT systems however is not a simple task, and due to devices having constraints on cost, time to market and functionality developers of these devices often disregard this assessment [2]. Because IoT systems typically operate in highly dynamic environments, they need to be able to continuously evolve and adapt, to ensure and increase their trustworthiness.…”

Section: Motivationmentioning

confidence: 99%

Tool Support for Risk-driven Planning of Trustworthy Smart IoT Systems within DevOps

Thompson

Erdogan

2020

Proceedings of the 6th International Conference on Information Systems Security and Privacy

View full text Add to dashboard Cite

The Internet of Things is rising in popularity across many different domains, such as build automation, healthcare, electrical smart metering and physical security. Many prominent IT experts and companies like Gartner expect there to be a continued rise in the amount of IoT endpoints, with an estimated 5.8 million endpoints in 2020. With the rapid growth of the devices, the physical nature of these devices, and the amount of data collected, there will be a greater need for trustworthiness. These devices often gather personal data and as the devices have relatively less computational power than other devices, security and privacy risks are greater. With the IoT systems often operating in highly dynamic environments, the development of these systems should often be done in an iterative manner. De-vOps is an increasingly popular agile practice which combines the development and operations of systems to provide continuous delivery. This is well suited for the development of IoT systems. However, there is currently a lack of support for risk driven planning of trustworthy smart IoT systems within DevOps. This thesis investigates currently available tools and methods for the planning of trustworthy smart IoT systems within DevOps. We also propose a tool-supported method with the purpose of assisting developers in the planning phase of DevOps with identifying security and privacy risks, and executing risk assessment algorithms. Furthermore we facilitate automatic real-time security and privacy risk assessment through our custom made API. Moreover we conduct a case study where we apply both our method and tool in a real-life smart home case. Based on our initial result we argue that our tool-supported method: is easy to use and understandable for developers, supports the planning of trustworthy smart IoT systems in the DevOps practice in terms of security and privacy risk assessment and it is appropriate for use in the DevOps practice in terms of adapting to new plans and flexible in response to changes in the system.

show abstract

Section: Motivationmentioning

confidence: 99%

Tool Support for Risk-driven Planning of Trustworthy Smart IoT Systems within DevOps

Thompson

Erdogan

2020

Proceedings of the 6th International Conference on Information Systems Security and Privacy

View full text Add to dashboard Cite

show abstract

“…Assurance evaluation of IoT systems (and more in general of CPSs) is still in its infancy. The research community has first worked on providing security approaches for CPSs 29,30 , and only in the last couple of years some preliminary assurance approaches emerged 31,32,33 . The difficulties in defining new approaches to IoT assurance are due to the fact that the peculiarities of IoT applications make existing assurance approaches for the cloud unusable.…”

Section: Related Workmentioning

confidence: 99%

“…Also, the system under evaluation shows a precise perimeter with known topology. Ardagna et al 32 first discussed challenges in the design and development of assurance techniques for IoT, proposing a conceptual framework and architecture for IoT security assurance evaluation. Sato et al 33 investigated the problem of trust establishment in IoT and proposed an architecture for evaluating “ area‐wise trust ”, where the trust level considers device identification, monitoring of device behaviors, connection process to devices, and connection protocols.…”

Section: Related Workmentioning

confidence: 99%

“…The research community has first worked on providing security approaches for CPSs, 29,30 and only in the last couple of years some preliminary assurance approaches emerged. [31][32][33] The difficulties in defining new approaches to IoT assurance are due to the fact that the peculiarities of IoT applications make existing assurance approaches for the cloud unusable. In fact, these approaches usually do not face the challenges in As stated above, the assurance evaluation of CPSs is complicated the active involvement of people in the execution of a specific business process.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A trust assurance technique for Internet of things based on human behavior compliance

Anisetti

Ardagna

Damiani

et al. 2019

Concurrency and Computation

Self Cite

View full text Add to dashboard Cite

The advent of the Internet of Things (IoT) has radically changed the way in which computations and communications are carried out. People are just becoming another component of IoT environments and, in turn, IoT environments are becoming a mixture of platforms, software, services, things, and people. The price we pay for such dynamic and powerful environment is an intrinsic uncertainty and low trustworthiness due to its opaque perimeter, the multitude of different data sources with unknown providers, and uncertain responsibilities. Trustworthiness of observables collected by smart devices (from minuscle sensors to bigger machines) is fundamental to build a chain of trust on a decision process taken according to these observables. Some assurance solutions evaluate the quality of collected data, though they are difficult to apply in IoT environments for performance and cost reasons. In this paper, we take a different approach and put forward the idea that, in many cases, the behavior of people owning smart devices can contribute to the evaluation of the trustworthiness of collected data and, in turn, of the whole decision process. We therefore define an assurance methodology based on data analytics evaluating the compliance of people to behavioral policies. The more people behavior is compliant, the higher the trustworthiness of data collected through their smart devices.

show abstract

“…Research on IoT-based systems assurance is however at an early stage, and mainly focused on defining new assurance architectures for IoT. Ardagna et al [4] first discussed challenges in the design and development of assurance techniques for IoT, proposing a conceptual framework and architecture for IoT security assurance evaluation. Sato et al.…”

Section: Introductionmentioning

confidence: 99%

Trustworthy IoT: An Evidence Collection Approach Based on Smart Contracts

Ardagna

Asal

Damiani

et al. 2019

2019 IEEE International Conference on Services Computing (SCC)

Self Cite

View full text Add to dashboard Cite

Today, Internet of Things (IoT) implements an ecosystem where a panoply of interconnected devices collect data from physical environments and supply them to processing services, on top of which cloud-based applications are built and provided to mobile end users. The undebatable advantages of smart IoT systems clash with the need of a secure and trustworthy environment. In this paper, we propose a servicebased methodology based on blockchain and smart contracts for trustworthy evidence collection at the basis of a trustworthy IoT assurance evaluation. The methodology balances the provided level of trustworthiness and its performance, and is experimentally evaluated using Hyperledger fabric blockchain.

show abstract

A Case for IoT Security Assurance

Cited by 14 publications

References 24 publications

Tool Support for Risk-driven Planning of Trustworthy Smart IoT Systems within DevOps

Tool Support for Risk-driven Planning of Trustworthy Smart IoT Systems within DevOps

A trust assurance technique for Internet of things based on human behavior compliance

Trustworthy IoT: An Evidence Collection Approach Based on Smart Contracts

Contact Info

Product

Resources

About