IoT Security Configurability with Security-by-Contract
Cybersecurity is one of the biggest challenges in the Internet of Things (IoT) domain, as well as one of its most embarrassing failures. As a matter of fact, nowadays IoT devices still exhibit various shortcomings. For example, they lack secure default configurations and sufficient security configur...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2019-09-01
|
| Series: | Sensors |
| Subjects: | |
| Online Access: | https://www.mdpi.com/1424-8220/19/19/4121 |
| _version_ | 1817990165993357312 |
|---|---|
| author | Alberto Giaretta Nicola Dragoni Fabio Massacci |
| author_facet | Alberto Giaretta Nicola Dragoni Fabio Massacci |
| author_sort | Alberto Giaretta |
| collection | DOAJ |
| description | Cybersecurity is one of the biggest challenges in the Internet of Things (IoT) domain, as well as one of its most embarrassing failures. As a matter of fact, nowadays IoT devices still exhibit various shortcomings. For example, they lack secure default configurations and sufficient security configurability. They also lack rich behavioural descriptions, failing to list provided and required services. To answer this problem, we envision a future where IoT devices carry behavioural contracts and Fog nodes store network policies. One requirement is that contract consistency must be easy to prove. Moreover, contracts must be easy to verify against network policies. In this paper, we propose to combine the security-by-contract (S × C) paradigm with Fog computing to secure IoT devices. Following our previous work, first we formally define the pillars of our proposal. Then, by means of a running case study, we show that we can model communication flows and prevent information leaks. Last, we show that our contribution enables a holistic approach to IoT security, and that it can also prevent unexpected chains of events. |
| first_indexed | 2024-04-14T00:55:24Z |
| format | Article |
| id | doaj.art-610d9a34a34e4a568a2a4e668cfd00cc |
| institution | Directory Open Access Journal |
| issn | 1424-8220 |
| language | English |
| last_indexed | 2024-04-14T00:55:24Z |
| publishDate | 2019-09-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Sensors |
| spelling | doaj.art-610d9a34a34e4a568a2a4e668cfd00cc2022-12-22T02:21:37ZengMDPI AGSensors1424-82202019-09-011919412110.3390/s19194121s19194121IoT Security Configurability with Security-by-ContractAlberto Giaretta0Nicola Dragoni1Fabio Massacci2Centre for Applied Autonomous Sensors Systems (AASS), Örebro University, 701 82 Örebro, SwedenCentre for Applied Autonomous Sensors Systems (AASS), Örebro University, 701 82 Örebro, SwedenDepartment of Information Science and Engineering, University of Trento, 38123 Trento, ItalyCybersecurity is one of the biggest challenges in the Internet of Things (IoT) domain, as well as one of its most embarrassing failures. As a matter of fact, nowadays IoT devices still exhibit various shortcomings. For example, they lack secure default configurations and sufficient security configurability. They also lack rich behavioural descriptions, failing to list provided and required services. To answer this problem, we envision a future where IoT devices carry behavioural contracts and Fog nodes store network policies. One requirement is that contract consistency must be easy to prove. Moreover, contracts must be easy to verify against network policies. In this paper, we propose to combine the security-by-contract (S × C) paradigm with Fog computing to secure IoT devices. Following our previous work, first we formally define the pillars of our proposal. Then, by means of a running case study, we show that we can model communication flows and prevent information leaks. Last, we show that our contribution enables a holistic approach to IoT security, and that it can also prevent unexpected chains of events.https://www.mdpi.com/1424-8220/19/19/4121IoTconfigurabilityFog computingsecurity-by-contractsecurity |
| spellingShingle | Alberto Giaretta Nicola Dragoni Fabio Massacci IoT Security Configurability with Security-by-Contract Sensors IoT configurability Fog computing security-by-contract security |
| title | IoT Security Configurability with Security-by-Contract |
| title_full | IoT Security Configurability with Security-by-Contract |
| title_fullStr | IoT Security Configurability with Security-by-Contract |
| title_full_unstemmed | IoT Security Configurability with Security-by-Contract |
| title_short | IoT Security Configurability with Security-by-Contract |
| title_sort | iot security configurability with security by contract |
| topic | IoT configurability Fog computing security-by-contract security |
| url | https://www.mdpi.com/1424-8220/19/19/4121 |
| work_keys_str_mv | AT albertogiaretta iotsecurityconfigurabilitywithsecuritybycontract AT nicoladragoni iotsecurityconfigurabilitywithsecuritybycontract AT fabiomassacci iotsecurityconfigurabilitywithsecuritybycontract |