New Paper Accepted: Security Assurance in Modern IoT Systems
Our paper entitled Security Assurance in Modern IoT Systems has been accepted for publication at the workshop 4th Workshop on Connected Intelligence for IoT and Industrial IoT Applications (C3IA), part of IEEE VTC 2022-Spring. The paper presents our idea for certification-based security assurance of cloud-edge-IoT systems, where such systems cannot be precisely modeled and assessed as in the past.
The authors of the paper are: Nicola Bena (me), Ruslan Bondaruc, and Antongiacomo Polimeno. I am going to present the paper personally in a virtual session.
Below is the full abstract.
Modern distributed systems consist of a multi-layer architecture of IoT, edge, and cloud nodes. Together, they are revolutionizing our lives, bringing intelligence to existing processes (e.g., smart grids) and enabling novel, efficient and effective processes (e.g., remote surgery). This transition however does not come without drawbacks, due to the ever-increasing reliance on devices whose security and safety are, at least, questionable. In this context, research is in its infancy, struggling to adapt successful practices applied, for instance, in cloud systems. Security of modern IoT systems still relies on old-fashioned approaches, mostly static assessments considering only very specific parts of the target system, rather than assessing the system as a whole. In this paper, we put forward the idea of security assurance for IoT, as a higher-level assurance process evaluating the target system at different layers and different moments of its lifecycle, then implemented by a flexible assurance framework. The quality of our approach is evaluated in a real- world smart lighting system.