A Model-Based Security Toolkit for the Internet of Things

Abstract The control and protection of user data is a very important aspect in the design and deployment of the Internet of Things (IoT). The heterogeneity of IoT technologies, the large number of devices and systems, and the different types of users and roles create important challenges in this context. In particular, requirements of scalability, interoperability, trust and privacy are difficult to address even with the considerable amount of existing work both in the research and standardization community. In this paper we propose a Model-based Security Toolkit, which is integrated in a management framework for IoT devices, and supports specification and efficient evaluation of security policies to enable the protection of user data. Our framework is applied to a Smart City scenario in order to demonstrate its feasibility and performance.

[1]  Bin Sun,et al.  Trust management mechanism for Internet of Things , 2014 .

[2]  Marten van Sinderen,et al.  COSMO: A conceptual framework for service modelling and refinement , 2007, Inf. Syst. Frontiers.

[3]  Valérie Issarny,et al.  Ontologies for the internet of things , 2011, MDS '11.

[4]  Jia Guo,et al.  Scalable, adaptive and survivable trust management for community of interest based Internet of Things systems , 2013, 2013 IEEE Eleventh International Symposium on Autonomous Decentralized Systems (ISADS).

[5]  Morris Sloman,et al.  A survey of trust in internet applications , 2000, IEEE Communications Surveys & Tutorials.

[6]  Maurizio Tomasella,et al.  Vision and Challenges for Realising the Internet of Things , 2010 .

[7]  Ing-Ray Chen,et al.  Trust management for the internet of things and its application to service composition , 2012, 2012 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM).

[8]  Jennifer Golbeck,et al.  Inferring Reputation on the Semantic Web , 2004, WWW 2004.

[9]  Audun Jøsang,et al.  The base rate fallacy in belief reasoning , 2010, 2010 13th International Conference on Information Fusion.

[10]  Stephen S. Yau,et al.  An adaptable distributed trust management framework for large-scale secure service-based systems , 2013, Computing.

[11]  Weisong Shi,et al.  PET: A PErsonalized Trust Model with Reputation and Risk Evaluation for P2P Resource Sharing , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[12]  Christian Schaefer,et al.  A Policy Language for Distributed Usage Control , 2007, ESORICS.

[13]  Ricardo Neisse,et al.  Enforcement of security policy rules for the Internet of Things , 2014, 2014 IEEE 10th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[14]  Emil C. Lupu,et al.  Policy-based Management for Body-Sensor Networks , 2007, BSN.

[15]  Alexander Pretschner,et al.  Implementing Trust in Cloud Infrastructures , 2011, 2011 11th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing.

[16]  N. L. Chervany,et al.  THE MEANINGS OF TRUST , 2000 .

[17]  João Paulo A. Almeida,et al.  A Model-Driven Approach to Situations: Situation Modeling and Rule-Based Situation Detection , 2012, 2012 IEEE 16th International Enterprise Distributed Object Computing Conference.

[18]  Dick A. C. Quartel Action Relations. Basic Design Concepts for Behaviour Modelling and Refinement , 1998 .

[19]  Vincent P. Wade,et al.  Trust meta-policies for flexible and dynamic policy based trust management , 2006, Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06).

[20]  Antonio F. Gómez-Skarmeta,et al.  Distributed Capability-based Access Control for the Internet of Things , 2013, J. Internet Serv. Inf. Secur..

[21]  Dongyun Jin,et al.  MAKING RUNTIME MONITORING OF PARAMETRIC PROPERTIES PRACTICAL , 2012 .

[22]  Domenico Rotondi,et al.  A capability-based security approach to manage access control in the Internet of Things , 2013, Math. Comput. Model..

[23]  Ricardo Neisse,et al.  A Model-Based Security Toolkit for the Internet of Things , 2014, 2014 Ninth International Conference on Availability, Reliability and Security.

[24]  Ling Liu,et al.  TrustMe: anonymous management of trust relationships in decentralized P2P systems , 2003, Proceedings Third International Conference on Peer-to-Peer Computing (P2P2003).

[25]  Marten van Sinderen,et al.  An Information Model and Architecture for Context-Aware Management Domains , 2008, 2008 IEEE Workshop on Policies for Distributed Systems and Networks.

[26]  Ricardo Neisse,et al.  Building Trust in the Human?Internet of Things Relationship , 2014, IEEE Technology and Society Magazine.

[27]  J. H. Davis,et al.  An Integrative Model Of Organizational Trust , 1995 .

[28]  Raj Jain,et al.  Architectures for the future networks and the next generation Internet: A survey , 2011, Comput. Commun..

[29]  M. Wegdam,et al.  Trust Management Support for Context-Aware Service Platforms , 2014 .

[30]  James Irwin Digital Rights Management: The Open Mobile Alliance DRM specifications , 2004, Inf. Secur. Tech. Rep..

[31]  Ricardo Neisse,et al.  Model-based specification and refinement of usage control policies , 2013, 2013 Eleventh Annual Conference on Privacy, Security and Trust.

[32]  Alexander Pretschner,et al.  A Trustworthy Usage Control Enforcement Framework , 2013, Int. J. Mob. Comput. Multim. Commun..