Visible to the public Biblio

Filters: Keyword is open systems  [Clear All Filters]
2021-03-16
Jahanian, M., Chen, J., Ramakrishnan, K. K..  2020.  Managing the Evolution to Future Internet Architectures and Seamless Interoperation. 2020 29th International Conference on Computer Communications and Networks (ICCCN). :1—11.

With the increasing diversity of application needs (datacenters, IoT, content retrieval, industrial automation, etc.), new network architectures are continually being proposed to address specific and particular requirements. From a network management perspective, it is both important and challenging to enable evolution towards such new architectures. Given the ubiquity of the Internet, a clean-slate change of the entire infrastructure to a new architecture is impractical. It is believed that we will see new network architectures coming into existence with support for interoperability between separate architectural islands. We may have servers, and more importantly, content, residing in domains having different architectures. This paper presents COIN, a content-oriented interoperability framework for current and future Internet architectures. We seek to provide seamless connectivity and content accessibility across multiple of these network architectures, including the current Internet. COIN preserves each domain's key architectural features and mechanisms, while allowing flexibility for evolvability and extensibility. We focus on Information-Centric Networks (ICN), the prominent class of Future Internet architectures. COIN avoids expanding domain-specific protocols or namespaces. Instead, it uses an application-layer Object Resolution Service to deliver the right "foreign" names to consumers. COIN uses translation gateways that retain essential interoperability state, leverages encryption for confidentiality, and relies on domain-specific signatures to guarantee provenance and data integrity. Using NDN and MobilityFirst as important candidate solutions of ICN, and IP, we evaluate COIN. Measurements from an implementation of the gateways show that the overhead is manageable and scales well.

2021-02-23
Mendiboure, L., Chalouf, M. A., Krief, F..  2020.  A Scalable Blockchain-based Approach for Authentication and Access Control in Software Defined Vehicular Networks. 2020 29th International Conference on Computer Communications and Networks (ICCCN). :1—11.
Software Defined Vehicular Networking (SDVN) could be the future of the vehicular networks, enabling interoperability between heterogeneous networks and mobility management. Thus, the deployment of large SDVN is considered. However, SDVN is facing major security issues, in particular, authentication and access control issues. Indeed, an unauthorized SDN controller could modify the behavior of switches (packet redirection, packet drops) and an unauthorized switch could disrupt the operation of the network (reconnaissance attack, malicious feedback). Due to the SDVN features (decentralization, mobility) and the SDVN requirements (flexibility, scalability), the Blockchain technology appears to be an efficient way to solve these authentication and access control issues. Therefore, many Blockchain-based approaches have already been proposed. However, two key challenges have not been addressed: authentication and access control for SDN controllers and high scalability for the underlying Blockchain network. That is why in this paper we propose an innovative and scalable architecture, based on a set of interconnected Blockchain sub-networks. Moreover, an efficient access control mechanism and a cross-sub-networks authentication/revocation mechanism are proposed for all SDVN devices (vehicles, roadside equipment, SDN controllers). To demonstrate the benefits of our approach, its performances are compared with existing solutions in terms of throughput, latency, CPU usage and read/write access to the Blockchain ledger. In addition, we determine an optimal number of Blockchain sub-networks according to different parameters such as the number of certificates to store and the number of requests to process.
2021-01-20
Mavroudis, V., Svenda, P..  2020.  JCMathLib: Wrapper Cryptographic Library for Transparent and Certifiable JavaCard Applets. 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). :89—96.

The JavaCard multi-application platform is now deployed to over twenty billion smartcards, used in various applications ranging from banking payments and authentication tokens to SIM cards and electronic documents. In most of those use cases, access to various cryptographic primitives is required. The standard JavaCard API provides a basic level of access to such functionality (e.g., RSA encryption) but does not expose low-level cryptographic primitives (e.g., elliptic curve operations) and essential data types (e.g., Integers). Developers can access such features only through proprietary, manufacturer-specific APIs. Unfortunately, such APIs significantly reduce the interoperability and certification transparency of the software produced as they require non-disclosure agreements (NDA) that prohibit public sharing of the applet's source code.We introduce JCMathLib, an open library that provides an intermediate layer realizing essential data types and low-level cryptographic primitives from high-level operations. To achieve this, we introduce a series of optimization techniques for resource-constrained platforms that make optimal use of the underlying hardware, while having a small memory footprint. To the best of our knowledge, it is the first generic library for low-level cryptographic operations in JavaCards that does not rely on a proprietary API.Without any disclosure limitations, JCMathLib has the potential to increase transparency by enabling open code sharing, release of research prototypes, and public code audits. Moreover, JCMathLib can help resolve the conflict between strict open-source licenses such as GPL and proprietary APIs available only under an NDA. This is of particular importance due to the introduction of JavaCard API v3.1, which targets specifically IoT devices, where open-source development might be more common than in the relatively closed world of government-issued electronic documents.

2020-12-28
Yang, H., Huang, L., Luo, C., Yu, Q..  2020.  Research on Intelligent Security Protection of Privacy Data in Government Cyberspace. 2020 IEEE 5th International Conference on Cloud Computing and Big Data Analytics (ICCCBDA). :284—288.

Based on the analysis of the difficulties and pain points of privacy protection in the opening and sharing of government data, this paper proposes a new method for intelligent discovery and protection of structured and unstructured privacy data. Based on the improvement of the existing government data masking process, this method introduces the technologies of NLP and machine learning, studies the intelligent discovery of sensitive data, the automatic recommendation of masking algorithm and the full automatic execution following the improved masking process. In addition, the dynamic masking and static masking prototype with text and database as data source are designed and implemented with agent-based intelligent masking middleware. The results show that the recognition range and protection efficiency of government privacy data, especially government unstructured text have been significantly improved.

2020-12-14
Pilet, A. B., Frey, D., Taïani, F..  2020.  Foiling Sybils with HAPS in Permissionless Systems: An Address-based Peer Sampling Service. 2020 IEEE Symposium on Computers and Communications (ISCC). :1–6.
Blockchains and distributed ledgers have brought renewed interest in Byzantine fault-tolerant protocols and decentralized systems, two domains studied for several decades. Recent promising works have in particular proposed to use epidemic protocols to overcome the limitations of popular Blockchain mechanisms, such as proof-of-stake or proof-of-work. These works unfortunately assume a perfect peer-sampling service, immune to malicious attacks, a property that is difficult and costly to achieve. We revisit this fundamental problem in this paper, and propose a novel Byzantine-tolerant peer-sampling service that is resilient to Sybil attacks in open systems by exploiting the underlying structure of wide-area networks.
2020-11-17
Poltronieri, F., Sadler, L., Benincasa, G., Gregory, T., Harrell, J. M., Metu, S., Moulton, C..  2018.  Enabling Efficient and Interoperable Control of IoBT Devices in a Multi-Force Environment. MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM). :757—762.

Efficient application of Internet of Battlefield Things (IoBT) technology on the battlefield calls for innovative solutions to control and manage the deluge of heterogeneous IoBT devices. This paper presents an innovative paradigm to address heterogeneity in controlling IoBT and IoT devices, enabling multi-force cooperation in challenging battlefield scenarios.

2020-11-09
Kemp, C., Calvert, C., Khoshgoftaar, T..  2018.  Utilizing Netflow Data to Detect Slow Read Attacks. 2018 IEEE International Conference on Information Reuse and Integration (IRI). :108–116.
Attackers can leverage several techniques to compromise computer networks, ranging from sophisticated malware to DDoS (Distributed Denial of Service) attacks that target the application layer. Application layer DDoS attacks, such as Slow Read, are implemented with just enough traffic to tie up CPU or memory resources causing web and application servers to go offline. Such attacks can mimic legitimate network requests making them difficult to detect. They also utilize less volume than traditional DDoS attacks. These low volume attack methods can often go undetected by network security solutions until it is too late. In this paper, we explore the use of machine learners for detecting Slow Read DDoS attacks on web servers at the application layer. Our approach uses a generated dataset based upon Netflow data collected at the application layer on a live network environment. Our Netflow data uses the IP Flow Information Export (IPFIX) standard providing significant flexibility and features. These Netflow features can process and handle a growing amount of traffic and have worked well in our previous DDoS work detecting evasion techniques. Our generated dataset consists of real-world network data collected from a production network. We use eight different classifiers to build Slow Read attack detection models. Our wide selection of learners provides us with a more comprehensive analysis of Slow Read detection models. Experimental results show that the machine learners were quite successful in identifying the Slow Read attacks with a high detection and low false alarm rate. The experiment demonstrates that our chosen Netflow features are discriminative enough to detect such attacks accurately.
Muller, T., Walz, A., Kiefer, M., Doran, H. Dermot, Sikora, A..  2018.  Challenges and prospects of communication security in real-time ethernet automation systems. 2018 14th IEEE International Workshop on Factory Communication Systems (WFCS). :1–9.
Real-Time Ethernet has become the major communication technology for modern automation and industrial control systems. On the one hand, this trend increases the need for an automation-friendly security solution, as such networks can no longer be considered sufficiently isolated. On the other hand, it shows that, despite diverging requirements, the domain of Operational Technology (OT) can derive advantage from high-volume technology of the Information Technology (IT) domain. Based on these two sides of the same coin, we study the challenges and prospects of approaches to communication security in real-time Ethernet automation systems. In order to capitalize the expertise aggregated in decades of research and development, we put a special focus on the reuse of well-established security technology from the IT domain. We argue that enhancing such technology to become automation-friendly is likely to result in more robust and secure designs than greenfield designs. Because of its widespread deployment and the (to this date) nonexistence of a consistent security architecture, we use PROFINET as a showcase of our considerations. Security requirements for this technology are defined and different well-known solutions are examined according their suitability for PROFINET. Based on these findings, we elaborate the necessary adaptions for the deployment on PROFINET.
2020-11-04
Torkura, K. A., Sukmana, M. I. H., Strauss, T., Graupner, H., Cheng, F., Meinel, C..  2018.  CSBAuditor: Proactive Security Risk Analysis for Cloud Storage Broker Systems. 2018 IEEE 17th International Symposium on Network Computing and Applications (NCA). :1—10.

Cloud Storage Brokers (CSB) provide seamless and concurrent access to multiple Cloud Storage Services (CSS) while abstracting cloud complexities from end-users. However, this multi-cloud strategy faces several security challenges including enlarged attack surfaces, malicious insider threats, security complexities due to integration of disparate components and API interoperability issues. Novel security approaches are imperative to tackle these security issues. Therefore, this paper proposes CS-BAuditor, a novel cloud security system that continuously audits CSB resources, to detect malicious activities and unauthorized changes e.g. bucket policy misconfigurations, and remediates these anomalies. The cloud state is maintained via a continuous snapshotting mechanism thereby ensuring fault tolerance. We adopt the principles of chaos engineering by integrating BrokerMonkey, a component that continuously injects failure into our reference CSB system, CloudRAID. Hence, CSBAuditor is continuously tested for efficiency i.e. its ability to detect the changes injected by BrokerMonkey. CSBAuditor employs security metrics for risk analysis by computing severity scores for detected vulnerabilities using the Common Configuration Scoring System, thereby overcoming the limitation of insufficient security metrics in existing cloud auditing schemes. CSBAuditor has been tested using various strategies including chaos engineering failure injection strategies. Our experimental evaluation validates the efficiency of our approach against the aforementioned security issues with a detection and recovery rate of over 96 %.

2020-11-02
Fraile, Francisco, Flores, José Luis, Anaya, Victor, Saiz, Eduardo, Poler, Raúl.  2018.  A Scaffolding Design Framework for Developing Secure Interoperability Components in Digital Manufacturing Platforms. 2018 International Conference on Intelligent Systems (IS). :564—569.
This paper presents the Virtual Open Operating System (vf-OS) Input / Output (IO) Toolkit Generator, which is a design tool to develop vf-OS IO components that interact with all kinds of manufacturing assets, either physical devices like Program Logic Controllers (PLCs), software applications like Enterprise Resource Planning Systems (ERPs) or legacy file formats like STEP. The vf-OS IO Toolkit Generator is based on software scaffolding, a code generation technique that allows a developer to create a working component to interact with a manufacturing asset from the vf-OS Platform without writing a line of code. As described in this paper, software scaffolding not only simplifies the development of interoperability components, but it also fosters system security and platform integration automation. Another contribution of this paper is to propose possible integrations between the IO Toolkit Generator and the vf-OS Security Command Centre in charge of platform security. Additionally, this paper describes how the concept can be extended to address other digital manufacturing platforms like Fi-Ware.
2020-09-28
Patsonakis, Christos, Terzi, Sofia, Moschos, Ioannis, Ioannidis, Dimosthenis, Votis, Konstantinos, Tzovaras, Dimitrios.  2019.  Permissioned Blockchains and Virtual Nodes for Reinforcing Trust Between Aggregators and Prosumers in Energy Demand Response Scenarios. 2019 IEEE International Conference on Environment and Electrical Engineering and 2019 IEEE Industrial and Commercial Power Systems Europe (EEEIC / I CPS Europe). :1–6.
The advancement and penetration of distributed energy resources (DERs) and renewable energy sources (RES) are transforming legacy energy systems in an attempt to reduce carbon emissions and energy waste. Demand Response (DR) has been identified as a key enabler of integrating these, and other, Smart Grid technologies, while, simultaneously, ensuring grid stability and secure energy supply. The massive deployment of smart meters, IoT devices and DERs dictate the need to move to decentralized, or even localized, DR schemes in the face of the increased scale and complexity of monitoring and coordinating the actors and devices in modern smart grids. Furthermore, there is an inherent need to guarantee interoperability, due to the vast number of, e.g., hardware and software stakeholders, and, more importantly, promote trust and incentivize the participation of customers in DR schemes, if they are to be successfully deployed.In this work, we illustrate the design of an energy system that addresses all of the roadblocks that hinder the large scale deployment of DR services. Our DR framework incorporates modern Smart Grid technologies, such as fog-enabled and IoT devices, DERs and RES to, among others, automate asset handling and various time-consuming workflows. To guarantee interoperability, our system employs OpenADR, which standardizes the communication of DR signals among energy stakeholders. Our approach acknowledges the need for decentralization and employs blockchains and smart contracts to deliver a secure, privacy-preserving, tamper-resistant, auditable and reliable DR framework. Blockchains provide the infrastructure to design innovative DR schemes and incentivize active consumer participation as their aforementioned properties promote transparency and trust. In addition, we harness the power of smart contracts which allows us to design and implement fully automated contractual agreements both among involved stakeholders, as well as on a machine-to-machine basis. Smart contracts are digital agents that "live" in the blockchain and can encode, execute and enforce arbitrary agreements. To illustrate the potential and effectiveness of our smart contract-based DR framework, we present a case study that describes the exchange of DR signals and the autonomous instantiation of smart contracts among involved participants to mediate and monitor transactions, enforce contractual clauses, regulate energy supply and handle payments/penalties.
2020-09-14
Widergren, Steve, Melton, Ron, Khandekar, Aditya, Nordman, Bruce, Knight, Mark.  2019.  The Plug-and-Play Electricity Era: Interoperability to Integrate Anything, Anywhere, Anytime. IEEE Power and Energy Magazine. 17:47–58.
The inforrmation age continues to transform the mechanics of integrating electric power devices and systems, from coordinated operations based purely on the physics of electric power engineering to an increasing blend of power with information and communication technology. Integrating electric system components is not just about attaching wires. It requires the connection of computer-based automation systems to associated sensing and communication equipment. The architectural impacts are significant. Well-considered and commonly held concepts, principles, and organizational structures continue to emerge to address the complexity of the integrated operational challenges that drive our society to expect more flexibility in configuring the electric power system, while simultaneously achieving greater efficiency, reliability, and resilience. Architectural concepts, such as modularity and composability, contribute to the creation of structures that enable the connection of power system equipment characterized by clearly defined interfaces consisting of physical and cyberlinks. The result of successful electric power system component connection is interoperation: the discipline that drives integration to be simple and reliable.
2020-08-24
Islam, Chadni, Babar, Muhammad Ali, Nepal, Surya.  2019.  An Ontology-Driven Approach to Automating the Process of Integrating Security Software Systems. 2019 IEEE/ACM International Conference on Software and System Processes (ICSSP). :54–63.

A wide variety of security software systems need to be integrated into a Security Orchestration Platform (SecOrP) to streamline the processes of defending against and responding to cybersecurity attacks. Lack of interpretability and interoperability among security systems are considered the key challenges to fully leverage the potential of the collective capabilities of different security systems. The processes of integrating security systems are repetitive, time-consuming and error-prone; these processes are carried out manually by human experts or using ad-hoc methods. To help automate security systems integration processes, we propose an Ontology-driven approach for Security OrchestrAtion Platform (OnSOAP). The developed solution enables interpretability, and interoperability among security systems, which may exist in operational silos. We demonstrate OnSOAP's support for automated integration of security systems to execute the incident response process with three security systems (Splunk, Limacharlie, and Snort) for a Distributed Denial of Service (DDoS) attack. The evaluation results show that OnSOAP enables SecOrP to interpret the input and output of different security systems, produce error-free integration details, and make security systems interoperable with each other to automate and accelerate an incident response process.

2020-08-17
Conti, Mauro, Dushku, Edlira, Mancini, Luigi V..  2019.  RADIS: Remote Attestation of Distributed IoT Services. 2019 Sixth International Conference on Software Defined Systems (SDS). :25–32.
Remote attestation is a security technique through which a remote trusted party (i.e., Verifier) checks the trust-worthiness of a potentially untrusted device (i.e., Prover). In the Internet of Things (IoT) systems, the existing remote attestation protocols propose various approaches to detect the modified software and physical tampering attacks. However, in an inter-operable IoT system, in which IoT devices interact autonomously among themselves, an additional problem arises: a compromised IoT service can influence the genuine operation of other invoked service, without changing the software of the latter. In this paper, we propose a protocol for Remote Attestation of Distributed IoT Services (RADIS), which verifies the trust-worthiness of distributed IoT services. Instead of attesting the complete memory content of the entire interoperable IoT devices, RADIS attests only the services involved in performing a certain functionality. RADIS relies on a control-flow attestation technique to detect IoT services that perform an unexpected operation due to their interactions with a malicious remote service. Our experiments show the effectiveness of our protocol in validating the integrity status of a distributed IoT service.
2020-07-24
Luzhnov, Vasiliy S., Sokolov, Alexander N., Barinov, Andrey E..  2019.  Simulation of Protected Industrial Control Systems Based on Reference Security Model using Weighted Oriented Graphs. 2019 International Russian Automation Conference (RusAutoCon). :1—5.
With the increase in the number of cyber attacks on industrial control systems, especially in critical infrastructure facilities, the problem of comprehensive analysis of the security of such systems becomes urgent. This, in turn, requires the availability of fundamental mathematical, methodological and instrumental basis for modeling automated systems, modeling attacks on their information resources, which would allow realtime system protection analysis. The paper proposes a basis for simulating protected industrial control systems, based on the developed reference security model, and a model for attacks on information resources of automated systems. On the basis of these mathematical models, a complex model of a protected automated system was developed, which can be used to build protection systems for automated systems used in production.
2020-07-16
Balduccini, Marcello, Griffor, Edward, Huth, Michael, Vishik, Claire, Wollman, David, Kamongi, Patrick.  2019.  Decision Support for Smart Grid: Using Reasoning to Contextualize Complex Decision Making. 2019 7th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES). :1—6.

The smart grid is a complex cyber-physical system (CPS) that poses challenges related to scale, integration, interoperability, processes, governance, and human elements. The US National Institute of Standards and Technology (NIST) and its government, university and industry collaborators, developed an approach, called CPS Framework, to reasoning about CPS across multiple levels of concern and competency, including trustworthiness, privacy, reliability, and regulatory. The approach uses ontology and reasoning techniques to achieve a greater understanding of the interdependencies among the elements of the CPS Framework model applied to use cases. This paper demonstrates that the approach extends naturally to automated and manual decision-making for smart grids: we apply it to smart grid use cases, and illustrate how it can be used to analyze grid topologies and address concerns about the smart grid. Smart grid stakeholders, whose decision making may be assisted by this approach, include planners, designers and operators.

2020-05-11
Enos, James R., Nilchiani, Roshanak R..  2018.  Merging DoDAF architectures to develop and analyze the DoD network of systems. 2018 IEEE Aerospace Conference. :1–9.
The Department of Defense (DoD) manages capabilities through the Joint Interoperability and Capability Development System (JCIDS) process. As part of this process, sponsors develop a series of DoD Architecture Framework (DoDAF) products to assist analysts understand the proposed capability and how it fits into the broader network of DoD legacy systems and systems under development. However, the Joint Staff, responsible for executing the JCIDS process, often analyzes these architectures in isolation without considering the broader network of systems. DoD leadership, the Government Accountability Organization, and others have noted the lack of the DoD's ability to manage the broader portfolio of capabilities in various reports and papers. Several efforts have proposed merging DoDAF architecture into a larger meta-architecture based on individual system architectures. This paper specifically targets the Systems View 3 (SV-3), System-to-system matrix, as an opportunity to merge multiple DoDAF architecture views into a network of system and understand the potential benefits associated with analyzing a broader perspective. The goal of merging multiple SV-3s is to better understand the interoperability of a system within the network of DoD systems as network metrics may provide insights into the relative interoperability of a DoD system. Currently, the DoD's definition of interoperability focuses on the system or capability's ability to enter and operate within the DoD Information Network (DoDIN); however, this view limits the definition of interoperability as it focuses solely on information flows and not resource flows or physical connections that should be present in a SV-3. The paper demonstrates the importance of including all forms of connections between systems in a network by comparing network metrics associated with the different types of connections. Without a complete set of DoDAF architectures for each system within the DoD and based on the potential classification of these products, the paper collates data that should be included in an SV-3 from open source, unclassified references to build the overall network of DoD systems. From these sources, a network of over 300 systems with almost 1000 connections emerges based on the documented information, resource, and physical connections between these legacy and planned DoD systems. With this network, the paper explores the quantification of individual system's interoperability through the application of nodal and network metrics from social network analysis (SNA). A SNA perspective on a network of systems provides additional insights beyond traditional network analysis because of the emphasis on the importance of nodes, systems, in the network as well as the relationship, connections, between the nodes. Finally, the paper proposes future work to explore the quantification of additional attributes of systems as well as a method for further validating the findings.
2020-03-16
White, Ruffin, Caiazza, Gianluca, Jiang, Chenxu, Ou, Xinyue, Yang, Zhiyue, Cortesi, Agostino, Christensen, Henrik.  2019.  Network Reconnaissance and Vulnerability Excavation of Secure DDS Systems. 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). :57–66.

Data Distribution Service (DDS) is a realtime peer-to-peer protocol that serves as a scalable middleware between distributed networked systems found in many Industrial IoT domains such as automotive, medical, energy, and defense. Since the initial ratification of the standard, specifications have introduced a Security Model and Service Plugin Interface (SPI) architecture, facilitating authenticated encryption and data centric access control while preserving interoperable data exchange. However, as Secure DDS v1.1, the default plugin specifications presently exchanges digitally signed capability lists of both participants in the clear during the crypto handshake for permission attestation; thus breaching confidentiality of the context of the connection. In this work, we present an attacker model that makes use of network reconnaissance afforded by this leaked context in conjunction with formal verification and model checking to arbitrarily reason about the underlying topology and reachability of information flow, enabling targeted attacks such as selective denial of service, adversarial partitioning of the data bus, or vulnerability excavation of vendor implementations.

Sandor, Hunor, Genge, Bela, Haller, Piroska, Bica, Andrei.  2019.  A Security-Enhanced Interoperability Middleware for the Internet of Things. 2019 7th International Symposium on Digital Forensics and Security (ISDFS). :1–6.
This paper documents an Internet of Things (IoT) middleware specially tailored to address the security, and operational requirements expected from an effective IoT platform. In essence, the middleware exposes a diverse palette of features, including authentication, authorization, auditing, confidentiality and integrity of data. Besides these aspects, the middleware encapsulates an IoT object abstraction layer that builds a generic object model that is independent from the device type (i.e., hardware, software, vendor). Furthermore, it builds on standards and specifications to accomplish a highly resilient and scalable solution. The approach is tested on several hardware platforms. A use case scenario is presented to demonstrate its main features. The middleware represents a key component in the context of the “GHOST - Safe-Guarding Home IoT Environments with Personalised Real-time Risk Control” project.
2020-01-27
Li, Zhangtan, Cheng, Liang, Zhang, Yang.  2019.  Tracking Sensitive Information and Operations in Integrated Clinical Environment. 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :192–199.
Integrated Clinical Environment (ICE) is a standardized framework for achieving device interoperability in medical cyber-physical systems. The ICE utilizes high-level supervisory apps and a low-level communication middleware to coordinate medical devices. The need to design complex ICE systems that are both safe and effective has presented numerous challenges, including interoperability, context-aware intelligence, security and privacy. In this paper, we present a data flow analysis framework for the ICE systems. The framework performs the combination of static and dynamic analysis for the sensitive data and operations in the ICE systems. Our experiments demonstrate that the data flow analysis framework can record how the medical devices transmit sensitive data and perform misuse detection by tracing the runtime context of the sensitive operations.
2020-01-20
Klarin, K., Nazor, I., Celar, S..  2019.  Ontology literature review as guidelines for improving Croatian Qualification Framework. 2019 42nd International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO). :1402–1407.

Development of information systems dealing with education and labour market using web and grid service architecture enables their modularity, expandability and interoperability. Application of ontologies to the web helps with collecting and selecting the knowledge about a certain field in a generic way, thus enabling different applications to understand, use, reuse and share the knowledge among them. A necessary step before publishing computer-interpretable data on the public web is the implementation of common standards that will ensure the exchange of information. Croatian Qualification Framework (CROQF) is a project of standardization of occupations for the labour market, as well as standardization of sets of qualifications, skills and competences and their mutual relations. This paper analysis a respectable amount of research dealing with application of ontologies to information systems in education during the last decade. The main goal is to compare achieved results according to: 1) phases of development/classifications of education-related ontologies; 2) areas of education and 3) standards and structures of metadata for educational systems. Collected information is used to provide insight into building blocks of CROQF, both the ones well supported by experience and best practices, and the ones that are not, together with guidelines for development of own standards using ontological structures.

2020-01-13
Mohamed, Nader, Al-Jaroodi, Jameela.  2019.  A Middleware Framework to Address Security Issues in Integrated Multisystem Applications. 2019 IEEE International Systems Conference (SysCon). :1–6.
Integrating multiple programmable components and subsystems developed by different manufacturers into a final system (a system of systems) can create some security concerns. While there are many efforts for developing interoperability approaches to enable smooth, reliable and safe integration among different types of components to build final systems for different applications, less attention is usually given for the security aspects of this integration. This may leave the final systems exposed and vulnerable to potential security attacks. The issues elevate further when such systems are also connected to other networks such as the Internet or systems like fog and cloud computing. This issue can be found in important industrial applications like smart medical, smart manufacturing and smart city systems. As a result, along with performance, safety and reliability; multisystem integration must also be highly secure. This paper discusses the security issues instigated by such integration. In addition, it proposes a middleware framework to address the security issues for integrated multisystem applications.
2019-11-25
Cui, Hongyan, Chen, Zunming, Xi, Yu, Chen, Hao, Hao, Jiawang.  2019.  IoT Data Management and Lineage Traceability: A Blockchain-based Solution. 2019 IEEE/CIC International Conference on Communications Workshops in China (ICCC Workshops). :239–244.

The Internet of Things is stepping out of its infancy into full maturity, requiring massive data processing and storage. Unfortunately, because of the unique characteristics of resource constraints, short-range communication, and self-organization in IoT, it always resorts to the cloud or fog nodes for outsourced computation and storage, which has brought about a series of novel challenging security and privacy threats. For this reason, one of the critical challenges of having numerous IoT devices is the capacity to manage them and their data. A specific concern is from which devices or Edge clouds to accept join requests or interaction requests. This paper discusses a design concept for developing the IoT data management platform, along with a data management and lineage traceability implementation of the platform based on blockchain and smart contracts, which approaches the two major challenges: how to implement effective data management and enrich rational interoperability for trusted groups of linked Things; And how to settle conflicts between untrusted IoT devices and its requests taking into account security and privacy preserving. Experimental results show that the system scales well with the loss of computing and communication performance maintaining within the acceptable range, works well to effectively defend against unauthorized access and empower data provenance and transparency, which verifies the feasibility and efficiency of the design concept to provide privacy, fine-grained, and integrity data management over the IoT devices by introducing the blockchain-based data management platform.

2019-02-08
Ioini, N. E., Pahl, C..  2018.  Trustworthy Orchestration of Container Based Edge Computing Using Permissioned Blockchain. 2018 Fifth International Conference on Internet of Things: Systems, Management and Security. :147-154.

The need to process the verity, volume and velocity of data generated by today's Internet of Things (IoT) devices has pushed both academia and the industry to investigate new architectural alternatives to support the new challenges. As a result, Edge Computing (EC) has emerged to address these issues, by placing part of the cloud resources (e.g., computation, storage, logic) closer to the edge of the network, which allows faster and context dependent data analysis and storage. However, as EC infrastructures grow, different providers who do not necessarily trust each other need to collaborate in order serve different IoT devices. In this context, EC infrastructures, IoT devices and the data transiting the network all need to be subject to identity and provenance checks, in order to increase trust and accountability. Each device/data in the network needs to be identified and the provenance of its actions needs to be tracked. In this paper, we propose a blockchain container based architecture that implements the W3C-PROV Data Model, to track identities and provenance of all orchestration decisions of a business network. This architecture provides new forms of interaction between the different stakeholders, which supports trustworthy transactions and leads to a new decentralized interaction model for IoT based applications.

Ghirardello, K., Maple, C., Ng, D., Kearney, P..  2018.  Cyber Security of Smart Homes: Development of a Reference Architecture for Attack Surface Analysis. Living in the Internet of Things: Cybersecurity of the IoT - 2018. :1-10.

Recent advances in pervasive computing have caused a rapid growth of the Smart Home market, where a number of otherwise mundane pieces of technology are capable of connecting to the Internet and interacting with other similar devices. However, with the lack of a commonly adopted set of guidelines, several IT companies are producing smart devices with their own proprietary standards, leading to highly heterogeneous Smart Home systems in which the interoperability of the present elements is not always implemented in the most straightforward manner. As such, understanding the cyber risk of these cyber-physical systems beyond the individual devices has become an almost intractable problem. This paper tackles this issue by introducing a Smart Home reference architecture which facilitates security analysis. Being composed by three viewpoints, it gives a high-level description of the various functions and components needed in a domestic IoT device and network. Furthermore, this document demonstrates how the architecture can be used to determine the various attack surfaces of a home automation system from which its key vulnerabilities can be determined.