Abstract
Key challenges in Internet-of-Things (IoT) system design and management include the secure system composition and the calculation of the security and dependability level of the final system. This paper presents an event-based model-checking framework for IoT systems’ design and management, called CompoSecReasoner. It invokes two main functionalities: (i) system composition verification, and (ii) derivation and validation of security, privacy, and dependability (SPD) metrics. To measure the SPD values of a system, we disassemble two well-known types of security metrics—the attack surface methodologies and the medieval castle approach. The first method determines the attackable points of the system, while the second one defines the protection level that is provided by the currently composed system-of-systems. We extend these techniques and apply the Event Calculus method for modelling the dynamic behavior of a system with progress in time. At first, the protection level of the currently composed system is calculated. When composition events occur, the current system status is derived. Thereafter, we can deploy reactive strategies and administrate the system automatically at runtime, implementing a novel setting for Moving Target Defenses. We demonstrate the overall solution on a real ambient intelligence application for managing the embedded devices of two emulated smart buildings.
Highlights
In this era of Internet-of-Things (IoT) and the 4th Industrial Revolution, intelligence is integrated into ordinary things
We compare the results of the SPD assessment procedure with similar standardized or widely-used methodologies proposed by the National Institute of Standards and Technology (NIST) [81]
We demonstrate CompoSecReasoner–an event-based model checking framework for metric-driven management of dynamic embedded systems
Summary
In this era of Internet-of-Things (IoT) and the 4th Industrial Revolution, intelligence is integrated into ordinary things. These smart devices are composed in complex systems, forming ambient intelligence and pervasive computing applications (e.g., [1,2,3]). Case studies include among other assisting living, smart transportation, and e-health. Design technologies are becoming imperative in order to guarantee the desired requirements of a heterogeneous system-of-systems, like security, privacy, and dependability (SPD). During the lifecycle of a system, quantitating and measuring its features plays a significant part of the applied risk analysis. Industrial and scientific enterprises, such as the Ford Motor Company [4]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
