Using virtual environments for the assessment of cybersecurity issues in IoT scenarios

Abstract

Internet of Things (IoT) has been forecast as the next main evolution in the field of Information and Communication Technology. Recent studies confirm a steep and constant increase of the diffusion of smart objects, which are capable to interact with the real world and to communicate and gather information autonomously through Internet connections. In the rush of devising and releasing to the market the next killer application for the IoT domain, critical issues regarding the cybersecurity risks are currently overlooked. Because security, like most software qualities, is not an orthogonal requirement, i.e. one that can be satisfied by adding some features at any development stage, this is going to have a very costly impact, potentially leading to failure, on the technologies currently developed for the IoT domain. In order to cope adequately with such issues, IoT applications need to be designed to be secure since their inception and suitable security assessment tools should be made available. This paper describes an approach based on the exploitation of virtual environments and agent-based simulation for the evaluation of cybersecurity solutions for the next generation of IoT applications in realistic scenarios. The effectiveness of the approach is shown by considering a concrete case study involving the cooperation of real and virtual smart devices inside a virtualized scenario where security issues are first evaluated and then handled.