Improving Internet of Things Device Certification with Policy-based Management
| Affiliation auteurs | !!!! Error affiliation !!!! |
| Titre | Improving Internet of Things Device Certification with Policy-based Management |
| Type de publication | Conference Paper |
| Year of Publication | 2017 |
| Auteurs | Neisse R, Baldini G, Steri G, Ahmad A, Fourneret E, Legeard B |
| Conference Name | 2017 GLOBAL INTERNET OF THINGS SUMMIT (GIOTS 2017) |
| Publisher | IEEE |
| Conference Location | 345 E 47TH ST, NEW YORK, NY 10017 USA |
| ISBN Number | 978-1-5090-5873-0 |
| Mots-clés | certification, Internet of things, model-based testing, policy-based management, Security |
| Résumé | The fast growing rate of the IoT systems with strong pressure to put devices on the market as soon as possible makes these systems vulnerable targets for cyber criminals, as recently seen in the Mirai botnet Distributed Denial-of-Service (DDoS) attack. A way to mitigate these threats is to enforce a comprehensive security certification process of IoT devices based on common standards. In this paper, we present an approach to improve certification of IoT devices using a combination of model-based testing and policy-based management in order to detect post certification vulnerabilities and act on them by introducing runtime policy enforcement capabilities. More precisely, we address these attacks using policy enforcement in order to correct vulnerable IoT device behavior and protect users even if security and privacy were not properly addressed by the device manufactures. We describe the details of our approach and, focusing on authorization vulnerabilities, we present a case study for the oneM2M standard showing how our solution can be applied in practice. |