SECUR IoT ESIGN
Our project is the subject of this month's "Project Snapshot" of the IT newsletter. More information here.
25 January 2021
Our paper A Preliminary Evaluation of the SRE and SBPG Components of the IoT-HarPSecA Framework was accepted and presented at the Global Internet of Things Summit (GIoTS 2020) conference. Full reference in OUTPUTS AND DISSEMINATION
22 April 2020
Our lasted paper was accepted for publication in the context of this project: A Framework and Roadmap for Secure Design and Development of Devices and Applications in the IoT Space. Full reference in OUTPUTS AND DISSEMINATION
22 April 2020
All open positions for the SECURIoTESIGN project are now closed. Thank you, to those who applied for a position.
23 January 2020
Candidatures for a post-doc and for researchers with the Ms.C. degree were opened in the second half of 2018.
22 January 2020
Our very first paper accepted for publication in the context of this project: Security Threats and Possible Countermeasures in Applications Covering Different Industry Domains. Full reference in OUTPUTS AND DISSEMINATION
17 July 2018
Project started in 1 July 2018. The ResearchGate and Twitter accounts were lauched with the kick-off.
1 July 2018
Towards the assurance of SECURity by dESIGN of the Internet of Things
Today, the Internet of Things (IoT) is considered as one of the major forces driving innovation, growing at a breathtaking pace and opening the door to a wide panoply of potential new applications as well as business possibilities. Nonetheless, it is also a well established fact that it lacks maturity when it comes to security, falling behind other areas of Information and Communication Technology (ICT).
This project aims to address the problem of IoT security at its core and proposes finding the means to guarantee that security controls and mechanisms are taken into consideration and effectively embedded during the design and development of a new device or solution for the IoT. The goals of the project include mitigating vulnerabilities and reducing the window of opportunity for threat actors, as well as providing an appropriate level of protection against security attacks.
Achieving these objectives will require (i) studying the software engineering processes and system development cycles particularized for the specific areas of IoT, (ii) identifying the points in which security aspects and mechanisms should be taken into consideration or integrated, and (iii) proposing how such a consolidation can be materialized in a rigorous, transparent (meaning friendly for system architects and developers) and verifiable manner.
To guarantee the tenacity of this project, the research work will be complemented with tasks dedicated to surveying the state-of-the-art, identification of use cases for the technology to be developed and prototyping a set of software tools, which shall serve as proof of concept and as one of the main outcomes of the project. The objective is that these tools will facilitate the security engineering process, without jeopardizing rigour, and also the integration of the security mechanisms and validation tests for the designers and developers of IoT devices or solutions.
The Work Plan is divided into five research or development activities and one management, dissemination and exploitation activity. The first activity covers technological surveillance aspects and analysis of the specialized literature, preparing the groundwork for activities 2, 3 and 4, and thereby allowing these to be focused in specific research lines: security engineering for IoT; mapping of security requirements and technology; and auditing of IoT software and systems. Activity 5 is fully dedicated to the prototyping of the framework of tools that materialize the research efforts and produced knowledge. This activity includes a task devoted to the prototyping of the tools for each one of the research activities 2, 3 and 4, benefiting the alignment and compartmentalization of the work.
Apart from the generated knowledge and the prototyped software tools (to be publicly released as an open-source project), the project will partially be on the basis of three PhDs. Other visible outputs include four papers for international journals, three peer-reviewed book chapters and two papers for international conferences. A preliminary exploitation plan for the generated knowledge and framework of tools will be made during the lifespan of the project.
SECUR IoT ESIGN is a 3-years project starting in 1 July 2018 and ending in 28 January 2022. It constitutes an estimated total investment of 239.976,58€ and received funding of 203.979,82€ from FCT/COMPETE/FEDER (Reference Number POCI-01-0145-FEDER-030657).
1 - State of the Art on IoT and Security
Starting at month 0 and ending at month 12.
2 - Security Engineering for the IoT
Starting at month 4 and ending at month 30.
3 - Mapping of Security Requirements and Technology
Starting at month 4 and ending at month 30.
4 - Testing and Auditing of IoT Systems
Starting at month 13 and ending at month 36.
5 - Framework of Tools
Starting at month 4 and ending at month 36.
6 - Project Management, Dissemination and Exploitation
Starting at month 1 and ending at month 36.
Principal Investigator | Leader of Activity 6
Main Research Topics:
Computer Security
Programming of Mobile Devices
Leader of Activity 1
Main Research Topics:
Computer Systems and Networks
Security and privacy in computer systems
Post-Doc Researcher | Leader of Activity 5
Main Research Topics:
Security in IoT
Network and Applications
Ph.D. Student | Leader of Activity 2
Main Research Topics:
Security in IoT
Security Audits
Ph.D. Student | Leader of Activity 3
Main Research Topics:
Security in IoT
Security Frameworks
Ph.D. Student
Main Research Topics:
Cloud Security
Cloud and Mobile Computing
Carolina G. Lopes, Semi-automatic generation of tests for assessing correct integration of security mechanisms in the internet of things, Master's thesis, Universidade da Beira Interior, 2021.
Joana C. A. N. da Costa, Threat modeling solution for internet of things in a web-based security framework, Master's thesis, Universidade da Beira Interior, 2021.
Musa G. Samaila, Internet of Things Hardware Platform Security Advisor: A Framework for Facilitating Secure Design and Development of IoT Systems, PhD Thesis, 2021.
Musa G. Samaila, Carolina Lopes, Édi Aires, João B. F. Sequeiros, Tiago Simões, Mário M. Freire, Pedro R. M. Inácio, Performance evaluation of the SRE and SBPG components of the IoT hardware platform security advisor framework, Computer Networks, vol. 199, 2021.
Carolina G. Lopes, Joana C. A. N. da Costa, Bernardo B. F. Sequeiros, Tiago M. C. Simões, Mário M. Freire, Pedro R. M. Inácio, Machine Learning Applied to Security Requirements Elicitation: Learning From Experience, INFORUM 2021.
Vinícius de Miranda Rios, Pedro R. M. Inácio, Damien Magoni, Mário M. Freire, Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms, Computer Networks, vol. 186, pp. 107792, 2021.
Musa G. Samaila, Carolina Lopes, Édi Aires, João B. F. Sequeiros, Tiago Simões, Mário M. Freire, Pedro R. M. Inácio, A Preliminary Evaluation of the SRE and SBPG Components of the IoT-HarPSecA Framework, Global Internet of Things Summit (GIoTS 2020), pp. 1-7, Dublin, Ireland, June 2020.
Musa G. Samaila, João B. F. Sequeiros, Tiago Simões, Mário M. Freire and Pedro R. M. Inácio, IoT-HarPSecA: A Framework and Roadmap for Secure Design and Development of Devices and Applications in the IoT Space, IEEE Access, vol. 8, pp. 16462-16494, 2020.
João B. F. Sequeiros, Francisco Chimuco, Musa G. Samaila, Mário M. Freire and Pedro R. M. Inácio, Attack and System Modeling Applied to IoT, Cloud and Mobile Ecosystems: Embedding Security by Design, ACM Computing Surveys (CSUR), vol. 53, pp. 1-32, 2020.
Musa G. Samaila, João B. F. Sequeiros, Mário M. Freire, and Pedro R. M. Inácio, IoT-HarPSecA: A Framework for Facilitating the Design and Development of Secure IoT Devices, in Proceedings of The 2nd International Workshop on Security and Forensics of IoT (IoT-SECFOR 2019), held in conjunction with the 14th International Conference on Availability, Reliability and Security (ARES 2019), Canterbury, United Kingdom, August 26-29, 2019.
Musa G. Samaila, João B. F. Sequeiros, Mário M. Freire, and Pedro R. M. Inácio, Security Threats and Possible Countermeasures in Applications Covering Different Industry Domains, in Proceedings of The 2nd International Workshop on Security and Forensics of IoT (IoT-SECFOR 2018), held in conjunction with the 13th International Conference on Availability, Reliability and Security (ARES 2018), August 27-30, 2018.
Musa G. Samaila, Miguel Neto, Diogo A. B. Fernandes, Mário M. Freire, and Pedro R. M. Inácio, Challenges of Securing Internet of Things Devices: A Survey, Wiley Security and Privacy (SPY), 1(2):20, May 2018.
Musa G. Samaila, João B. F. Sequeiros, Acácio F. P. P. Correia, Mário M. Freire, Pedro R. M. Inácio, "A Quick Perspective on the Current State of IoT Security: A Survey." Networks of the Future Chapman and Hall/CRC, pp. 431-464, 2017.
Software de código aberto, The IoT-HarPSecA framework. Esta framework pode ser consultada na seguinte Hiperligação.
Software de código aberto, The Security Advising Modules (SAM) framework. Esta framework pode ser consultada na seguinte Hiperligação.
Software de código aberto, Security Requirements Elicitation (SRE) Module. Este módulo pode ser consultado na seguinte Hiperligação.
Software de código aberto, Security Best Pratice Guidelines (SBPG) Module. Este módulo pode ser consultado na seguinte Hiperligação.
Software de código aberto, Lightweight Criptographic Algorithm Recommendation (LWCAR) Module. Este módulo pode ser consultado na seguinte Hiperligação.
Software de código aberto, The Cloud Security Best Pratice Guidelines (CSBPG) module. Este módulo pode ser consultado na seguinte Hiperligação.
Software de código aberto, The Cloud Security Requirements Elicitation (CSRE) module. Este módulo pode ser consultado na seguinte Hiperligação.
Software de código aberto, The Threat Modeling Solution (TMS) module. Este módulo pode ser consultado na seguinte Hiperligação.
Software de código aberto, Assessment of the Correct Integration of Security Mechanisms (ACISM). Este módulo pode ser consultado na seguinte Hiperligação.