TY - JOUR
T1 - A Guiding Framework for Vetting the Internet of Things
AU - Masmoudi, Fatma
AU - Maamar, Zakaria
AU - Sellami, Mohamed
AU - Awad, Ali Ismail
AU - Burégio, Vanilson
N1 - Publisher Copyright:
© 2020
PY - 2020/12
Y1 - 2020/12
N2 - Like any emerging and disruptive technology, multiple obstacles are slowing down the Internet of Things (IoT) expansion for instance, multiplicity of things’ standards, users’ reluctance and sometimes rejection due to privacy invasion, and limited IoT platform interoperability. IoT expansion is also accompanied by the widespread use of mobile apps supporting anywhere, anytime service provisioning to users. By analogy to vetting mobile apps, this paper addresses the lack of principles and techniques for vetting IoT devices (things) in preparation for their integration into mission-critical systems. Things have got vulnerabilities that should be discovered and assessed through proper device vetting. Unfortunately, this is not happening. Rather than sensing a nuclear turbines steam level, a thing could collect some sensitive data about the turbine without the knowledge of users and leak these data to third parties. This paper presents a guiding framework that defines the concepts of, principles of, and techniques for thing vetting as a pro-active response to potential things vulnerabilities.
AB - Like any emerging and disruptive technology, multiple obstacles are slowing down the Internet of Things (IoT) expansion for instance, multiplicity of things’ standards, users’ reluctance and sometimes rejection due to privacy invasion, and limited IoT platform interoperability. IoT expansion is also accompanied by the widespread use of mobile apps supporting anywhere, anytime service provisioning to users. By analogy to vetting mobile apps, this paper addresses the lack of principles and techniques for vetting IoT devices (things) in preparation for their integration into mission-critical systems. Things have got vulnerabilities that should be discovered and assessed through proper device vetting. Unfortunately, this is not happening. Rather than sensing a nuclear turbines steam level, a thing could collect some sensitive data about the turbine without the knowledge of users and leak these data to third parties. This paper presents a guiding framework that defines the concepts of, principles of, and techniques for thing vetting as a pro-active response to potential things vulnerabilities.
KW - Atomic/composite duties
KW - Internet of Things
KW - Security vulnerabilities
KW - Vetting
UR - http://www.scopus.com/inward/record.url?scp=85092894253&partnerID=8YFLogxK
U2 - 10.1016/j.jisa.2020.102644
DO - 10.1016/j.jisa.2020.102644
M3 - Article
AN - SCOPUS:85092894253
SN - 2214-2134
VL - 55
JO - Journal of Information Security and Applications
JF - Journal of Information Security and Applications
M1 - 102644
ER -