AsCoT-SCE - Assessing Compliance of IoT API for Security Critical Environments
Project identification number:
The fast evolution of (Internet-of-Things) IoT devices and the increasing number of applicative fields in which such devices are involved is rapidly pushing toward a paradigm where third-party developers develop services and applications for collaborative IoT devices. This model, which has already proven successful in mobile systems (e.g., Android and iOS), is pushing standardization consortia, such as W3C, to propose integration frameworks presenting a high level generalized and structured way to represent resources and functionalities offered by IoT devices such as smart cameras, smart TVs, smart doorbells, etc. These frameworks act as an integration point for both third-party application developers, aiming at providing smart services, and device producer developers, implementing device-specific functionalities and API, willing to make them available to third-party developers. By using these frameworks, such as Web of Things, FIWARE, IFTTT, and OpenHAB, to name a few, third-party app developers can invoke their generic code functionalities, such as “change on TV channel 5”, without worrying about the actual brand and model of smart TV in a specific home. Given the early stage of development of some of these frameworks, there is not a mechanism to certify the correct and security-compliant integration between a device-specific API and a generic functionality. This is highly undesirable because there might be a mismatch between an invoked functionality and the performed behaviour. Considering the physical dimension of the IoT environment, such a mismatch can cause unexpected behaviours and risks related to privacy, security, and even safety. The AsCoT-SCE project aims to develop a set of mechanisms and methodologies to be used as building blocks for a certification framework. The developed methodologies will provide a structured representation of IoT functionalities through ontologies, their semantics in terms of behavioural policies expressed in a logical language, a set of guidelines for the compliant implementation of such functionalities, a representation of such implementation through manifest, whose integrity is verifiable, and, finally, model checking techniques to verify the compliance of the integration (association between functionality and proposed implementation) and the compliance with respect to specific requirements of safety, privacy, and security. The project will perform research activities on these topics developing a proof-of-concept prototype for a Smart Home environment. The Smart Home is a representative and impactful application of IoT technologies, on which the partners can leverage their experience acquired with an ongoing H2020 project (SIFIS-Home GA #952652), improving the possibility of exploitation on both activities.
- Luca Ardito. (Responsabile Scientifico)
- C.N.R. - CONSIGLIO NAZIONALE DELLE RICERCHE - Coordinator
- POLITECNICO DI TORINO
- UNIVERSITA' DEGLI STUDI DI URBINO "CARLO BO"
|Total cost:||€ 310,928.00|
|Total contribution:||€ 245,451.00|
|PoliTo total cost:||€ 63,927.00|
|PoliTo contribution:||€ 57,589.00|