Browsing by Author "Rego, Angel"
Now showing 1 - 3 of 3
Results Per Page
Sort Options
Item Continuous Deployment of Trustworthy Smart IoT Systems.(2020-07) Ferry, Nicolas; Nguyen, Phu H.; Song, Hui; Rios, Erkuden; Iturbe, Eider; Martinez, Satur; Rego, Angel; CIBERSEC&DLT; Tecnalia Research & InnovationWhile the next generation of IoT systems need to perform distributed processing and coordinated behaviour across IoT, Edge and Cloud infrastructures, their development and operation are still challenging. A major challenge is the high heterogeneity of their infrastructure, which broadens the surface for security attacks and increases the complexity of maintaining and evolving such complex systems. In this paper, we present our approach for Generation and Deployment of Smart IoT Systems (GeneSIS) to tame this complexity. GeneSIS leverages model-driven engineering to support the DevSecOps of Smart IoT Systems (SIS). More precisely, GeneSIS includes: (i) a domain specific modelling language to specify the deployment of SIS over IoT, Edge and Cloud infrastructure with the necessary concepts for security and privacy; and (ii) a models@run.time engine to enact the orchestration, deployment, and adaptation of these SIS. The results from our smart building case study have shown that GeneSIS can support security by design from the development (via deployment) to the operation of IoT systems and back again in a DevSecOps loop. In other words, GeneSIS enables IoT systems to keep up security and adapt to evolving conditions and threats while maintaining their trustworthiness.Item Continuous quantitative risk management in smart grids using attack defense trees(2020-08-07) Rios, Erkuden; Rego, Angel; Iturbe, Eider; Higuero, Marivi; Larrucea, Xabier; CIBERSEC&DLT; Tecnalia Research & InnovationAlthough the risk assessment discipline has been studied from long ago as a means to support security investment decision-making, no holistic approach exists to continuously and quantitatively analyze cyber risks in scenarios where attacks and defenses may target different parts of Internet of Things (IoT)-based smart grid systems. In this paper, we propose a comprehensive methodology that enables informed decisions on security protection for smart grid systems by the continuous assessment of cyber risks. The solution is based on the use of attack defense trees modelled on the system and computation of the proposed risk attributes that enables an assessment of the system risks by propagating the risk attributes in the tree nodes. The method allows system risk sensitivity analyses to be performed with respect to different attack and defense scenarios, and optimizes security strategies with respect to risk minimization. The methodology proposes the use of standard security and privacy defense taxonomies from internationally recognized security control families, such as the NIST SP 800-53, which facilitates security certifications. Finally, the paper describes the validation of the methodology carried out in a real smart building energy efficiency application that combines multiple components deployed in cloud and IoT resources. The scenario demonstrates the feasibility of the method to not only perform initial quantitative estimations of system risks but also to continuously keep the risk assessment up to date according to the system conditions during operation.Item Development and Operation of Trustworthy Smart IoT Systems: The ENACT Framework(Springer, 2020) Ferry, Nicolas; Dominiak, Jacek; Gallon, Anne; González, Elena; Iturbe, Eider; Lavirotte, Stéphane; Martinez, Saturnino; Metzger, Andreas; Muntés-Mulero, Victor; Nguyen, Phu H.; Palm, Alexander; Rego, Angel; Rios, Erkuden; Riviera, Diego; Solberg, Arnor; Song, Hui; Tigli, Jean Yves; Winter, Thierry; Bruel, Jean-Michel; Mazzara, Manuel; Meyer, Bertrand; CIBERSEC&DLT; Tecnalia Research & InnovationTo unleash the full potential of IoT, it is critical to facilitate threation and operation of trustworthy Smart IoT Systems (SIS). Software development and delivery of SIS would greatly benefit from DevOps as devices and IoT services requirements for reliability, quality, security and safety are paramount. However, DevOps practices are far from widely adopted in the IoT, in particular, due to a lack of key enabling tools. In last year paper at DevOps’18, we presented the ENACT research roadmap that identified the critical challenges to enable DevOps in the realm of trustworthy SIS. In this paper, we present the ENACT DevOps Framework as our current realization of these methods and tools.