Síntese de requisitos de segurança para internet das coisas baseada em modelos em tempo de execução / Security requirements synthesis for internet of things based on models runtime

Oliveira Neto, Inael Rodrigues de

14 October 2015

Submitted by Cláudia Bueno (claudiamoura18@gmail.com) on 2016-01-29T14:17:13Z No. of bitstreams: 2 Dissertação - Inael Rodrigues de Oliveira Neto - 2015.pdf: 3158226 bytes, checksum: 9d8ebb3f5b3305532b92d7e59da8184e (MD5) license_rdf: 23148 bytes, checksum: 9da0b6dfac957114c6a7714714b86306 (MD5) / Approved for entry into archive by Luciana Ferreira (lucgeral@gmail.com) on 2016-02-01T11:48:51Z (GMT) No. of bitstreams: 2 Dissertação - Inael Rodrigues de Oliveira Neto - 2015.pdf: 3158226 bytes, checksum: 9d8ebb3f5b3305532b92d7e59da8184e (MD5) license_rdf: 23148 bytes, checksum: 9da0b6dfac957114c6a7714714b86306 (MD5) / Made available in DSpace on 2016-02-01T11:48:51Z (GMT). No. of bitstreams: 2 Dissertação - Inael Rodrigues de Oliveira Neto - 2015.pdf: 3158226 bytes, checksum: 9d8ebb3f5b3305532b92d7e59da8184e (MD5) license_rdf: 23148 bytes, checksum: 9da0b6dfac957114c6a7714714b86306 (MD5) Previous issue date: 2015-10-14 / The Internet of Things (IoT) connects the Internet all kinds of “things” or “smart objects” such as devices, sensors, actuators, mobile phones, home appliances, cars and even furniture. IIoT is characterized by the ubiquity and dynamism of its environment and connected objects. Thus, the environment of the IoT is highly volatile and heterogeneous as it counts with the presence of different objects able to interact and to cooperate with each other over the Internet. While Smart Objects become more ubiquitous, there is growing uncertainty about the environment, which contributes to a greater appearance of security threats not foreseen in the design phase. This thesis presents a solution that aims to ensure flexibility by allowing the safety requirements to be changed at runtime by the user, systematically reflecting these changes to the security settings for objects connected to the IoT. Therefore, this work presents an architecture of middleware and implementation of an algorithm for assessment requirements and security reconfiguration as well as its evaluation. In addition, this work presents a domain-specific modeling language using models@runtime for specifying the user’s security requirements. About the contributions of this work, we can mention the proposed architecture of middleware, a requirements synthesis algorithm for reconfiguration of security at runtime, a security requirement modeling language, the application of models@runtime approach for reconfiguration of security and the construction of a metamodel for capturing application security aspects running on devices in the IoT. / A Internet das Coisas (IoT) conecta na Internet todo tipo de coisas ou objetos inteligentes, tais como dispositivos, sensores, atuadores, telefones celulares, eletrodomésticos, carros e até mesmo móveis. Ela caracteriza-se pela ubiquidade e dinamismo do seu ambiente e objetos conectados. Com isso, o ambiente da IoT é altamente volátil e heterogêneo, pois ele conta com a presença de diferentes objetos capazes de interagir e cooperar uns com os outros através da Internet. Ao passo que objetos inteligentes se tornam mais ubíquos, há uma crescente incerteza sobre o ambiente, o que contribui com um maior surgimento de ameaças de segurança não previstas na fase de projeto. Esta dissertação apresenta uma solução que objetiva garantir flexibilidade nos requisitos de segurança para serem alterados pelo usuário em tempo de execução e refletir sistematicamente sobre essas mudanças nas configurações de segurança em objetos conectados na IoT. Para isso, este trabalho apresenta uma arquitetura de middleware e a implementação de um algoritmo para avaliação de requisitos e reconfiguração da segurança. Além disso, este trabalho apresenta uma linguagem de modelagem de domínio específico usando models@ runtime para especificação dos requisitos de segurança do usuário. Entre as contribuições deste trabalho, podemos citar a proposta de arquitetura de middleware, um algoritmo de síntese de requisitos para reconfiguração da segurança em tempo de execução, a linguagem de modelagem de requisitos de segurança, a aplicação da abordagem de modelos em tempo de execução para reconfiguração da segurança e a construção de um metamodelo que captura de aspectos de segurança de aplicações executando em dispositivos na IoT.

Requisitos de segurança

Autenticação

Confidencialidade

Models@runtime

Reconfiguração da segurança

Internet das coisas

Security requirements

Authentication

Confidentiality

Models@runtime

Security reconfiguration

Internet of things

Self-adaptation for Internet of things applications / Auto-adaptation pour les applications de l’Internet des objets

Acosta Padilla, Francisco Javier

12 December 2016

L'Internet des Objets (IdO) couvre peu à peu tous les aspects de notre vie. À mesure que ces systèmes deviennent plus répandus, le besoin de gérer cette infrastructure complexe comporte plusieurs défis. En effet, beaucoup de petits appareils interconnectés fournissent maintenant plus d'un service dans plusieurs aspects de notre vie quotidienne, qui doivent être adaptés à de nouveaux contextes sans l'interruption de tels services. Cependant, ce nouveau système informatique diffère des systèmes classiques principalement sur le type, la taille physique et l'accès des nœuds. Ainsi, des méthodes typiques pour gérer la couche logicielle sur de grands systèmes distribués comme on fait traditionnellement ne peuvent pas être employées dans ce contexte. En effet, cela est dû aux capacités très différentes dans la puissance de calcul et la connectivité réseau, qui sont très contraintes pour les appareils de l'IdO. De plus, la complexité qui était auparavant gérée par des experts de plusieurs domaines, tels que les systèmes embarqués et les réseaux de capteurs sans fil (WSN), est maintenant accrue par la plus grande quantité et hétérogénéité des logiciels et du matériel des nœuds. Par conséquent, nous avons besoin de méthodes efficaces pour gérer la couche logicielle de ces systèmes, en tenant compte les ressources très limitées. Cette infrastructure matérielle sous-jacente pose de nouveaux défis dans la manière dont nous administrons la couche logicielle de ces systèmes. Ces défis peuvent entre divisés en : Intra-nœud, sur lequel nous faisons face à la mémoire limitée et à la puissance de calcul des nœuds IdO, afin de gérer les mises à jour sur ces appareils ; Inter-noeud, sur lequel une nouvelle façon de distribuer les mises à jour est nécessaire, en raison de la topologie réseau différente et le coût en énergie pour les appareils alimentés par batterie ; En effet, la puissance de calcul limitée et la durée de vie de chaque nœud combiné à la nature très distribuée de ces systèmes, ajoute de la complexité à la gestion de la couche logicielle distribuée. La reconfiguration logicielle des nœuds dans l'Internet des objets est une préoccupation majeure dans plusieurs domaines d'application. En particulier, la distribution du code pour fournir des nouvelles fonctionnalités ou mettre à jour le logiciel déjà installé afin de l'adapter aux nouvelles exigences, a un impact énorme sur la consommation d'énergie. La plupart des algorithmes actuels de diffusion du code sur l'air (OTA) sont destinés à diffuser un microprogramme complet à travers de petits fragments, et sont souvent mis en œuvre dans la couche réseau, ignorant ainsi toutes les informations de guidage de la couche applicative. Première contribution : Un moteur de modèles en temps d'exécution représentant une application de l'IdO en cours d'exécution sur les nœuds à ressources limitées. La transformation du méta-modèle Kevoree en code C pour répondre aux contraintes de mémoire spécifiques d'un dispositif IdO a été réalisée, ainsi que la proposition des outils de modélisation pour manipuler un modèle en temps d'exécution. Deuxième contribution : découplage en composants d'un système IdO ainsi qu'un algorithme de distribution de composants efficace. Le découplage en composants d'une application dans le contexte de l'IdO facilite sa représentation sur le modèle en temps d'exécution, alors qu'il fournit un moyen de changer facilement son comportement en ajoutant/supprimant des composants et de modifier leurs paramètres. En outre, un mécanisme pour distribuer ces composants en utilisant un nouvel algorithme appelé Calpulli est proposé. / The Internet of Things (IoT) is covering little by little every aspect on our lives. As these systems become more pervasive, the need of managing this complex infrastructure comes with several challenges. Indeed, plenty of small interconnected devices are now providing more than a service in several aspects of our everyday life, which need to be adapted to new contexts without the interruption of such services. However, this new computing system differs from classical Internet systems mainly on the type, physical size and access of the nodes. Thus, typical methods to manage the distributed software layer on large distributed systems as usual cannot be employed on this context. Indeed, this is due to the very different capacities on computing power and network connectivity, which are very constrained for IoT devices. Moreover, the complexity which was before managed by experts on several fields, such as embedded systems and Wireless Sensor Networks (WSN), is now increased by the larger quantity and heterogeneity of the node’s software and hardware. Therefore, we need efficient methods to manage the software layer of these systems, taking into account the very limited resources. This underlying hardware infrastructure raises new challenges in the way we administrate the software layer of these systems. These challenges can be divided into: intra-node, on which we face the limited memory and CPU of IoT nodes, in order to manage the software layer and ; inter-node, on which a new way to distribute the updates is needed, due to the different network topology and cost in energy for battery powered devices. Indeed, the limited computing power and battery life of each node combined with the very distributed nature of these systems, greatly adds complexity to the distributed software layer management. Software reconfiguration of nodes in the Internet of Things is a major concern for various application fields. In particular, distributing the code of updated or new software features to their final node destination in order to adapt it to new requirements, has a huge impact on energy consumption. Most current algorithms for disseminating code over the air (OTA) are meant to disseminate a complete firmware through small chunks and are often implemented at the network layer, thus ignoring all guiding information from the application layer. First contribution: A models@runtime engine able to represent an IoT running application on resource constrained nodes. The transformation of the Kevoree meta-model into C code to meet the specific memory constraints of an IoT device was performed, as well as the proposition of modelling tools to manipulate a model@runtime. Second contribution: Component decoupling of an IoT system as well as an efficient component distribution algorithm. Components decoupling of an application in the context of the IoT facilitates its representation on the model@runtime, while it provides a way to easily change its behaviour by adding/removing components and changing their parameters. In addition, a mechanism to distribute such components using a new algorithm, called Calpulli is proposed.

Ingénierie dirigé par les modèles

Internet des objets (IdO)

Models@runtime

Auto-Adaptation

Models@runtime

Internet of things (IoT)

Model driven engineering

Self-adaptation

Programação de espaços inteligentes utilizando modelos em tempo de execução / Smart spaces programming using models at runtime

Freitas, Leandro Alexandre

04 April 2017

Submitted by JÚLIO HEBER SILVA (julioheber@yahoo.com.br) on 2017-05-19T17:39:41Z No. of bitstreams: 2 Tese - Leandro Alexandre Freitas - 2017.pdf: 10640805 bytes, checksum: 61b69f91cb32e17075d698eecf19b8c4 (MD5) license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) / Approved for entry into archive by Luciana Ferreira (lucgeral@gmail.com) on 2017-05-22T10:42:45Z (GMT) No. of bitstreams: 2 Tese - Leandro Alexandre Freitas - 2017.pdf: 10640805 bytes, checksum: 61b69f91cb32e17075d698eecf19b8c4 (MD5) license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) / Made available in DSpace on 2017-05-22T10:42:45Z (GMT). No. of bitstreams: 2 Tese - Leandro Alexandre Freitas - 2017.pdf: 10640805 bytes, checksum: 61b69f91cb32e17075d698eecf19b8c4 (MD5) license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) Previous issue date: 2017-04-04 / Fundação de Amparo à Pesquisa do Estado de Goiás - FAPEG / The growth and popularization of wireless connectivity and of mobile devices has allowed the development of smart spaces that were previously only envisaged in the approach proposed by Mark Weiser. These smart spaces are composed of many computational resources, such as devices, services and applications, along with users, who must be able to associate with these features. However, programming these environments is a challenging task, since smart spaces have a dynamic nature, resources are heterogeneous, and it is necessary that interactions between users and devices are coordinated with one another. In this work, we present a new approach for smart spaces programming using Models@RunTime. In this regard, we propose a high level modeling language, called Smart Spaces Modeling Language (2SML), in which the user is able to model the smart space with all elements that can be part of it. Such models are developed by the users, interpreted and effected in the physical space by a model execution engine, called Smart Space Virtual Machine (2SVM), whose development is part of this work. / O crescimento e a popularização cada vez maior da conectividade sem fio e dos dispositivos móveis, tem permitido a construção de espaços inteligentes que antes eram vislumbrados apenas na proposta de computação ubíqua do cientista da Xerox PARK, Mark Weiser. Esses espaços inteligentes são compostos por diversos recursos computacionais, como dispositivos, serviços e aplicações, além de usuários, que devem ser capazes de se associar a esses recursos. Entretanto, a programação destes ambientes é uma tarefa desa- fiadora, uma vez que os espaços inteligentes possuem uma natureza dinâmica, os recursos se apresentam de forma heterogênea e é necessário que as interações entre usuários e dispositivos sejam coordenadas. Neste trabalho desenvolvemos uma nova abordagem para programação de espaços inteligentes, por meio de modelos em tempo de execução. Para isso, propomos uma linguagem de modelagem de alto nível, denominada Smart Space Modeling Language (2SML), em que o usuário é capaz de modelar o espaço inteligente com todos os elementos que dele podem fazer parte. Esse modelo desenvolvido pelo usuá- rio é interpretado e realizado no espaço físico por uma máquina de execução de modelos, denominada Smart Space Virtual Machine (2SVM), cujo desenvolvimento é parte deste trabalho.

Espaços inteligentes

Modelos em tempo de execução

Máquina de execução de modelos

Smart spaces

Models runtime

Domain specific modeling language

Mo- dels execution machine