Security by Construction in Cloud and Internet of Things Ecosystems
The work carried out in this WP addresses security by design in Cloud and Internet of Things ecosystems, including research activities on ways to establish the assurance of security in software systems by design, focusing mainly on software and development processes (security engineering). It also includes the prototyping of a set of software tools for security engineering, attack modelling, and semi-assisted testing.
Team & Collaborators
- Pedro Inácio | WP leader
- Mário Freire
- Paula Prata
- Francisco Chimuco | PhD student, C4-UBI (02/2020-08/2022)
- Tiago Simões | PostDoc, UBI (08/2019-12/2021)
- Bernardo Sequeiros | PhD student, UBI
- Musa Gwani Samaila | PhD student, UBI (12/2018-04/2021)
- Carolina Lopes | PhD student, UBI
- Joana Costa | PhD student, UBI
- Luís Rodrigues | MSc student, UBI (09/2019-10/2020)
Publications
Journal articles
- Chimuco F., Sequeiros J., Lopes C., Simões T., Freire M. and Inácio P. (2023). Secure Cloud-based Mobile Apps: Attack Taxonomy, Requirements, Mechanisms, Tests and Automation. International Journal of Information Security (IJIS), 35 pages.
- Costa J., Roxo T., Sequeiros J., Proença H., Inácio P.. (2022). Predicting CVSS Metric Via Description Interpretation. IEEE Access, 10: 59125-59134.
- Samaila M., Lopes C., Aires É., Sequeiros J., Simões T., Freire M., Inácio P.. (2021). Performance evaluation of the SRE and SBPG components of the IoT hardware platform security advisor framework. Computer Networks, 199, 108496.
- Gupta C., Inácio P., Freire M.. (2021). Improving software maintenance with improved bug triaging. King Saud Univ. – Comput. Inf. Sci. 34(10), 8757-8764.
- Rios V., Inácio P., Magoni D., Freire M.. (2021). Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms. Computer Networks, 186, 107792.
- Sequeiros J., Chimuco F., Samaila M., Freire M., Inácio P.. (2021). Attack and System Modeling Applied to IoT, Cloud, and Mobile Ecosystems: Embedding Security by Design. ACM Computing Surveys (CSUR), 53(2), 1. (***)
- Samaila M., Sequeiros J., Simões T., Freire M., Inácio P.. (2020). IoT-HarPSecA: A Framework and Roadmap for Secure Design and Development of Devices and Applications in the IoT Space. IEEE Access, 8, 16462.
(***) Articles published in a top 10% most cited journal of the respective field.
Conference articles
- Lopes C., Costa J., Sequeiros J., Simões T., Freire M., Inácio P.. (2021). Machine Learning Applied to Security Requirements Elicitation: Learning From Experience. In Atas do 12º Simpósio de Informática (INForum 2021), pp. 0-12. (in press)
- Samaila M., Lopes C., Aires É., Sequeiros J., Simões T., Freire M., Inácio P.. (2020). A Preliminary Evaluation of the SRE and SBPG Components of the IoT-HarPSecA Framework. In Proceedings of The Global IoT Summit (GIoTS2020), pp. 1-7.
PhD thesis
- Bernardo Sequeiros, one of the collaborators, is developing, as an integrating part of the SECURIoTESIGN project, his PhD thesis, under the guise, Towards a Framework for System and Attack Modeling, and Mapping of Requirements and Technology for the Internet of Things.
MSc thesis
- Carolina Lopes, MSc student at UBI, developed her Master’s dissertation, Semi-Automatic Generation of Tests for Assessing Correct Integration of Security Mechanisms in the Internet of Things, also in the scope of the theme of this project, in October 2021.
- Joana Costa, MSc student at UBI, developed her Master’s dissertation, Threat Modeling Solution for Internet of Things in a Web-based Security Framework, also in the scope of the theme of this project, in October 2021.
- Luís Rodrigues, MSc student at UBI, developed his Master’s dissertation, Modeling Attacks in IoT to Assist the Engineering Process, also in the scope of the theme of this project, in November 2020.
Related activities
- Pedro Inácio co-chaired the 6th International Workshop on Security and Forensics of IoT (IoT-SECFOR 2022), held in conjunction with the 17th International Conference on Availability, Reliability and Security (ARES 2022). August 2022. Vienna, Austria.
- Several members of the team (Carolina Lopes, Joana Costa, Bernardo Sequeiros and Franscisco Chimuco) presented the framework of tools being developed in the scope of this WP and related projects to the Fruition company. The workshop lasted one and a half hour and took place on 21 June 2021.
- Pedro Inácio co-chaired the 5th International Workshop on Security and Forensics of IoT (IoT-SECFOR 2021), held in conjunction with the 16th International Conference on Availability, Reliability and Security (ARES 2021), all digital conference, 17 to 20 August 2021.
- Pedro Inácio co-chaired the 4th International Workshop on Security and Forensics of IoT (IoT-SECFOR 2020), held in conjunction with the 15th International Conference on Availability, Reliability and Security (ARES 2020). August 2020. All digital conference.
- Bernardo Sequeiros, SECURIoTESIGN – Towards the Assurance of Security by Design of the Internet of Things, C4 – RINNOVAR – Research and INNOVation seminAR. October 2019. Covilhã, Portugal.
- Pedro Inácio co-chaired the 3rd International Workshop on Security and Forensics of IoT (IoT-SECFOR 2019), held in conjunction with the 14th International Conference on Availability, Reliability and Security (ARES 2019). August 2019. Canterbury, United Kingdom.
- Project SECURIoTESIGN, Towards the assurance of SECURity by dESIGN of the Internet of Things, financed by FCT/COMPETE/FEDER (Reference POCI-01-0145-FEDER-030657), with the main purpose of providing means to ensure that security is integrated in all design and development stages of IoT devices, from concept to testing phases. This project will provide a (prototype) tool framework to identify security requirements, model attacks and the system, specify tests, map requirements and technology, generate documentation, and auditing.
Software/webservers
- Costa J., Sequeiros J., Lopes C., Simões T., Samaila M., Freire M., Chimuco F., Inácio P., Towards the assurance of SECURity by dESIGN of the IoT, Repository for the Source Code and API Documentation.