Utilize este identificador para referenciar este registo:
http://hdl.handle.net/10773/28692
Título: | A network service for preventing data leakage from IoT cloud-assisted equipment |
Autor: | Cunha, Vitor A. Silva, Eduardo da Carvalho, Marcio B. de Corujo, Daniel Barraca, João P. Gomes, Diogo Schaeffer-Filho, Alberto E. Santos, Carlos R. P. dos Granville, Lisandro Z. Aguiar, Rui L. |
Data: | 2019 |
Editora: | IEEE |
Resumo: | The fact that most IoT solutions are provided by third parties, along with the pervasiveness of the collected data, raises privacy and security concerns. There is a need to verify which data is being sent to the third party, as well as preventing those channels from becoming an exploitation avenue. We propose to use existing API definition languages to create contracts which define the data that can be transmitted, their format and constraints. To verify the compliance with these contracts, we propose a Network Service architecture which validates REST-like API requests/responses against a Swagger schema. We deal with encrypted traffic using an Service Function Chaining (SFC)-enabled Man-in-the-Middle (MITM), allowing verifications in “real-time.” We devised a Proof of Concept and showed that we were able to detect (and stop) contract violations. |
Peer review: | yes |
URI: | http://hdl.handle.net/10773/28692 |
DOI: | 10.1109/ISCC47284.2019.8969719 |
ISBN: | 978-1-7281-3000-2 |
ISSN: | 1530-1346 |
Aparece nas coleções: | DETI - Capítulo de livro IT - Capítulo de livro |
Ficheiros deste registo:
Ficheiro | Descrição | Tamanho | Formato | |
---|---|---|---|---|
A Network Service for Preventing Data Leakage from IoT Cloud Assisted Equipment.pdf | 473.1 kB | Adobe PDF | Ver/Abrir |
Todos os registos no repositório estão protegidos por leis de copyright, com todos os direitos reservados.