Please use this identifier to cite or link to this item:
|Title:||Safeguarding from abuse by IoT vendors: edge messages verification of cloud-assisted equipment|
|Author:||Cunha, Vítor A.|
Silva, Eduardo da
Carvalho, Marcio B. de
Barraca, João P.
Schaeffer-Filho, Alberto E.
Santos, Carlos R. P. dos
Granville, Lisandro Z.
Aguiar, Rui L.
|Abstract:||The fact that most IoT solutions are provided by 3rd-parties, along with the pervasiveness of the collected data, raises privacy and security concerns. There is a need to verify which data is being sent to the 3rd-party, as well as preventing those channels from becoming an exploitation avenue. We propose to use existing API definition languages to create contracts which define the data that can be transmitted, in what format, and with which constraints. To verify the compliance with these contracts, we propose a converging "Multi-Access Edge Computing" architecture which validates RESTalike API requests/responses against a Swagger schema. We deal with encrypted traffic using an SFC-enabled Man-in-the-Middle, allowing us to do verifications in "real-time". We devised a Proof of Concept and shown that we were able to detect (and stop) contract violations.|
|Appears in Collections:||DETI - Capítulo de livro|
IT - Capítulo de livro
Files in This Item:
|08717812.pdf||330.94 kB||Adobe PDF|
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.