- Software Security by Design
The high interconnectivity that characterizes modern IoT Systems, along with the increasing accessibility of their devices through the Internet, renders their security an aspect of major concern for IoT users and providers. The importance of securing IoT Systems is further supported by the important security incidents that have been reported in IoT Platforms recently (e.g., Mirai IoT botnet , Silex Malware), which led to the infringement of critical security requirements, including privacy, integrity, and availability, as well as to important financial losses and reputation damages to the owning companies (i.e., IoT Providers).
An effective way of securing an IoT Platform is by securing its architecture, which can be achieved through conformance to International IoT Security Standards and the deployment of security countermeasures, such as intelligent attack detection, prevention, and mitigation mechanisms, security gateways, honeypots, etc. Apart from the IoT Architecture, in order to effectively secure an IoT System, the software that is running on the different nodes of an IoT System (or Platform) should be also considered. If this software contains vulnerabilities, the security of the overall system could be compromised, regardless of how secure the overall architecture may be, following the “security of the weakest link” principle. Hence, in order to ensure the security level of an IoT Platform, the security level of the software that it is running on its nodes should be assessed, optimized, and, ideally, certified.
Traditionally, software security was considered an afterthought in the overall Software Development Lifecycle (SDLC), being added after the software application has been deployed or even used, by deploying mechanisms aiming to prevent malicious individuals from exploiting their vulnerabilities. However, the ability of the attackers to bypass the deployed countermeasures has forced recently software development enterprises to shift their focus towards the concept of Security by Design, i.e., towards building software that is highly secure (i.e., vulnerability free) from the ground up. According to the Security by Design concept, security should be monitored and optimized at all phases of the SDLC, and essentially to be the concept that will guide the overall development (decisions). This concept is depicted in the following figure.
Figure 1: The traditional Software Development Lifecycle (top) and the Software Development Lifecycle that adopts the Security-by-Design paradigm (bottom). According to the Security-by-Design concept, security is added at each phase of the SDLC, through the provision of suitable security mechanisms.
To this end, IoTAC, apart from proposing a secure IoT Architecture, will attempt to provide solutions for assessing, optimizing, and certifying the security of IoT Software Applications, in order to provide a holistic approach in securing a given IoT System. It will provide proactive mechanisms for monitoring and optimizing security throughout the overall SDLC of IoT Software Applications.
2. The IoTAC Software Security by Design (SSD) Platform
Within the context of the IoTAC Project, an independent platform, the Software Security by Design (SSD) Platform, will be developed, with the aim to provide solutions for assessing, improving, and certifying the security level of IoT Software Applications throughout the overall SDLC. An overview of the envisaged SSD Platform is provided in the figure below:
Figure 2: The high-level overview of the IoTAC Software Security by Design (SSD) Platform.
As can be seen by the figure above, the SSD Platform will consist of 3 core modules, namely (i) the Design and Requirements module, (ii) the Software Security Assurance (or Assessment) Module, and (iii) the Software Security Certification Module. The main functionalities of these modules are described in what follows.
- Design and Requirements Module: The purpose of this module is to provide means for monitoring (i.e., measuring) and improving (i.e., optimizing) the security level of a software application during the Design and Requirement phases of the SDLC. To this end, this module will provide the following core functionalities (i.e., components):
- Software Security Requirements Specification: This component is meant to facilitate (simplify) the specification of the security requirements of a given software product. It will enable the user to define the desired security requirements into natural language, avoiding enforcing them to use tedious templates.
- Software Security Requirements Verification and Validation: The purpose of this component will be to evaluate the correctness and completeness of the software security requirements that are defined by the user and provide recommendations regarding their improvement.
- Software Security Requirements Adherence Check: This component is responsible for evaluating whether the final IoT software application adheres to the originally imposed security requirements.
- Software Security Assurance Module: The purpose of this module is to provide means for monitoring and improving the security level of a software application during the Coding and Testing phases of the SDLC. To this end, this module will provide the following core functionalities (i.e., components):
- Quantitative Software Security Assessment: The purpose of this component is to provide a quantitative expression of the internal security level of an IoT Software application, based on the existence of potential security issues that may reside in their code. This component will be based on state-of-the-art concepts from the fields of software quality and software security evaluation, as well as on popular decision-making techniques.
- Vulnerability Prediction: This component is responsible for identifying security hotspots, i.e., software components that are likely to contain security vulnerabilities. It will be based on vulnerability prediction models that will be built based on advanced machine learning techniques (mainly deep learning) and popular vulnerability datasets.
- Software Security Certification Module: The purpose of this module is to provide solutions for certifying the security of a given IoT Software Application, based on project-specific security evaluations and on conformance to international security standards and best practices. As can be seen by the figure above, this module will take into consideration: (i) the adherence of the software application to the originally imposed software security requirements, (ii) the security of its source code based on the code-level security assessment and vulnerability prediction reports, and (iii) the adherence of the application to requirements retrieved from international security standards and best practices. The module will produce a certificate, certifying the security level of the analyzed software, along with a report of things that require fix.
From the above analysis, it is clear that the IoTAC Project, apart from introducing a Secure IoT Architecture, will provide solutions (i.e., mechanisms) for monitoring, improving, and certifying the security level of the software applications that are running on IoT Platforms, implemented as an independent platform, the Software Security by Design (SSD) Platform. Hence, IoTAC will provide a holistic approach for securing IoT Platforms, through the provision of a novel Secure Reference IoT Architecture, as well as a platform for securing the software that is running on IoT Platforms.