Research Outputs

2021 2021 2020 2020 2019 2019 2018 2018 2017 2017 2016 2016 2015 2015 0.0 0.0 0.5 0.5 1.0 1.0 1.5 1.5 2.0 2.0 2.5 2.5 3.0 3.0 3.5 3.5 4.0 4.0
Now showing 1 - 10 of 15
No Thumbnail Available
Publication

Automated and Secure Onboarding for System of Systems

2021-08-03, Maksuti, Silia, Bicaku, Ani, Zsilak, Mario, Ivkić, Igor, Péceli, Bálint, Singler, Gábor, Kovács, Kristóf, Tauber, Markus, Delsing, Jerker

The Internet of Things (IoT) is rapidly changing the number of connected devices and the way they interact with each other. This increases the need for an automated and secure onboarding procedure for IoT devices, systems and services. Device manufacturers are entering the market with internet connected devices, ranging from small sensors to production devices, which are subject of security threats specific to IoT. The onboarding procedure is required to introduce a new device in a System of Systems (SoS) without compromising the already onboarded devices and the underlying infrastructure. Onboarding is the process of providing access to the network and registering the components for the first time in an IoT/SoS framework, thus creating a chain of trust from the hardware device to its hosted software systems and their provided services. The large number and diversity of device hardware, software systems and running services raises the challenge to establish a generic onboarding procedure. In this paper, we present an automated and secure onboarding procedure for SoS. We have implemented the onboarding procedure in the Eclipse Arrowhead framework. However, it can be easily adapted for other IoT/SoS frameworks that are based on Service-oriented Architecture (SoA) principles. The automated onboarding procedure ensures a secure and trusted communication between the new IoT devices and the Eclipse Arrowhead framework. We show its application in a smart charging use case and perform a security assessment.

No Thumbnail Available
Publication

Towards a Security Baseline for IaaS-Cloud Back-Ends in Industry 4.0

2017-12, Bauer, Elisabeth, Schluga, Oliver, Maksuti, Silia, Bicaku, Ani, Hofbauer, David, Ivkić, Igor, Wöhrer, Alexander, Tauber, Markus

The popularity of cloud based Infrastructure-as-a- Service (IaaS) solutions is becoming increasingly popular. However, since IaaS providers and customers interact in a flexible and scalable environment, security remains a serious concern. To handle such security issues, defining a set of security parameters in the service level agreements (SLA) between both, IaaS provider and customer, is of utmost importance. In this paper, the European Network and Information Security Agency (ENISA) guidelines are evaluated to extract a set of security parameters for IaaS. Furthermore, the level of applicability and implementation of this set is used to assess popular industrial and open-source IaaS cloud platforms, respectively VMware and OpenStack. Both platforms provide private clouds, used as backend infrastructures in Industry 4.0 application scenarios. The results serve as initial work to identify a security baseline and research needs for creating secure cloud environments for Industry 4.0.

No Thumbnail Available
Publication

Towards Modelling a Cloud Application's Life Cycle

2016-09, Butterfield, R., Maksuti, Silia, Bicaku, Ani, Tauber, Markus, Wagner, C.

No Thumbnail Available
Publication

Towards Resilience Metrics for Future Cloud Applications

2016, Novak, Marko, Shirazi, Syed Noorulhassan, Hudic, Aleksandar, Hecht, Thomas, Tauber, Markus, Hutchison, David, Maksuti, Silia, Bicaku, Ani

An analysis of new technologies can yield insight into the way these technologies will be used. Inevitably, new technologies and their uses are likely to result in new security issues regarding threats, vulnerabilities and attack vectors. In this paper, we investigate and analyse technological and security trends and their potential to become future threats by systematically examining industry reports on existing technologies. Using a cloud computing use case we identify potential resilience metrics that can shed light on the security properties of the system.

No Thumbnail Available
Publication

Generic Autonomic Management as a Service in a SOA-based Framework for Industry 4.0

2019-10, Maksuti, Silia, Tauber, Markus, Delsing, Jerker

Cyber-physical production systems are engineered systems that are built from, and depend upon, the seamless integration of computational algorithms and physical components. In order to make these systems interoperable with each other for addressing Industry 4.0 applications a number of service-oriented architecture frameworks are developed. Such frameworks are composed by a number of services, which are inherently dynamic by nature and thus imply the need for self-adaptation. In this paper we propose generic autonomic management as a service and show how it can be integrated in the Arrowhead framework. We propose generic and reusable interfaces for each phase of the autonomic control loop in order to increase the usability of the service for other frameworks and application systems, while reducing the software engineering effort. To show the utility of our approach in the Arrowhead framework we use a climate control application as a representative example.

No Thumbnail Available
Publication

Operations security evaluation of IaaS-cloud backend for industry 4.0

2018-03, Schluga, Oliver, Bauer, Elisabeth, Bicaku, Ani, Maksuti, Silia, Tauber, Markus, Wöhler, Alexander

The fast growing number of cloud based Infrastructure-as-a-Service instances raises the question, how the operations security depending on the underlying cloud computing infrastructure can be sustained and guaranteed. Security standards provide guidelines for information security controls applicable to the provision and use of the cloud services. The objectives of operations security are to support planning and sustaining of day-to-day processes that are critical with respect to security of information environments. In this work we provide a detailed analysis of ISO 27017 standard regarding security controls and investigate how well popular cloud platforms can cater for them. The resulting gap of support for individual security controls is furthermore compared with outcomes of recent cloud security research projects. Hence the contribution is twofold, first we identify a set of topics that still require research and development and secondly, as a practical output, we provide a comparison of popular industrial and open-source platforms focusing on private cloud environments, which are important for Industry 4.0 use cases.

No Thumbnail Available
Publication

Interacting with the Arrowhead Local Cloud: On-boarding Procedure

2018-05, Bicaku, Ani, Maksuti, Silia, Hegedűs, Csaba, Tauber, Markus, Delsing, Jerker, Eliasson, Jens

Industrial automation systems are advancing rapidly and a wide range of standards, communication protocols and platforms supporting the integration of devices are introduced. It is therefore necessary to design and build appropriate tools and frameworks that allow the integration of devices with multiple systems and services. In this work we present the Arrow-head Framework, used to enable collaborative IoT automation and introduce two support core systems, SystemRegistry and DeviceRegistry, which are needed to create a chain of trust from a hardware device to a software system and its associated services. Furthermore, we propose an on-boarding procedure of a new device interacting with the Arrowhead local cloud. This ensures that only valid and authorized devices can host software systems within an Arrowhead local cloud.

No Thumbnail Available
Publication

Establishing a Chain of Trust in a Sporadically Connected Cyber-Physical System

2021-05, Maksuti, Silia, Pickem, Michael, Zsilak, Mario, Stummer, Anna, Tauber, Markus, Wieschhoff, Marcus, Pirker, Dominic, Schmittner, Christoph, Delsing, Jerker

Drone based applications have progressed significantly in recent years across many industries, including agriculture. This paper proposes a sporadically connected cyber-physical system for assisting winemakers and minimizing the travel time to remote and poorly connected infrastructures. A set of representative diseases and conditions, which will be monitored by land-bound sensors in combination with multispectral images, is identified. To collect accurate data, a trustworthy and secured communication of the drone with the sensors and the base station should be established. We propose to use an Internet of Things framework for establishing a chain of trust by securely onboarding drones, sensors and base station, and providing self-adaptation support for the use case. Furthermore, we perform a security analysis of the use case for identifying potential threats and security controls that should be in place for mitigating them.

No Thumbnail Available
Publication

Self-Adaptation Applied to MQTT via a Generic Autonomic Management Framework

2019-02, Maksuti, Silia, Schluga, Oliver, Settanni, Giuseppe, Tauber, Markus, Delsing, Jerker

Manufacturing enterprises are constantly exploring new ways to improve their own production processes to address the increasing demand of customized production. However, such enterprises show a low degree of flexibility, which mainly results from the need to configure new production equipment at design and run time. In this paper we propose self-adaptation as an approach to improve data transmission flexibility in Industry 4.0 environments. We implement an autonomic manager using a generic autonomic management framework, which applies the most appropriate data transmission configuration based on security and business process related requirements, such as performance. The experimental evaluation is carried out in a MQTT infrastructure and the results show that using self-adaptation can significantly improve the trade-off between security and performance. We then propose to integrate anomaly detection methods as a solution to support self-adaptation by monitoring and learning the normal behavior of an industrial system and show how this can be used by the generic autonomic management framework.

No Thumbnail Available
Publication

Connected cars — Threats, vulnerabilities and their impact

2018-05, Strobl, Stefanie, Hofbauer, David, Schmittner, Christoph, Maksuti, Silia, Tauber, Markus, Delsing, Jerker

The growing demand for interoperability between system components within a connected car has led to new security challenges in automotive development. The existing components, based on established technology, are often being combined to form such a connected car. For such established technologies, individual, often sector specific threat and vulnerability catalogs exist. The aim of this paper is to identify blocks of established technologies in a connected car and to consolidate the corresponding threat and vulnerability catalogs relevant for the individual constituent components. These findings are used to estimate the impact on specific system components and subsystems to identify the most crucial components and threats.