@article{Pahl2019,

title = {Giving IoT services an identity and changeable attributes},

author = {Marc Oliver Pahl and Lorenzo Donini},

isbn = {9783903176157},

year  = {2019},

date = {2019-01-01},

journal = {2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019},

number = {section II},

pages = {455--461},

abstract = {The Internet of Things (IoT) pervades our surroundings. It softwarizes our physical environments. Software controls devices that interface their physical environments. The IoT is often privacy, safety, and security critical. Consequently, it requires adequate mechanisms for securing its services. For reasons such as heterogeneity, complexity, and lack of deployment there is little research on IoT service security.Our work creates a base for IoT service security. We give IoT services secure identities and attributes. Using site-local X.509v3 certificates with short lifetimes, we show how service attributes can securely be changed at runtime. This enables enforcing security policies even on distributed, loosely coupled IoT nodes. Our central mechanisms are pinning certificates to service executables, and autonomously managing the short certificate lifetimes. We assess the resulting renewal traffic and power consumption. textcopyright 2019 IFIP.},

keywords = {Autonomous service management, Certificates, IoT, Metadata, Microservices, Security, Unattended nodes, X.509},

pubstate = {published},

tppubtype = {article}

}

@article{Pahl2018b,

title = {Graph-based IoT microservice security},

author = {Marc Oliver Pahl and Fran\c{c}ois Xavier Aubet and Stefan Liebald},

doi = {10.1109/NOMS.2018.8406118},

isbn = {9781538634165},

year  = {2018},

date = {2018-01-01},

journal = {IEEE/IFIP Network Operations and Management Symposium: Cognitive Management in a Cyber World, NOMS 2018},

pages = {1--3},

abstract = {The Internet of Things (IoT) can be considered as Service Oriented Architecture (SOA) of Microservices ($mu$S). The $mu$Ss inherently process data that affects the privacy, safety, and security of its users. IoT service security is a key challenge. Most state of the art providing IoT system security is policy based. We showcase a graph-based access control that runs as module on IoT nodes, or in the network. Our solution intercepts and firewalls inter-service communication. It automatically creates a model of legitimate communication relationships. The model is interactively updated via a simple-to-understand interface. Our solution adds inevitable IoT security to existing IoT systems .},

keywords = {Autonomous service management, firewall, IoT, Mi-croservices, Passive monitoring, Security, Unattended nodes},

pubstate = {published},

tppubtype = {article}

}