UBITECH is participating at the kick-off meeting, in Athens, Greece (January 29-30, 2018), of the SecureIoT Research and Innovation Action, officially started on January 1st, 2018. The project is funded by European Commission under Horizon 2020 Programme (Grant Agreement No. 779899) and spans on the period January 2018 – December 2020. The SecureIoT project aims to secure the next generation of dynamic, decentralized IoT systems, which will span spanning multiple IoT platforms and networks of smart objects, through implementing a range of predictive IoT cybersecurity services.
SecureIoT will architect predictive security services in-line with leading edge reference architectures (Ras) for IoT applications (i.e. RAs of the Industrial Internet Consortium, the OpenFog Consortium and the Platform Industry 4.0), which will serve as a basis for specifying security building blocks at both the edge and the core of IoT systems. SecureIoT will provide concrete implementations of security data collection, security monitoring and predictive security mechanisms, which will be the basis for offering integrated services for risk assessment, compliance auditing against regulations and directives (e.g. GDPR, NIS, ePrivacy), as well as support to IoT developers based on programming annotations.
UBITECH R&D team will heavily contribute and lead the technological choices towards the definition and design of a security service architecture specifying a set of security mechanisms based on security monitoring and predictive analytics, which will be placed at both the edge and the core of the IoT deployments, while interacting between them. Moreover, UBITECH will have significant contribution in the IoT security and privacy modelling, introducing the programming model for supporting secure IoT programming based on annotations that enable the deployment and enforcement of XACML-compliant IoT security and privacy policies across various policy enforcement points (device, edge/fog, core/cloud).
Finally, UBITECH leads the implementation of (a) the Risk Assessment and Mitigation Services that will based on NIST’s Common Vulnerability Scoring System taking into account forecasts about the probability of a risk, the level of its vulnerability and its criticality and impact, in order to compute a normalized “likelihood” factor, which will be presented to end-user, but also used to initiate risk alleviation activities, including enforcement of proper security policies; and (b) the Programming Support Services that will enable IoT applications developers to flexibly secure their applications adopting a set of programming-time annotations, offering them a set of visual programming tools, including editors that will support these annotations and a run-time implementation, which will examine the annotations and will enforce privacy or security policies at certain Privacy Enforcement Points (PEP) of an IoT architecture or application.