skip to main content

Attention:

The NSF Public Access Repository (NSF-PAR) system and access will be unavailable from 11:00 PM ET on Thursday, October 10 until 2:00 AM ET on Friday, October 11 due to maintenance. We apologize for the inconvenience.


Title: Formal UML-based Modeling and Analysis for Securing Location-based IoT Applications
In this work we present a process and a tool to apply formal methods in Internet of Things (IoT) applications using the Unified Modeling Language (UML). As there are no best practices to develop secured IoT systems, we have developed a plug-in tool that integrates a framework to validate UML software models and we present the design of a location-based IoT application as a use case for the validation tool.  more » « less
Award ID(s):
1950416
NSF-PAR ID:
10376455
Author(s) / Creator(s):
; ; ; ;
Date Published:
Journal Name:
REUNS 2022: The 8th National Workshop for REU Research in Networking and Systems
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. Gainaru, A. ; Zhang, C. ; Luo, C. (Ed.)
    We present MSDBench – a set of benchmarks designed to illuminate the effects of deployment choices and operating system ab- stractions on microservices performance in IoT settings. The microser- vices architecture has emerged as a mainstay set of design principles for cloud-hosted, network-facing applications. Their utility as a design pattern for “The Internet of Things” (IoT) is less well understood. We use MSDBench to show the performance impacts of different deploy- ment choices and isolation domain assignments for Linux and Ambience, an experimental operating system specifically designed to support mi- croservices for IoT. These results indicate that deployment choices can have a dramatic impact on microservices performance, and thus, MSD- Bench is a useful tool for developers and researchers in this space. 
    more » « less
  2. We present MSDBench – a set of benchmarks designed to illuminate the effects of deployment choices and operating system ab- stractions on microservices performance in IoT settings. The microser- vices architecture has emerged as a mainstay set of design principles for cloud-hosted, network-facing applications. Their utility as a design pattern for “The Internet of Things” (IoT) is less well understood. We use MSDBench to show the performance impacts of different deploy- ment choices and isolation domain assignments for Linux and Ambience, an experimental operating system specifically designed to support mi- croservices for IoT. These results indicate that deployment choices can have a dramatic impact on microservices performance, and thus, MSD- Bench is a useful tool for developers and researchers in this space. 
    more » « less
  3. Specifying and verifying the temporal properties of UML-based systems can be challenging. Although there exist some extensions of OCL to support the specification of temporal properties in UML-based notations, most of the approaches depend on using non-UML formal formalisms such as LTL, CTL, and CTL* while transforming the under-development UML models into non-UML model checking frameworks for verification. This approach introduces complexities and relies on techniques and tools that are not within the UML spectrum. In this paper, we show how TOCL (one OCL extension for temporal properties specification) can be transformed into OCL for verification purposes. Towards this end, we created a formal EBNF grammar for TOCL, based on which a parser and a MOF metamodel were generated for the language. Additionally, to facilitate the analysis of the TOCL properties, we formally defined transformation rules from TOCL metamodel to OCL metamodel using QVT. Finally, we validated the implementations of the transformation rules using USE. 
    more » « less
  4. Abstract Regression test selection (RTS) approaches reduce the cost of regression testing of evolving software systems. Existing RTS approaches based on UML models use behavioral diagrams or a combination of structural and behavioral diagrams. However, in practice, behavioral diagrams are incomplete or not used. In previous work, we proposed a fuzzy logic based RTS approach called FLiRTS that uses UML sequence and activity diagrams. In this work, we introduce FLiRTS 2, which drops the need for behavioral diagrams and relies on system models that only use UML class diagrams, which are the most widely used UML diagrams in practice. FLiRTS 2 addresses the unavailability of behavioral diagrams by classifying test cases using fuzzy logic after analyzing the information commonly provided in class diagrams. We evaluated FLiRTS 2 on UML class diagrams extracted from 3331 revisions of 13 open-source software systems, and compared the results with those of code-based dynamic (Ekstazi) and static (STARTS) RTS approaches. The average test suite reduction using FLiRTS 2 was 82.06%. The average safety violations of FLiRTS 2 with respect to Ekstazi and STARTS were 18.88% and 16.53%, respectively. FLiRTS 2 selected on average about 82% of the test cases that were selected by Ekstazi and STARTS. The average precision violations of FLiRTS 2 with respect to Ekstazi and STARTS were 13.27% and 9.01%, respectively. The average mutation score of the full test suites was 18.90%; the standard deviation of the reduced test suites from the average deviation of the mutation score for each subject was 1.78% for FLiRTS 2, 1.11% for Ekstazi, and 1.43% for STARTS. Our experiment demonstrated that the performance of FLiRTS 2 is close to the state-of-art tools for code-based RTS but requires less information and performs the selection in less time. 
    more » « less
  5. Pervasive IoT applications enable us to perceive, analyze, control, and optimize the traditional physical systems. Recently, security breaches in many IoT applications have indicated that IoT applications may put the physical systems at risk. Severe resource constraints and insufficient security design are two major causes of many security problems in IoT applications. As an extension of the cloud, the emerging edge computing with rich resources provides us a new venue to design and deploy novel security solutions for IoT applications. Although there are some research efforts in this area, edge-based security designs for IoT applications are still in its infancy. This paper aims to present a comprehensive survey of existing IoT security solutions at the edge layer as well as to inspire more edge-based IoT security designs. We first present an edge-centric IoT architecture. Then, we extensively review the edge-based IoT security research efforts in the context of security architecture designs, firewalls, intrusion detection systems, authentication and authorization protocols, and privacy-preserving mechanisms. Finally, we propose our insight into future research directions and open research issues. 
    more » « less