5g
Factories of the Future
Media & Entertainment
Smart Cities
Smart Energy
Smart Ports
SME Opportunities
Societal Impacts
Technology Development
Telecoms Providers
5G CAM
5G Automotive
5G CAM KPIs
5G CAM Standardisation
5G Corridors
5G Multimodal Connectivity
5G Transport Network
Artificial Intelligence & Machine Learning
Artificial Intelligence & Machine Learning in big data
Artificial Intelligence & Machine Learning technologies
Big data
Big data algorithms
Big data analytics
Collaborative Classification and Models
Business Models, Process Improvement, Contract Management, KPIs and Benchmarking Indexes
Collaboration Risk and Value Sharing
Collaborative Planning and Synchromodality
Customs & Regulatory Compliance
Environmental Performance Management
Logistics Optimisation
Stock Optimisation
Supply Chain Corrective and Preventive Actions (CAPA)
Supply Chain Financing
Supply Chain Visibility
Common Information Objects
Booking
Customs Declarations
Transport Service Description
Transport Status
Waybills
Computing and Processing
Big Data Management and Analytics
Cloud
Edge
Fog
Knowledge Graphs
Machine Learning
MIST
Stream Processing
Connectivity
Architecture
Blockchain
Connectivity Interfaces
Technologies (Bluetooth, Ethernet, Wifi)
Data Management, Simulation and Dashboards
Dashboards
Data Fusion
Data Governance, Integrity, Quality Management and Harmonization
Event Handling
Open Data
Simulation
Statistics and Key Performance Indicators (KPIs)
Data market
Data ecosystem
Data marketplace
Data Platform
Data Providers
Devices
IoT Controllers
IoT Gateways
IoT Sensors
Tracking Sensors
Digitisation Frameworks
Control Towers
Data Pipelines
e-Freight
e-Maritime
National Single Windows
Port Community Systems
Federation
Data Federation
Platform Federation
Industrial IoT Sectors
Rail Sector Active Predictive Maintenance
Interoperability
Data interoperability
Data interoperability mechanisms
Interoperability solutions
Platform interoperability
IoT Secuirty, Privacy and Safety Systems
PKI Technology
Privacy-preservation
Data privacy preserving technologies
Privacy preserving technologies
Project Results
5G-SOLUTIONS Deliverables
5G-SOLUTIONS Publications
CHARIOT Capacity Building and Trainings
CHARIOT Deliverables
CHARIOT Publications
SELIS Deliverables
SELIS Publications and Press Releases
Project Results - 5g Routes
5G-ROUTES Deliverables
5G-ROUTES Innovation
5G-ROUTES Publications
Project Results - TRUSTS
TRUSTS Deliverable
TRUSTS Publications
Safety, Security and Privacy Systems
Access Management
Coordinated Border Management
Information Security
International Organisations
Risk Assessment and Management
Risk Management
Safety and Security Assessment
Source Code Analysis
Sectors and Stakeholders
Airports and Air Transport
Banks, investors and other funding providers
Custom Authorities
Facilities, Warehouses
Freight Forwarders
Inland Waterways
Multimodal Operators
Ports and Terminals
Railway
Retailers
Road Transport
Shippers
Shipping
Smart Buildings
Trusties and other Intermediary Organizations
Urban and Countryside Logistics
Urban Logistics
Sectors and Stakeholders - TRUSTS
Audit & Law firms
Corporate offices
Enterprises
Financial Institutions
Telecommunications
Security
Secured Data
Secured Infrastructure
Secured Platform
Sovereignty
Data sovereignty
Standards
Good Distribution Practices
International data standards
International Organization for Standardization (ISO)
UN/CEFACT
World Customs Organization (WCO)
Supply Chain Management
Business Models, Process Improvement, Contract Management, KPIs and Benchmarking Indexes
Risk Management
Risk-Based Controls
Screening and tracking
Supervision Approach
Technologies
5g
Agile Deployment, Configuration Management
Business Applications
Business Integration Patterns, Publish-Subscribe
Cloud Technologies/Computing, Services Virtualisation
Cognitive
Community Node Platform and Application Monitoring
Connectivity Technologies (Interfaces and Block Chain)
Hybrid S/T Communication and Navigation Platforms
IoT (Sensors, platforms)
Mobile
Physical Internet (PI)
Public key infrastructure (PKI)
Radio-frequency identification (RFID)

Safety and Security Assessment

A Four-Step Guide to Security Assurance for IoT Devices
IoT device connection growth over time by device type. Source: http://enterprise-iot.org
Bill Graham

INTRODUCTION:


Powered by the forces of the cloud, connected endpoints, wireless technologies, and big data, the Internet of Things (IoT) and machine to machine (M2M) evolution is forming a “perfect storm” for software engineering teams. Vendors are racing to claim a piece of the predicted 19 trillion dollar IoT market, made up of more than 50 billion IoT devices spanning nearly all markets – automotive, energy/utilities, home appliance, consumer electronics, medical, education, manufacturing, and more. This new landscape for embedded devices means increased connectivity and confidential data storage and transmission. Current manufacturers are still developing products using old and entrenched supply chain, engineering, and quality assurance processes that weren’t designed for the complexities of today’s highly-connected “smart” devices. Engineering teams are utilizing a progressively diverse set of suppliers and relying on 3rd party software to save while trying to satisfy the business and market thirst for IoT demands. 

 

So how do we evolve device software processes to better protect our next-generation IoT devices?  First, it starts with a sound plan that includes next-generation software assurance and a “security-first” methodology. Teams need to rethink how they deliver software quickly – with security, safety, and quality in mind from design to deployment. IoT systems are complex and dynamic, as are the adverseries attempting to compromise the system (B. Zorn et. al.)  However, “rethinking” should not be “restarting.”  To do this successfully, teams should leverage the best tools available that help them analyze the software they are developing, looking for problems that IoT presents – including both in-house source and 3rd-party binary code. The number of IoT device connections is growing exponentially, which is both an opportunity and a challenge, with the number of connections doubling every 4-5 years.

IoT device connection growth over time by device type. Source: http://enterprise-iot.org

IoT device connection growth over time by device type. Source: http://enterprise-iot.org



A four-step quality assurance guide will create better security in IoT devices:


 
1.Design with a “security-first” philosophy. For connected devices in the IoT universe, security must be a prime consideration during all stages of development. The smart development team builds security requirements, development, and testing into the schedule and budget. Despite the potential unknowns and risks with device security, automated software tools are a significant boon to security assurance. 

2.A system-wide threat assessment and analysis. Your device is part of a larger IoT infrastructure, and understanding the potential security issues at a system level are critical. A threat assessment provides the known and theoretical attack vectors to your device. This is essential for all IoT systems.

3.Leverage automated tools as much as possible. Security adds additional burdens to development teams and is often outside the realm of their expertise. Source code static analysis, for example, can find defects and security threats that traditional manual and automated techniques miss. Static analysis is now an essential component in the security assurance toolset.

4.Use binary analysis to ensure the quality and security of third party code. Reliance on third-party software is growing in embedded development and using software of unknown quality and security is risky. Binary static analysis (and a combination of source and binary analysis) provides an automated technique for analyzing third-party software, ensuring it meets the system’s quality and security standards.

A four step security and quality assurance process for IoT devices

A four-step security and quality assurance process for IoT devices



This is the first in a series of blogs that go into more detail on this four step process. Stay tuned!



CONCLUSION:


Manufacturers must carefully evaluate the security threats, and level of exposure of IoT devices, implementing all of the necessary design checks and countermeasures to respond to an accelerating set of menaces.  GrammaTech was founded 26 years ago, with a firmly-grounded purpose to help organizations develop tomorrow’s software.  Given the ever-increasing dependence of software in today’s connected world, our experts are focusing on solving the most challenging software issues through a thorough portfolio of software and security assurance solutions.

IoT is here, and it is our responsibility to ensure our software is ready for it.

 

Reference Link

Attached Documents

Related Articles

The “CHARIOT IoT Search Index” aims to provide a web location where publications, articles, and relevant documents can be centralized hosted in a well-structured and easily accessed way.

read more

Tags

Contact Us
Enter Text
Copyright (c) CHARIOT - All rights reserved
Designed and Developed by eBOS Technologies
Contact our department
123movie