research-article

An Ecosystem and IoT Device Architecture for Building Trust in the Industrial Data Space

Authors:

Mykolai Protsenko,

Julian Schütte,

Sascha WesselAuthors Info & Claims

CPSS '18: Proceedings of the 4th ACM Workshop on Cyber-Physical System Security

Pages 39 - 50

https://doi.org/10.1145/3198458.3198459

Published: 22 May 2018 Publication History

Abstract

The most recent and prominent advances in industrial computing include the growing interconnectivity of cyber-physical devices, as well as the increasing variety of complex applications exchanging data across company domains. In this context, the data becomes a valuable business asset and a trade good. The Industrial Data Space is a platform designed for the industry, allowing organizations the efficient data exchange and trade. The possibilities such platforms enable inevitably come along with new security risks regarding the establishment of trust, communication security, data usage control, or the integrity of participating systems. We define the key security requirements for the operation of such platforms in untrusted environments and present an overall security architecture for the whole ecosystem including the secure design and implementation of an architecture for the participating cyber-physical devices. On these devices, we allow for the controlled and isolated execution of services for application-specific gathering, processing and exchanging of data between organizations.

References

[1]

Fraunhofer AISEC. 2018. trustm3 is trust|me. (2018). https://github.com/trustm3. Accessed: 2018-03--17.

[2]

OSGi Alliance. 2018. Architecture. (2018). https://www.osgi.org/developer/architecture/. Accessed: 2018-03--17.

[3]

Jeremy Andrus, Christoffer Dall, Alexander Van't Hof, Oren Laadan, and Jason Nieh. 2011. Cells: A Virtual Mobile Smartphone Architecture. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles (SOSP '11). ACM, New York, NY, USA, 173--187.

Digital Library

[4]

Industrial Data Space Association. 2018. IoT edge platform "Trusted Connector". (2018). https://github.com/industrial-data-space/trusted-connector. Accessed: 2018-03--17.

[5]

Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. 2003. Xen and the Art of Virtualization. In Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles (SOSP '03). ACM, New York, NY, USA, 164--177.

Digital Library

[6]

D. Bernstein. 2014. Containers and Cloud: From LXC to Docker to Kubernetes. IEEE Cloud Computing 1, 3 (Sept 2014), 81--84.

[7]

A. Celesti, D. Mulfari, M. Fazio, M. Villari, and A. Puliafito. 2016. Exploring Container Virtualization in IoT Clouds. In IEEE International Conference on Smart Computing (SMARTCOMP). 1--6.

[8]

Wenzhi Chen, Lei Xu, Guoxi Li, and Yang Xiang. 2015. A Lightweight Virtualization Solution for Android Devices. In Computers, IEEE Trans. on, Vol. 64. 2741--2751.

Digital Library

[9]

OpenFog Consortium. 2018. OpenFog Reference Architecture. (2018). https://www.openfogconsortium.org/ra. Accessed: 2018-03--17.

[10]

Christoffer Dall and Jason Nieh. 2014. KVM/ARM: The Design and Implementation of the Linux ARM Hypervisor. In Proc. of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '14). ACM, New York, NY, USA, 333--348.

Digital Library

[11]

Google Developers. 2018. Protocol Buffers - Google's data interchange format. (2018). https://github.com/google/protobuf. Accessed: 2018-03--17.

[12]

Maria Fazio, Antonio Celesti, and Massimo Villari. 2013. Design of a Message-Oriented Middleware for Cooperating Clouds. Springer Berlin Heidelberg, Berlin, Heidelberg, 25--36.

[13]

W. Felter, A. Ferreira, R. Rajamony, and J. Rubio. 2015. An Updated Performance Comparison of Virtual Machines and Linux Containers. In 2015 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS). 171--172.

[14]

David Ferraiolo, Janet Cugini, and D Richard Kuhn. 1995. Role-Based Access Control (RBAC): Features and Motivations. In Proceedings of 11th annual computer security application conference. 241--48.

[15]

Wolfgang Gerlach, Wei Tang, Kevin Keegan, Travis Harrison, Andreas Wilke, Jared Bischof, Mark D'Souza, Scott Devoid, Daniel Murphy-Olson, Narayan Desai, and Folker Meyer. 2014. Skyport: Container-based Execution Environment Management for Multi-cloud Scientific Workflows. In Proceedings of the 5th International Workshop on Data-Intensive Computing in the Clouds (DataCloud '14). IEEE Press, Piscataway, NJ, USA, 25--32.

Digital Library

[16]

Ken Goldman. 2018. IBM's TPM 2.0 TSS. (2018). https://sourceforge.net/projects/ibmtpm20tss/. Accessed: 2018-03--17.

[17]

M. Harvan and A. Pretschner. 2009. State-Based Usage Control Enforcement with Data Flow Tracking using System Call Interposition. In Network and System Security, 2009. NSS '09. Third International Conference on. 373--380.

Digital Library

[18]

Manuel Huber, Julian Horsch, Michael Velten, Michael Weiss, and Sascha Wessel. 2016. A Secure Architecture for Operating System-Level Virtualization on Mobile Devices. In Revised Selected Papers of the 11th International Conference on Information Security and Cryptology - Volume 9589 (Inscrypt 2015). Springer-Verlag New York, Inc., New York, NY, USA, 430--450.

Digital Library

[19]

Joo-Young Hwang, Sang bum Suh, Sung-Kwan Heo, Chan-Ju Park, Jae-Min Ryu, Seong-Yeol Park, and Chul-Ryun Kim. 2008. Xen on ARM: System Virtualization Using Xen Hypervisor for ARM- Based Secure Mobile Phones. In Consumer Communications and Networking Conference, 2008. CCNC 2008. 5th IEEE. 257--261.

[20]

Basel Katt, Xinwen Zhang, Ruth Breu, Michael Hafner, and Jean-Pierre Seifert. 2008. A General Obligation Model and Continuity: Enhanced Policy Enforcement Engine for Usage Control. In Proceedings of the 13th ACM symposium on Access control models and technologies. ACM, 123--132.

Digital Library

[21]

K. Kaur, T. Dhand, N. Kumar, and S. Zeadally. 2017. Container-as-a-Service at the Edge: Trade-off between Energy Efficiency and Service Availability at Fog Nano Data Centers. IEEE Wireless Communications 24, 3 (June 2017), 48--56.

Digital Library

[22]

Dirk Merkel. 2014. Docker: Lightweight Linux Containers for Consistent Development and Deployment. Linux Journal 239 (2014).

Digital Library

[23]

Davide Mulfari, Maria Fazio, Antonio Celesti, Massimo Villari, and Antonio Puliafito. 2016. Design of an IoT Cloud System for Container Virtualization on Smart Objects. Springer International Publishing, Cham, 33--47.

[24]

Andrew C. Myers and Barbara Liskov. 1997. A Decentralized Model for Information Flow Control. In Proceedings of the Sixteenth ACM Symposium on Operating Systems Principles (SOSP '97). ACM, New York, NY, USA, 129--142.

Digital Library

[25]

B Otto, S Auer, J Cirullies, J Jürjens, N Menz, J Schon, and S Wenzel. 2016. Industrial Data Space: Digital Sovereignity over Data. Whitepaper, Fraunhofer-Gesellschaft, Munich (2016).

[26]

B Otto, S Lohmann, S Auer, G Brost, J Cirullies, A Eitel, T Ernst, C Haas, M Huber, C Jung, et al. 2017. Reference Architecture Model for the Industrial Data Space. Fraunhofer-Gesellschaft, Munich (2017).

[27]

C. Pahl and B. Lee. 2015. Containers and Clusters for Edge Cloud Architectures -- A Technology Review. In 2015 3rd International Conference on Future Internet of Things and Cloud. 379--386.

Digital Library

[28]

Jaehong Park and Ravi Sandhu. 2002. Towards Usage Control Models: Beyond Traditional Access Control. In Proceedings of the seventh ACM symposium on Access control models and technologies. ACM, 57--64.

Digital Library

[29]

Jaehong Park and Ravi Sandhu. 2004. The UCON ABC Usage Control Model. ACM Transactions on Information and System Security (TISSEC) 7, 1 (2004), 128--174.

Digital Library

[30]

Thomas F. J.-M. Pasquier, Jatinder Singh, David M. Eyers, and Jean Bacon. 2015. CamFlow: Managed Data-sharing for Cloud Services. CoRR abs/1506.04391 (2015).

[31]

René Peinl, Florian Holzschuher, and Florian Pfitzer. 2016. Docker Cluster Management for the Cloud - Survey Results and Own Solution. Journal of Grid Computing 14, 2 (2016), 265--282.

Digital Library

[32]

Sándor Plósz, Csaba Heged's, and Pál Varga. 2016. Advanced Security Considerations in the Arrowhead Framework. In International Conference on Computer Safety, Reliability, and Security. Springer, 234--245.

[33]

Alexander Pretschner, Matthias Büchler, Matus Harvan, Christian Schaefer, and Thomas Walter. 2009. Usage Control Enforcement with Data Flow Tracking for X11. In Proc. 5th Intl. Workshop on Security and Trust Management. 124--137.

[34]

Alexander Pretschner, Manuel Hilty, and David Basin. 2006. Distributed Usage Control. Commun. ACM 49, 9 (2006), 39--44.

Digital Library

[35]

resin.io. 2018. resinOS - Introduction. (2018). https://resinos.io/docs/. Accessed: 2018-03--17.

[36]

Otavio Salvador and Daiane Angolini. 2014. Embedded Linux Development with Yocto Project. Packt Publishing Ltd.

Digital Library

[37]

Ravi Sandhu. 1993. Lattice-based Access Control Models. Computer 26, 11 (1993), 9--19.

Digital Library

[38]

Ravi Sandhu, Edward J Coyne, Hal L Feinstein, and Charles E Youman. 1996. Role-based access control models. Computer 29, 2 (1996), 38--47.

Digital Library

[39]

Ravi Sandhu and Pierangela Samarati. 1994. Access Control: Principles and Practice. IEEE communications magazine 32, 9 (1994), 40--48.

Digital Library

[40]

Julian Schütte and Gerd Stefan Brost. 2016. A Data Usage Control System using Dynamic Taint Tracking. In Proceedings of the International Conference on Advanced Information Network and Applications (AINA).

[41]

Kyoung-Taek Seo, Hyun-Seo Hwang, Il-Young Moon, Oh-Young Kwon, and Byeong-Jun Kim. 2014. Performance Comparison Analysis of Linux Container and Virtual Machine for Building Cloud. In Conference: Networking and Communication 2014. 105--111.

[42]

HongHai Shen and Prasun Dewan. 1992. Access Control for Collaborative Environments. In Proceedings of the 1992 ACM conference on Computer-supported cooperative work. ACM, 51--58.

Digital Library

[43]

Steffen Wagner, Sergej Proskurin, and Tamas Bakos. 2018. TPM 2.0 Simulator Extraction Script. (2018). https://github.com/stwagnr/tpm2simulator. Accessed: 2018-03--17.

[44]

Sascha Wessel, Manuel Huber, Frederic Stumpf, and Claudia Eckert. 2015. Improving Mobile Device Security with Operating System-Level Virtualization. In Computers &Security.

Digital Library

[45]

Wind River Systems, Inc. 2016. White Paper: Linux Containers - Where Enterprise Meets Embedded Operating Environments. Technical Report. http://events.windriver.com/wrcd01/wrcm/2016/10/WP-Pulsar-Linux-Containers.pdf

[46]

Chiachih Wu, Yajin Zhou, Kunal Patel, Zhenkai Liang, and Xuxian Jiang. 2014. Airbag: Boosting Smartphone Resistance to Malware Infection. In Proceedings of the Network and Distributed System Security Symposium.

[47]

Xinwen Zhang, Francesco Parisi-Presicce, Ravi Sandhu, and Jaehong Park. 2005. Formal Model and Policy Specification of Usage Control. ACM Transactions on Information and System Security (TISSEC) 8, 4 (2005), 351--387.

Digital Library

[48]

Xinwen Zhang, Jean-Pierre Seifert, and Ravi Sandhu. 2008. Security Enforcement Model for Distributed Usage Control. In Sensor Networks, Ubiquitous and Trustworthy Computing, 2008. SUTC'08. IEEE International Conference on. IEEE, 10--18.

Digital Library

Cited By

Wruck FPeisl MEpple CWeiß MGupta MAbdelsalam MPritom MAwaysheh F(2024)HETCOM: Heterogeneous Container Migration Based on TEE- or TPM-established TrustProceedings of the 2024 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems10.1145/3643650.3658610(51-60)Online publication date: 21-Jun-2024
https://dl.acm.org/doi/10.1145/3643650.3658610
Fazel ENezhad MRezazadeh JMoradi MAyoade J(2024)IoT convergence with machine learning & blockchain: A reviewInternet of Things10.1016/j.iot.2024.10118726(101187)Online publication date: Jul-2024
https://doi.org/10.1016/j.iot.2024.101187
Lohmöller JPennekamp JMatzutt RSchneider CVlad ETrautwein CWehrle K(2024)The unresolved need for dependable guarantees on security, sovereignty, and trust in data ecosystemsData & Knowledge Engineering10.1016/j.datak.2024.102301151:COnline publication date: 1-May-2024
https://dl.acm.org/doi/10.1016/j.datak.2024.102301
Show More Cited By

Index Terms

An Ecosystem and IoT Device Architecture for Building Trust in the Industrial Data Space
1. Security and privacy
  1. Systems security
    1. Distributed systems security
    2. Operating systems security
      1. Trusted computing
      2. Virtualization and security

Recommendations

Securing Sensor to Cloud Ecosystem using Internet of Things (IoT) Security Framework
ICC '16: Proceedings of the International Conference on Internet of things and Cloud Computing

The Internet of things (IoT) refers to every object, which is connected over a network with the ability to transfer data. Users perceive this interaction and connection as useful in their daily life. However any improperly designed and configured ...
A Secure Autonomous Document Architecture for Enterprise Digital Right Management
SITIS '11: Proceedings of the 2011 Seventh International Conference on Signal Image Technology & Internet-Based Systems

In information systems data security is one of the most important goals. This concerns the confidentiality of information but also its integrity and availability. The problem becomes even more difficult if a user wants to "checkout" a document from the ...
Trust Management in Industrial Internet of Things
Automobile manufacturers around the world are increasingly deploying Industrial Internet of Things (IIoT) devices in their factories to accompany the Industrial Revolution 4.0. Security and privacy are the main limitations to the integration of Internet ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CPSS '18: Proceedings of the 4th ACM Workshop on Cyber-Physical System Security

May 2018

79 pages

ISBN:9781450357555

DOI:10.1145/3198458

Program Chairs:
Dieter Gollmann
Hamburg University of Technology, Germany &NTU, Singapore
,
Jianying Zhou
SUTD, Singapore

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 May 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ASIA CCS '18

Sponsor:

SIGSAC

ASIA CCS '18: ACM Asia Conference on Computer and Communications Security

June 4, 2018

Incheon, Republic of Korea

Acceptance Rates

CPSS '18 Paper Acceptance Rate 6 of 24 submissions, 25%;

Overall Acceptance Rate 43 of 135 submissions, 32%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

16
Total Citations
View Citations
541
Total Downloads

Downloads (Last 12 months)56
Downloads (Last 6 weeks)9

Reflects downloads up to 05 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Wruck FPeisl MEpple CWeiß MGupta MAbdelsalam MPritom MAwaysheh F(2024)HETCOM: Heterogeneous Container Migration Based on TEE- or TPM-established TrustProceedings of the 2024 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems10.1145/3643650.3658610(51-60)Online publication date: 21-Jun-2024
https://dl.acm.org/doi/10.1145/3643650.3658610
Fazel ENezhad MRezazadeh JMoradi MAyoade J(2024)IoT convergence with machine learning & blockchain: A reviewInternet of Things10.1016/j.iot.2024.10118726(101187)Online publication date: Jul-2024
https://doi.org/10.1016/j.iot.2024.101187
Lohmöller JPennekamp JMatzutt RSchneider CVlad ETrautwein CWehrle K(2024)The unresolved need for dependable guarantees on security, sovereignty, and trust in data ecosystemsData & Knowledge Engineering10.1016/j.datak.2024.102301151:COnline publication date: 1-May-2024
https://dl.acm.org/doi/10.1016/j.datak.2024.102301
Karagiannis VAl-Naday MDe Block T(2023)The Blue Dataverse: A System for Marine Data Sovereignty2023 IEEE 9th World Forum on Internet of Things (WF-IoT)10.1109/WF-IoT58464.2023.10539378(1-6)Online publication date: 12-Oct-2023
https://doi.org/10.1109/WF-IoT58464.2023.10539378
Karagiannis VAl-Akrawi AHödl O(2023)Data Sovereignty at the Edge of the Network2023 IEEE 7th International Conference on Fog and Edge Computing (ICFEC)10.1109/ICFEC57925.2023.00013(33-39)Online publication date: 1-May-2023
https://doi.org/10.1109/ICFEC57925.2023.00013
Hoffmann MKunzmann GDudda TIrmer RJukan AMacher GAhmad ABeenen FBröring AFellhauer FFettweis GFitzek FFranchi NGast FHaberland BHoppe SJoodaki SKuruvatti NLi CLopez MMehmeti FMeyerhoff TMiretti LNguyen GParvini MPries RSchaefer RSchneider PSchupke DStrassner SStubbe HVoicu A(2023)A Secure and Resilient 6G Architecture Vision of the German Flagship Project 6G-ANNAIEEE Access10.1109/ACCESS.2023.331350511(102643-102660)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3313505
Altendeitering MPampus JLarrinaga FLegaristi JHowar FCrnkovic I(2022)Data sovereignty for AI pipelinesProceedings of the 1st International Conference on AI Engineering: Software Engineering for AI10.1145/3522664.3528593(193-204)Online publication date: 16-May-2022
https://dl.acm.org/doi/10.1145/3522664.3528593
Schmidt KMunilla Garrido GMühle AMeinel C(2022)Mitigating Sovereign Data Exchange Challenges: A Mapping to Apply Privacy- and Authenticity-Enhancing TechnologiesTrust, Privacy and Security in Digital Business10.1007/978-3-031-17926-6_4(50-65)Online publication date: 6-Oct-2022
https://doi.org/10.1007/978-3-031-17926-6_4
Poltavtseva MTick A(2022)Automatic Control Approach to the Cyber-Physical Systems Security MonitoringAlgorithms and Solutions Based on Computer Technology10.1007/978-3-030-93872-7_2(17-30)Online publication date: 4-May-2022
https://doi.org/10.1007/978-3-030-93872-7_2
Werkmeister T(2021)Development of User-Centred Interaction Design Patterns for the International Data SpaceDesign, User Experience, and Usability: UX Research and Design10.1007/978-3-030-78221-4_10(144-155)Online publication date: 3-Jul-2021
https://doi.org/10.1007/978-3-030-78221-4_10
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents