Helping novice developers harness security issues in cloud-IoT systems-Reference-Cited by-同舟云学术

Helping novice developers harness security issues in cloud-IoT systems

Published:2022-05-13 Issue:3 Volume:8 Page:261-283
ISSN:2199-4668
Container-title:Journal of Reliable Intelligent Environments
language:en
Short-container-title:J Reliable Intell Environ

Author:

Corno Fulvio^ORCID,De Russis Luigi^ORCID,Mannella Luca^ORCID

Abstract

AbstractThe development of cloud-connected Internet of Things (IoT) systems is becoming more and more affordable, even to novice programmers, thanks to dedicated cloud platforms that already integrate the core functionality needed by an IoT system. In this context, a growing number of IoT systems are being developed and deployed on open networks, often without integrating adequate security in the process. Novice IoT programmers, in particular, tend to overlook security issues, as confirmed by a small user study. Starting from this risk, the paper analyzes the security features available in two major cloud-IoT platforms (Amazon Web Services and Microsoft Azure) and highlights those settings, tools, and practices designed to ensure more secure implementations. We observed that these platforms would reasonably address many security problems detected in the study, if only the correct features were identified and used. The paper finally contributes a set of guidelines to support novice IoT developers in avoiding the main and recurrent security issues in their projects and better exploiting cloud-IoT platforms’ inherent security features.

Publisher

Springer Science and Business Media LLC

Subject

Renewable Energy, Sustainability and the Environment,Artificial Intelligence,Computer Science Applications,Computer Networks and Communications

Link

https://link.springer.com/content/pdf/10.1007/s40860-022-00175-4.pdf

Reference62 articles.

1. Deepak K, Kelly S, Benton C, Deepali G, Galina A, Dmitry K, Rajarshi G, Zakir D (2019) All things considered: an analysis of IoT devices on home networks. In: 28th USENIX security symposium (USENIX Security 19), pp 1169–1185. ISBN 978-1-939133-06-9. https://www.usenix.org/conference/usenixsecurity19/presentation/kumar-deepak

2. Raj B, Bob G, Dennis S, Kevin J, David W (2021) Magic quadrant for cloud infrastructure and platform services. Technical report, Gartner Inc., July. https://www.gartner.com/doc/reprints?id=1-271OE4VR &ct=210802

3. Manos A, Tim A, Michael B, Matt B, Elie B, Jaime C, Zakir D, Alex HJ, Invernizzi L, Michalis K, Deepak K, Chaz L, Zane M, Joshua M, Damian M, Chad S, Nick S, Kurt T, Zhou Y (2017) Understanding the mirai botnet. In: 26th USENIX security symposium (USENIX Security 17), pp 1093–1110, Vancouver, BC, August. USENIX Association. ISBN 978-1-931971-40-9. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/antonakakis

4. CVE-2021-28372. Available from MITRE, CVE-ID CVE-2021-28372., March 13 2021. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28372

5. Corno F, De Russis L, Mannella L (2021) Perception of security issues in the development of Cloud-IoT systems by a novice programmer. In: Intelligent environments 2021, pp 5–15. IOS Press. https://doi.org/10.3233/AISE210074

Cited by 4 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Security at the Edge for Resource-Limited IoT Devices;Sensors;2024-01-17

2. Security Evaluation of Arduino Projects Developed by Hobbyist IoT Programmers;Sensors;2023-03-02

3. Security and Privacy Aware Programming Model for IoT Applications in Cloud Environment;International Journal on Cloud Computing: Services and Architecture;2023-02-27

4. IoT Security and Privacy Challenges from the Developer Perspective;Ambient Intelligence – Software and Applications – 14th International Symposium on Ambient Intelligence;2023