Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Designing a Secure IoT System Architecture from a Virtual Premise for a Collaborative AI Lab
Blekinge Tekniska Högskola, Fakulteten för datavetenskaper, Institutionen för datalogi och datorsystemteknik.ORCID-id: 0000-0002-0128-4127
Blekinge Tekniska Högskola, Fakulteten för datavetenskaper, Institutionen för datalogi och datorsystemteknik.ORCID-id: 0000-0001-8453-447X
Blekinge Tekniska Högskola, Fakulteten för datavetenskaper, Institutionen för datalogi och datorsystemteknik.ORCID-id: 0000-0003-4814-4428
2019 (Engelska)Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

IoT systems are increasingly composed out of flexible, programmable, virtualised, and arbitrarily chained IoT elements and services using portable code. Moreover, they might be sliced, i.e. allowing multiple logical IoT systems (network + application) to run on top of a shared physical network and compute infrastructure. However, implementing and designing particularly security mechanisms for such IoT systems is challenging since a) promising technologies are still maturing, and b) the relationships among the many requirements, technologies and components are difficult to model a-priori.

The aim of the paper is to define design cues for the security architecture and mechanisms of future, virtualised, arbitrarily chained, and eventually sliced IoT systems. Hereby, our focus is laid on the authorisation and authentication of user, host, and code integrity in these virtualised systems. The design cues are derived from the design and implementation of a secure virtual environment for distributed and collaborative AI system engineering using so called AI pipelines. The pipelines apply chained virtual elements and services and facilitate the slicing of the system. The virtual environment is denoted for short as the virtual premise (VP). The use-case of the VP for AI design provides insight into the complex interactions in the architecture, leading us to believe that the VP concept can be generalised to the IoT systems mentioned above. In addition, the use-case permits to derive, implement, and test solutions. This paper describes the flexible architecture of the VP and the design and implementation of access and execution control in virtual and containerised environments. 

Ort, förlag, år, upplaga, sidor
2019.
Nyckelord [en]
IoT, AI, Security, Authentication, Collaboration
Nationell ämneskategori
Telekommunikation
Identifikatorer
URN: urn:nbn:se:bth-17550DOI: 10.14722/diss.2019.23006ISBN: 1-891562-56-8 (tryckt)OAI: oai:DiVA.org:bth-17550DiVA, id: diva2:1284028
Konferens
Workshop on Decentralized IoT Systems and Security (DISS) 24 February 2019, San Diego, CA,
Forskningsfinansiär
EU, Horisont 2020, 732204Tillgänglig från: 2019-01-30 Skapad: 2019-01-30 Senast uppdaterad: 2019-08-09Bibliografiskt granskad
Ingår i avhandling
1. Towards Secure Collaborative AI Service Chains
Öppna denna publikation i ny flik eller fönster >>Towards Secure Collaborative AI Service Chains
2019 (Engelska)Licentiatavhandling, sammanläggning (Övrigt vetenskapligt)
Abstract [en]

At present, Artificial Intelligence (AI) systems have been adopted in many different domains such as healthcare, robotics, automotive, telecommunication systems, security, and finance for integrating intelligence in their services and applications. The intelligent personal assistant such as Siri and Alexa are examples of AI systems making an impact on our daily lives. Since many AI systems are data-driven systems, they require large volumes of data for training and validation, advanced algorithms, computing power and storage in their development process. Collaboration in the AI development process (AI engineering process) will reduce cost and time for the AI applications in the market. However, collaboration introduces the concern of privacy and piracy of intellectual properties, which can be caused by the actors who collaborate in the engineering process.  This work investigates the non-functional requirements, such as privacy and security, for enabling collaboration in AI service chains. It proposes an architectural design approach for collaborative AI engineering and explores the concept of the pipeline (service chain) for chaining AI functions. In order to enable controlled collaboration between AI artefacts in a pipeline, this work makes use of virtualisation technology to define and implement Virtual Premises (VPs), which act as protection wrappers for AI pipelines. A VP is a virtual policy enforcement point for a pipeline and requires access permission and authenticity for each element in a pipeline before the pipeline can be used.  Furthermore, the proposed architecture is evaluated in use-case approach that enables quick detection of design flaw during the initial stage of implementation. To evaluate the security level and compliance with security requirements, threat modeling was used to identify potential threats and vulnerabilities of the system and analyses their possible effects. The output of threat modeling was used to define countermeasure to threats related to unauthorised access and execution of AI artefacts.

Ort, förlag, år, upplaga, sidor
Karlskrona: Blekinge Tekniska Högskola, 2019. s. 146
Serie
Blekinge Institute of Technology Licentiate Dissertation Series, ISSN 1650-2140 ; 11
Nationell ämneskategori
Telekommunikation
Identifikatorer
urn:nbn:se:bth-18531 (URN)978-91-7295-381-9 (ISBN)
Presentation
2019-09-10, J1620, Campus Gräsvik, Karlskrona, 12:30 (Engelska)
Opponent
Handledare
Tillgänglig från: 2019-08-09 Skapad: 2019-08-09 Senast uppdaterad: 2019-09-03Bibliografiskt granskad

Open Access i DiVA

fulltext(707 kB)32 nedladdningar
Filinformation
Filnamn FULLTEXT02.pdfFilstorlek 707 kBChecksumma SHA-512
2c8aada7c09e78a2c207c7486d60e359130c0ff0d2e8e056ec049fb873787790d972e1ea93009e96b60a5897309a0ffaa5f0ce60bd7964c72c1681800727b81c
Typ fulltextMimetyp application/pdf

Övriga länkar

Förlagets fulltext

Personposter BETA

Mehri, Vida. A.Ilie, DragosTutschku, Kurt

Sök vidare i DiVA

Av författaren/redaktören
Mehri, Vida. A.Ilie, DragosTutschku, Kurt
Av organisationen
Institutionen för datalogi och datorsystemteknik
Telekommunikation

Sök vidare utanför DiVA

GoogleGoogle Scholar
Totalt: 102 nedladdningar
Antalet nedladdningar är summan av nedladdningar för alla fulltexter. Det kan inkludera t.ex tidigare versioner som nu inte längre är tillgängliga.

doi
isbn
urn-nbn

Altmetricpoäng

doi
isbn
urn-nbn
Totalt: 2060 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf