Runtime Vulnerability Discovery as a Service on Industrial Internet of Things (IIoT) Systems

Abstract

The IoT and IIoT paradigms are creating new business opportunities. However, high-interconnectivity among all objects introduce new security concerns and challenges. Security is not a product, but a process. Security tests and audits have to constantly be accomplished. Once a security flaw is detected, a software patch fixing the security weakness could be then produced. This continuous security evaluation, which is iterative, might be expensive. In this paper, a novel vulnerability discovery approach is presented: Hadros. The particularity of the proposed design is that security tests are distributively executed among all the deployed IoT/IIoT nodes and performed at the idle time of the system, while runtime. Hadros is suitable and advantageous for the IoT and IIoT era, due to the fact that testing coverage is broadly increased as more devices are incorporated. Meanwhile, resources employed by the security researchers are also significantly reduced.