发布求助
文献互助 智能选刊 最新文献

2022 IEEE/ACM 4th International Workshop on Software Engineering Research and Practices for the IoT (SERP4IoT)最新文献

筛选
英文 中文
“If security is required”: Engineering and Security Practices for Machine Learning-based IoT Devices “如果需要安全”:基于机器学习的物联网设备的工程和安全实践
2022 IEEE/ACM 4th International Workshop on Software Engineering Research and Practices for the IoT (SERP4IoT) Pub Date : 2022-05-01 DOI: 10.1145/3528227.3528565
Nikhil Krishna Gopalakrishna, Dharun Anandayuvaraj, Annan Detti, Forrest Lee Bland, Sazzadur Rahaman, James C. Davis
{"title":"“If security is required”: Engineering and Security Practices for Machine Learning-based IoT Devices","authors":"Nikhil Krishna Gopalakrishna, Dharun Anandayuvaraj, Annan Detti, Forrest Lee Bland, Sazzadur Rahaman, James C. Davis","doi":"10.1145/3528227.3528565","DOIUrl":"https://doi.org/10.1145/3528227.3528565","url":null,"abstract":"The latest generation of IoT systems incorporate machine learning (ML) technologies on edge devices. This introduces new engineering challenges to bring ML onto resource-constrained hardware, and complications for ensuring system security and privacy. Existing research prescribes iterative processes for machine learning enabled IoT products to ease development and increase product success. However, these processes mostly focus on existing practices used in other generic software development areas and are not specialized for the purpose of machine learning or IoT devices. This research seeks to characterize engineering processes and security practices for ML-enabled IoT systems through the lens of the engineering lifecycle. We collected data from practitioners through a survey (N=25) and interviews (N=4). We found that security processes and engineering methods vary by company. Respondents emphasized the engineering cost of security analysis and threat modeling, and trade-offs with business needs. Engineers reduce their security investment if it is not an explicit requirement. The threats of IP theft and reverse engineering were a consistent concern among practitioners when deploying ML for IoT devices. Based on our findings, we recommend further research into understanding engineering cost, compliance, and security trade-offs.","PeriodicalId":275034,"journal":{"name":"2022 IEEE/ACM 4th International Workshop on Software Engineering Research and Practices for the IoT (SERP4IoT)","volume":"72 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133021601","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
Vulnerability Classification of Consumer-based IoT Software 基于消费者的物联网软件漏洞分类
2022 IEEE/ACM 4th International Workshop on Software Engineering Research and Practices for the IoT (SERP4IoT) Pub Date : 2022-05-01 DOI: 10.1145/3528227.3528566
Bara' Nazzal, Atheer Abu Zaid, Manar H. Alalfi, A. Valani
{"title":"Vulnerability Classification of Consumer-based IoT Software","authors":"Bara' Nazzal, Atheer Abu Zaid, Manar H. Alalfi, A. Valani","doi":"10.1145/3528227.3528566","DOIUrl":"https://doi.org/10.1145/3528227.3528566","url":null,"abstract":"This paper surveys and categorizes potential software vulnerabilities in consumer-based IoT applications. We look at the currently available reported vulnerabilities in the SmartThings platform as well as potential vulnerabilities that face IoT platforms in general. We provide a multi-step categorization that applies available guidance as well as connecting it to frameworks such as OWASP and MITRE ATT&CK to classify the vulnerabilities depending on their platform, layer, nature, class as well as the suggested mitigation.","PeriodicalId":275034,"journal":{"name":"2022 IEEE/ACM 4th International Workshop on Software Engineering Research and Practices for the IoT (SERP4IoT)","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125598237","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Building blocks for IoT testing - a benchmark of IoT apps and a functional testing framework 物联网测试的构建块-物联网应用程序的基准和功能测试框架
2022 IEEE/ACM 4th International Workshop on Software Engineering Research and Practices for the IoT (SERP4IoT) Pub Date : 2022-05-01 DOI: 10.1145/3528227.3528568
R. Cristea, Mihail Feraru, C. Paduraru
{"title":"Building blocks for IoT testing - a benchmark of IoT apps and a functional testing framework","authors":"R. Cristea, Mihail Feraru, C. Paduraru","doi":"10.1145/3528227.3528568","DOIUrl":"https://doi.org/10.1145/3528227.3528568","url":null,"abstract":"IoT security is a topic that offers numerous opportunities for improvement and development. In this paper, we first present a set of open-source mock IoT applications along with the necessary infrastructure specifically designed to emulate a real IoT system. With our app set, users can add their own applications, automation rules, and communication flows with little technical effort, and test different scenarios to reproduce bugs that are not specific to the use of a single device. Second, we describe a functional testing framework for the IoT that is inspired by behavior-driven development (BDD), a testing methodology that serves as a proof-of-concept for how the application set can be used in different test scenarios. The application set and the functional testing framework are independent of each other. Our goal is to help IoT developers and testers find new testing techniques and benchmarking them in a reproducible, comparable, and less biased environment. We believe that they form the basis for a better understanding of how to test systems composed of heterogeneous devices to find issues and vulnerabilities that arise mainly from their interaction and data persistence management.","PeriodicalId":275034,"journal":{"name":"2022 IEEE/ACM 4th International Workshop on Software Engineering Research and Practices for the IoT (SERP4IoT)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123295728","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Software Engineering Approaches for TinyML based IoT Embedded Vision: A Systematic Literature Review 基于TinyML的物联网嵌入式视觉的软件工程方法:系统文献综述
2022 IEEE/ACM 4th International Workshop on Software Engineering Research and Practices for the IoT (SERP4IoT) Pub Date : 2022-04-19 DOI: 10.1145/3528227.3528569
Shashank Bangalore Lakshman, Nasir U. Eisty
{"title":"Software Engineering Approaches for TinyML based IoT Embedded Vision: A Systematic Literature Review","authors":"Shashank Bangalore Lakshman, Nasir U. Eisty","doi":"10.1145/3528227.3528569","DOIUrl":"https://doi.org/10.1145/3528227.3528569","url":null,"abstract":"Internet of Things (IoT) has catapulted human ability to control our environments through ubiquitous sensing, communication, computation, and actuation. Over the past few years, IoT has joined forces with Machine Learning (ML) to embed deep intelligence at the far edge. TinyML (Tiny Machine Learning) has enabled the deployment of ML models for embedded vision on extremely lean edge hardware, bringing the power of IoT and ML together. However, TinyML powered embedded vision applications are still in a nascent stage, and they are just starting to scale to widespread real-world IoT deployment. To harness the true potential of IoT and ML, it is necessary to provide product developers with robust, easy-to-use software engineering (SE) frameworks and best practices that are customized for the unique challenges faced in TinyML engineering. Through this systematic literature review, we aggregated the key challenges reported by TinyML developers and identified state-of-art SE approaches in large-scale Computer Vision, Machine Learning, and Embedded Systems that can help address key challenges in TinyML based IoT embedded vision. In summary, our study draws synergies between SE expertise that embedded systems developers and ML developers have independently developed to help address the unique challenges in the engineering of TinyML based IoT embedded vision.","PeriodicalId":275034,"journal":{"name":"2022 IEEE/ACM 4th International Workshop on Software Engineering Research and Practices for the IoT (SERP4IoT)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-04-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126271696","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Evaluation of IoT Self-healing Mechanisms using Fault-Injection in Message Brokers 在消息代理中使用错误注入的物联网自修复机制的评估
2022 IEEE/ACM 4th International Workshop on Software Engineering Research and Practices for the IoT (SERP4IoT) Pub Date : 2022-03-24 DOI: 10.1145/3528227.3528567
Miguel Duarte, João Pedro Dias, H. Ferreira, André Restivo
{"title":"Evaluation of IoT Self-healing Mechanisms using Fault-Injection in Message Brokers","authors":"Miguel Duarte, João Pedro Dias, H. Ferreira, André Restivo","doi":"10.1145/3528227.3528567","DOIUrl":"https://doi.org/10.1145/3528227.3528567","url":null,"abstract":"The widespread use of Internet-of-Things (IoT) across different application domains leads to an increased concern regarding their dependability, especially as the number of potentially mission-critical systems becomes considerable. Fault-tolerance has been used to reduce the impact of faults in systems, and their adoption in IoT is becoming a necessity. This work focuses on how to exercise fault-tolerance mechanisms by deliberately provoking its malfunction. We start by describing a proof-of-concept fault-injection add-on to a commonly used publish/subscribe broker. We then present several experiments mimicking real-world IoT scenarios, focusing on injecting faults in systems with (and without) active self-healing mechanisms and comparing their behavior to the baseline without faults. We observe evidence that fault-injection can be used to (a) exercise in-place fault-tolerance apparatus, and (b) detect when these mechanisms are not performing nominally, providing insights into enhancing in-place fault-tolerance techniques.","PeriodicalId":275034,"journal":{"name":"2022 IEEE/ACM 4th International Workshop on Software Engineering Research and Practices for the IoT (SERP4IoT)","volume":"169 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114840662","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信