建模虚拟通道以强制物联网服务的运行时属性

Proceedings of the Second International Conference on Internet of things, Data and Cloud Computing Pub Date : 2017-03-22 DOI:10.1145/3018896.3025150

Yang Zhang, Junliang Chen

{"title":"建模虚拟通道以强制物联网服务的运行时属性","authors":"Yang Zhang, Junliang Chen","doi":"10.1145/3018896.3025150","DOIUrl":null,"url":null,"abstract":"Ensuring an industrial information infrastructure in a secure and safe state is a critical and mandatory requirement. Existing execution monitoring technologies do not work well to protect physical systems, especially when these supervisory control systems are open via the Internet, and the \"inside\" malwares may compromise and subvert the monitoring mechanism itself. In this paper, we propose an isolation-based solution to enforce property policies for runtime IoT services. We firstly address the issue of isolation-based service trace observation by establishing and modeling a virtual channel. We then address the issue of isolation-based policy enforcement by dealing with the incompleteness and inconsistency of trace knowledge observed in the virtual channel. Finally, physical systems are introduced into our runtime monitors, where the controllability of IoT services is discussed as an example of service property enforcement. We make some experiments to show our idea.","PeriodicalId":131464,"journal":{"name":"Proceedings of the Second International Conference on Internet of things, Data and Cloud Computing","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Modeling virtual channel to enforce runtime properties for IoT services\",\"authors\":\"Yang Zhang, Junliang Chen\",\"doi\":\"10.1145/3018896.3025150\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Ensuring an industrial information infrastructure in a secure and safe state is a critical and mandatory requirement. Existing execution monitoring technologies do not work well to protect physical systems, especially when these supervisory control systems are open via the Internet, and the \\\"inside\\\" malwares may compromise and subvert the monitoring mechanism itself. In this paper, we propose an isolation-based solution to enforce property policies for runtime IoT services. We firstly address the issue of isolation-based service trace observation by establishing and modeling a virtual channel. We then address the issue of isolation-based policy enforcement by dealing with the incompleteness and inconsistency of trace knowledge observed in the virtual channel. Finally, physical systems are introduced into our runtime monitors, where the controllability of IoT services is discussed as an example of service property enforcement. We make some experiments to show our idea.\",\"PeriodicalId\":131464,\"journal\":{\"name\":\"Proceedings of the Second International Conference on Internet of things, Data and Cloud Computing\",\"volume\":\"8 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-03-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Second International Conference on Internet of things, Data and Cloud Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3018896.3025150\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Second International Conference on Internet of things, Data and Cloud Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3018896.3025150","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

确保工业信息基础设施处于安全可靠的状态是一项至关重要的强制性要求。现有的执行监视技术不能很好地保护物理系统，特别是当这些监视控制系统通过Internet开放时，“内部”恶意软件可能会危及和破坏监视机制本身。在本文中，我们提出了一个基于隔离的解决方案来执行运行时物联网服务的属性策略。我们首先通过建立和建模一个虚拟通道来解决基于隔离的服务跟踪观察问题。然后，我们通过处理在虚拟通道中观察到的跟踪知识的不完整性和不一致性来解决基于隔离的策略实施问题。最后，将物理系统引入到我们的运行时监视器中，其中将物联网服务的可控性作为服务属性强制执行的示例进行讨论。我们做了一些实验来证明我们的想法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Modeling virtual channel to enforce runtime properties for IoT services

Ensuring an industrial information infrastructure in a secure and safe state is a critical and mandatory requirement. Existing execution monitoring technologies do not work well to protect physical systems, especially when these supervisory control systems are open via the Internet, and the "inside" malwares may compromise and subvert the monitoring mechanism itself. In this paper, we propose an isolation-based solution to enforce property policies for runtime IoT services. We firstly address the issue of isolation-based service trace observation by establishing and modeling a virtual channel. We then address the issue of isolation-based policy enforcement by dealing with the incompleteness and inconsistency of trace knowledge observed in the virtual channel. Finally, physical systems are introduced into our runtime monitors, where the controllability of IoT services is discussed as an example of service property enforcement. We make some experiments to show our idea.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the Second International Conference on Internet of things, Data and Cloud Computing

自引率

0.00%

发文量