IDEE-FEDER project planning: Difference between revisions

From UNamur InfoSec
Jump to navigation Jump to search
No edit summary
No edit summary
Line 34: Line 34:
**'''Access Control Requirements:''' To define the access control requirement, we need to study both the scenarios, security requirements for processing data in IoTs context and also the legal requirements. European Laws are our sources of information used to derived the access control requirements. The detailed access control requirements can be found at https://doc.info.fundp.ac.be/mediawiki/index.php/FEDER:Access_Control_Requirements_in_IoT
**'''Access Control Requirements:''' To define the access control requirement, we need to study both the scenarios, security requirements for processing data in IoTs context and also the legal requirements. European Laws are our sources of information used to derived the access control requirements. The detailed access control requirements can be found at https://doc.info.fundp.ac.be/mediawiki/index.php/FEDER:Access_Control_Requirements_in_IoT
**'''Modelling IoTs infrastructure''': This task focuses on defining the IoT meta model that can be used to model different IoTs infrastructure such as smart-home, healthcare, smart-monitoring or transport monitoring system. The meta-model takes into account both the functionality and security issues.   
**'''Modelling IoTs infrastructure''': This task focuses on defining the IoT meta model that can be used to model different IoTs infrastructure such as smart-home, healthcare, smart-monitoring or transport monitoring system. The meta-model takes into account both the functionality and security issues.   
*'''From April 2017 to July 2017''':
*'''From April 2017 to July 2017''': This phase focuses on modelling a formal IoTs system architecture that will be used for the implementation and testing in future phase. Two domains are considered, smart-home and healthcare system.
**
*'''From July 2017 to September 2017''': This phase focuses on the definition of access control model, policies definition and expression and the study of access control policy language that will be used in the system implementation in future phase.
*'''From July 2017 to September 2017'''
**Access Control Model: Based on our study on existing access control models in ITs in the first phase of the project and the study of the access control and legal requirements, we define access control model, which can be used to express access control policies in our defined scenarios and security requirements. The model should comply with the requirements we defined in https://doc.info.fundp.ac.be/mediawiki/index.php/FEDER:Access_Control_Requirements_in_IoT
**Policy Definition, Expression and Language:
*'''From September 2017 to December 2017'''
*'''From September 2017 to December 2017'''
*'''From December 2017 to March 2018'''
*'''From December 2017 to March 2018'''
*'''From March 2018 to  to June 2018'''
*'''From March 2018 to  to June 2018'''
*'''From June 2018 to 30th September 2018'''
*'''From June 2018 to 30th September 2018'''

Revision as of 10:55, 23 March 2017


IDEE-FEDER Project: task T1.3.4 description

The objective of task (T1.3.4) is to define the access control model, which can be used to express the access control policies in the wide range of access scenarios in IoTs system infrastructure. The works included:

  • Modelling an IoT infrastructure and defining the requirements needed for the development and deployment of such infrastructure.
  • Defining the access scenarios in IoT for different domains such as, smart home and healthcare system, then, the IoT system architecture taking into account the defined scenarios and requirements
  • Based on the defined IoT infrastructure and defined scenarios, define the access control requirements based upon which access control model is derived.
  • Developing the access control system, based on the defined model, which can be used to express the access control policies in IoT system with the defined access scenarios and requirements.
  • Developing the IoT system based on the define IoT architecture. The development of access control module is also included in this task.
  • Integrating/incorporating access control module to IoT system.
  • Testing and validating the IoT system against the identified requirements and scenarios.
  • Meeting and scientific dissemination:
    • Project follow-up meeting
    • Project report and result dissemination
    • Meeting with project partners and scientific communities.
    • Participating the scientific conferences and seminars

Project Planning

The project is for 2 years periods started from first of October 2016 to 30th September 2018. The entire project is broken down into small tasks as shown in the figure below.

Project planning copy.png

  • From October 2016 to January 2017: This phase focuses on building up the knowledge in the field of IoTs and most importantly the security issues in such system. We studies different areas under the IoT context.
    • Existing IoTs infrastructure studies: The idea is to look at different existing IoT system across domain from infrastructure/building to smart home and healthcare system. Different sources of information are considered both in research communities and private sectors.
    • State of the arts of IoTs: risks and security assessment: IoTs system allows different devices (things) to be connected through different communication medias (e.g.Internet, wifi, etc.). This opens an opportunity of larger attack. Thus, Identifying the risk and finding the solution to address such risk is important.
    • State of the arts of access control in IoTs: In any data processing system, ensuring the access is granted to right person is important in order to provide the trusting environment for people involved. Study the existing access control model for IoT system is important in order to identify the strength and weakness of the model based on which we can make the conclusion whether existing model is sufficient or some extension is required.
    • Network Technologies and micro-controller studies: Things in IoTs are devices controlled by the micro-controller, which are able to connect to network (Internet) and operate according to the user's command or in the automatic way. There are number of brands producing different type of micro-controllers that can be used in IoTs context. Study their specifications provide us some insides based on which we can choose the devices based on our requirement. We investigated two network technologies: WiFi and Lora network. For micro-controllers, we studied ESP8266 and LoPy of Pycom.
  • From January 2017 to April 2017: This phase focuses on some testing and trial and also some studies of the existing IoTs infrastructure.
    • Test-trial: Lora Network with LoPy: Our aim is to investigate the Lora network technology with different configurations and devices' specifications. We have tested Lora network with different gateways and devices such as iC880-A USB gateway with LoPy devices and we also tested LoPy as nano-gateway. We also tested for different frequencies and bandwidths. The tests are performed for both up and down link with ABP and OTAA modes.
    • Test-trial: Wifi network with ESP8266 module: We created the wifi network with ESP8366 and tested some smart-home scenarios with different type of sensors such as, temperature, luminosity, pressure, movement sensors.
    • Test-trial: Sensors module: Different types of sensors are tested with ESP8266 and LoPy micro-controller. Sensors used in our tests are temperature, pressure, humidity, luminosity and movement sensors.
    • Scenarios in IoTs system: Defining the access scenarios in IoT system, more importantly in smart-home and healthcare domains. The scenarios are derived from our studies of needs in smart home system and healthcare information system. The list of scenarios can be found at https://doc.info.fundp.ac.be/mediawiki/index.php/File:List_of_Smart_Home_Scenarios.pdf
    • Access Control Requirements: To define the access control requirement, we need to study both the scenarios, security requirements for processing data in IoTs context and also the legal requirements. European Laws are our sources of information used to derived the access control requirements. The detailed access control requirements can be found at https://doc.info.fundp.ac.be/mediawiki/index.php/FEDER:Access_Control_Requirements_in_IoT
    • Modelling IoTs infrastructure: This task focuses on defining the IoT meta model that can be used to model different IoTs infrastructure such as smart-home, healthcare, smart-monitoring or transport monitoring system. The meta-model takes into account both the functionality and security issues.
  • From April 2017 to July 2017: This phase focuses on modelling a formal IoTs system architecture that will be used for the implementation and testing in future phase. Two domains are considered, smart-home and healthcare system.
  • From July 2017 to September 2017: This phase focuses on the definition of access control model, policies definition and expression and the study of access control policy language that will be used in the system implementation in future phase.
    • Access Control Model: Based on our study on existing access control models in ITs in the first phase of the project and the study of the access control and legal requirements, we define access control model, which can be used to express access control policies in our defined scenarios and security requirements. The model should comply with the requirements we defined in https://doc.info.fundp.ac.be/mediawiki/index.php/FEDER:Access_Control_Requirements_in_IoT
    • Policy Definition, Expression and Language:
  • From September 2017 to December 2017
  • From December 2017 to March 2018
  • From March 2018 to to June 2018
  • From June 2018 to 30th September 2018