EU-funded researchers are developing security-testing tool to provide all Europeans with increased confidence in the Internet of Services.

Digital Economy

By introducing a whole new level of internet-based supply and demand services, the Internet of Services (IoS) – the integration of connected items to provide a common service – is set to revolutionise how we go about our day-to-day lives. However, as society becomes increasingly dependent on the internet for all aspects of our lives, the need to ensure that this online infrastructure is secure and safe becomes of paramount importance. With a focus on internet infrastructures, the EU-funded SPACIOS project created sets of tools and techniques needed to provide IoS with a secure foundation to build from. For example, one set allows users to test specific security properties as confidentiality and authentication. Another set allows the user to conduct vulnerability-driven testing, where tests are derived from the vulnerabilities most likely to invalidate security goals. A third set of techniques provides the user with an inference/extraction model derived from attack behaviour or the implemented code. These techniques, along with an automated support system, have now been integrated into the SPACIOS tool. By providing a formal description of the system under validation (SUV), security goals and model of the attacker, the tool automatically generates and executes a sequence of test cases on the SUV via a number of proxies. ‘The SPACIOS tool was designed as a proof-of-concept for a set of security testing problem cases drawn from the “real world” scenarios seen by our project partners, which paved the way for incorporating these results into such common industrial practices as SAP and Siemens business units’, says project coordinator Luca Viganò. ‘We’ve taken the lessons we learned along the way and created a list of best practices that serve as a stepping stone for similar integrations in other industrial environments.’ A public service According to Viganò, although the SPACIOS tool is primarily being used by industry, research institutions and standardisation bodies working on the development of a secure IoS, and ultimately all Europeans benefit. ‘At the end of the day, the SPACIOS tool provides all Europeans with increased acceptance of – and confidence in – the IoS’, he says. ‘This is especially important in the rapidly developing areas of e-health, e-government and e-marketing.’ Because of this public benefit, the project has taken specific actions to engage the public. ‘We have incorporated SPACIOS’ results into numerous educational activities happening across the industry, at universities and in working groups and standardisation organizations’, says Viganò. ‘Since the close of the project, we have organised a number of specific presentations, meetings and workshops, published nearly 100 papers on the project’s work – including an impressive 10 PhD theses – and filed four patent applications.’ These actions specifically targeted service designers, developers and integrators. Strengthening Europe’s position in IoS Europe is particularly well positioned to shape and drive the internet of tomorrow. Sucessful IoS initiatives will give Europe a competitive edge and create enormous opportunities for the economy, government and society. ‘With its rich set of methodologies and technologies, the SPACIOS project provided a comprehensive framework for the provision and consumption of validated secure services, thus serving as a major enabling technology for satisfying the security challenges raised by new communications and ICT paradigms’, concludes Viganò. ‘We are confident these results will continue to help strengthen Europe’s position at the vanguard of establishing the fundamentals of an emerging IoS vision and infrastructures where trustworthiness is considered a major differentiator and fundamental enabler.’

Keywords

SPACIOS, cyber security, security testing, internet of services, IoS, Internet, confidentiality, vulnerability, attack, secure services