Davide Ferraris

Topic: 
Metrics for cyber-security
Research work: 

The main topic of research of ESR3 is “metrics for cybersecurity”. This work will deal in particular with trust metrics for the Internet of Things. The vision of the Internet of Things (IoT) is founded on the following premise: it is possible to create a world-wide network of interconnected objects, or things, which will probably be readable, recognizable, locatable, addressable, and/or controllable via the Internet. Billions of devices are foreseen to be connected by 2020, so trust issues will grow exponentially. Trust is necessary in a system such as IoT because the entities involved should know the other entities they have to interact with. The problem of finding a suitable way to establish trust becomes more complicated in IoT due to its heterogeneity. Trust management systems have been used during the decision-making process in order to assist entities that have to interact with others in a system. How to measure trust then becomes a key issue for IoT systems as all the heterogeneous entities will use their own trust management systems and this is challenging.

ESRs Publications

Description:

With the ever-increasing number of smart home devices, the issues related to these environments are also growing. With an ever-growing attack surface, there is no standard way to protect homes and their inhabitants from new threats. The inhabitants are rarely aware of the increased security threats that they are exposed to and how to manage them. To tackle this problem, we propose a solution based on segmented architectures similar to the ones used in industrial systems. In this approach, the smart home is segmented into various levels, which can broadly be categorised into an inner level and external level. The external level is protected by a firewall that checks the communication from/to the Internet to/from the external devices. The internal level is protected by an additional firewall that filters the information and the communications between the external and the internal devices. This segmentation guarantees a trusted environment between the entities belonging to the internal network. In this paper, we propose an adaptive trust model that checks the behaviour of the entities and, through this model, in case the entities violate trust rules they can be put in quarantine or banned from the network.