It is very hard (or ineffective) to take an old system and add to it security features like plug-ins. Therefore, a computer system is much more reliable designed with the approach of security-by-design. Nowadays, there are several tools, middlewares, and platforms designed with this concept in mind, but they must be appropriately used to guarantee a suitable level of reliability and safety. A security-by-design approach is fundamental when creating a distributed application in the IoT field, composed of sensors, actuators, and cloud services. The IoT usually requires handling different programming languages and technologies in which a developer might not be very expert. Through a use case, we analyzed the security of some IoT components of Amazon Web Services (AWS) from a novice programmer's point of view. Even if such a platform could be secure by itself, a novice programmer could do something wrong and leave some possible attack points to a malicious user. To this end, we also surveyed a small pool of novice IoT programmers from a consulting engineering company. Even if we discovered that AWS seems quite robust, we noticed that some common security concepts are often not clear or applied, leaving the door open to possible issues.
Perception of Security Issues in the Development of Cloud-IoT Systems by a Novice Programmer / Corno, Fulvio; De Russis, Luigi; Mannella, Luca. - STAMPA. - 29:(2021), pp. 5-15. (Intervento presentato al convegno WoRIE'21: 10th Workshop on the Reliability of Intelligent Environments tenutosi a Dubai (UAE) nel 22/06/2021) [10.3233/AISE210074].
Perception of Security Issues in the Development of Cloud-IoT Systems by a Novice Programmer
Corno, Fulvio;De Russis, Luigi;Mannella, Luca
2021
Abstract
It is very hard (or ineffective) to take an old system and add to it security features like plug-ins. Therefore, a computer system is much more reliable designed with the approach of security-by-design. Nowadays, there are several tools, middlewares, and platforms designed with this concept in mind, but they must be appropriately used to guarantee a suitable level of reliability and safety. A security-by-design approach is fundamental when creating a distributed application in the IoT field, composed of sensors, actuators, and cloud services. The IoT usually requires handling different programming languages and technologies in which a developer might not be very expert. Through a use case, we analyzed the security of some IoT components of Amazon Web Services (AWS) from a novice programmer's point of view. Even if such a platform could be secure by itself, a novice programmer could do something wrong and leave some possible attack points to a malicious user. To this end, we also surveyed a small pool of novice IoT programmers from a consulting engineering company. Even if we discovered that AWS seems quite robust, we noticed that some common security concepts are often not clear or applied, leaving the door open to possible issues.File | Dimensione | Formato | |
---|---|---|---|
2021-04-15 worie-security-perception.pdf
accesso aperto
Descrizione: Camera-ready version
Tipologia:
2. Post-print / Author's Accepted Manuscript
Licenza:
Pubblico - Tutti i diritti riservati
Dimensione
184.51 kB
Formato
Adobe PDF
|
184.51 kB | Adobe PDF | Visualizza/Apri |
2021-06-22 Perception of Security Issues in the Development of Cloud-IoT Systems by a Novice Programmer.pdf
accesso aperto
Descrizione: Published Version
Tipologia:
2a Post-print versione editoriale / Version of Record
Licenza:
Creative commons
Dimensione
314.38 kB
Formato
Adobe PDF
|
314.38 kB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2895032