Computing Science Dept. Digital Safety & Security Dept. of Computer Science University of Aberdeen Austrian Inst. of Tech. GmbH Oslo and Akershus University Aberdeen, UK Vienna, Austria Oslo, Norway bobduncan@abdn.ac.uk andreas.happe@ait.ac.at alfred.bratterud@hioa.no
ABSTRACT The general consensus on predictions for the number of
Cloud computing has been a great enabler for both the In- connected devices by 2020 is reckoned to be between 20 bil- ternet of Things and Big Data. However, as with all new lion to 35 billion [14][1][26][10][24], connected devices. Those computing developments, development of the technology is devices will certainly be capable of generating a huge volume usually much faster than consideration for, and development of data. We can look at the IoT as a potentially huge pro- of, solutions for security and privacy. In a previous paper, ducer of data, which is why the use of cloud is so important. we proposed that a unikernel solution could be used to im- As a first stage in the flow of data, the Cloud/BigData can prove security and privacy in a cloud scenario. In this paper, be seen as the data consumer, although, ultimately, there we outline how we might apply this approach to the Inter- will usually be an onward flow of this data for other com- net of Things, which can demonstrate an improvement over mercial reasons. The data producers then are mobile and existing approaches. geographically dispersed, and the first stage data consumer, the cloud, can also be geographically dispersed, meaning the enterprise could benefit from the consumers being near CCS Concepts to the data producers in order to minimise transport load. Information systems Enterprise information sys- Dead capacity is not sustainable, which might lead to some tems; kind of on-demand computing that should be co-located near the consumers. But, of course, while this all sounds really useful and in- Keywords teresting, it also raises other issues and concerns. It is well Cloud Security and Privacy; attack surface; compliance known that IoT technology is particularly vulnerable to at- tack, and the IoT and Big Data is no exception. Indeed, this area is poorly regulated, with few proper standards yet in 1. INTRODUCTION place, which suggests it might be potentially more vulnera- The Internet of Things (IoT) has been around for quite ble than existing systems which have been around for some a while, but it was not until cloud computing and big data time now. Issues of security, privacy and accountability have arrived that the IoT really started to take off. In 2007, yet to be properly resolved. Gantz et al [13], suggested that global data collection would Traditionally a very important part of the enterprise ar- double every 18 months, and Cisco noted that the IoT had chitecture was the central enterprise firewall through which really come of age in 2008, as there were now more things all traffic was routed. This was a fundamental element of connected to the internet than people [11]. Now, there is no achieving enterprise security, which evolved in the late 80s longer any limitation on what we can do with it. The impor- [19]. The adoption of distributed computing architecture tance of this technology should not be underestimated. It would lead to improvements in the central firewall to pro- can be used for varied, and immensely important uses such vide a distributed firewall. Subsequent adoption of mobile as: defence, domestic and home automation, eHealth, in- technology, followed by cloud technology, started to affect dustrial control, logistics, retail, security and emergencies, the efficacy of this approach, and many enterprises have yet smart airports, smart agriculture, smart animal farming, to adequately adapt their systems to the additional pres- smart cars, smart cities, smart environment, smart meter- sures these new technologies bring to the goal of achieving ing, smart parking, smart roads, smart trains, smart trans- good enterprise security. But now, with IoT devices the pos- port, smart water, to name but a few. sible routes in to the enterprises network have exploded. If we need cloud computing resources for scale-out, we are Permission to make digital or hard copies of all or part of this work for personal or fully outside the typical enterprise firewall. Fog comput- classroom use is granted without fee provided that copies are not made or distributed ing makes this even tougher, as now additional processing for profit or commercial advantage and that copies bear this notice and the full cita- is added outside of the traditional security scope. As [28], tion on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or re- suggests, technology tends to get used in unexpected ways. publish, to post on servers or to redistribute to lists, requires prior specific permission This makes enterprise security tough, as these unintended and/or a fee. Request permissions from permissions@acm.org. ways are often not forseen. In addition, IoT devices are UCC 16 December 69, 2016, Shanghai, China too resource-constrained to employ traditional security tools
c 2016 ACM. ISBN 978-1-4503-4616-0. (virus scanner, etc.), so that leaves the enterprise network DOI: 10.1145/1235 far more exposed to attack. a per-device basis, meaning there is often little consistency It is this concern that drives us to consider how the use of from one device to another. a unikernel solution might be deployed to improve the sta- On the server-side, the cloud, with its limitless scaling ca- tus quo. In this paper, we outline how we might approach pabilities, would solve the dynamic processing requirements. developing a solution to these issues and concerns. In Sec- To allow for scale-out, new paradigms have to be embraced. tion 2, we look at some typical deployment architectures In the database world, the rise of NoSQL databases was currently in use, and note how they fail to address the se- partially backed by their good scaling capabilities even curity and privacy challenges we will mention in Section 3, accepting their reduced consistency models when compared where we outline the security and privacy challenges faced by to traditional SQL databases. any enterprise wishing to safely use this new technology. In The natural way of reducing transported data is to com- Section 4, we outline the unikernel angle for both client and pact and reduce the data on-site. To achieve this, parts server. In Section 5, we talk about some of the challenges, of the server-side code must be moved towards local pro- problems and limitations IoT brings to the enterprise, and cessing stations. We assume that those are more powerful in Section 6, we discuss our conclusions. than sensors, but powerless compared to full cloud offerings. When data is processed on-site, special attention must be paid to the processing operations integrity itself. If the on- 2. SOME EXAMPLES OF CURRENTLY DE- site processing can modify all incoming data, it will be a PLOYED IOT ARCHITECTURE prime target for offensive security attackers. It is very important to realise that medical and power grid There are a number of goals for the IoT, namely cost- data will become a fundamental cornerstone of future soci- effectiveness, efficiency, quality of service, mobility, man- eties. It will therefore be extremely important to introduce ageability and of course security and privacy. The first of some form of verifiable computing in order to safeguard this these, has lead to a proliferation of cheap sensor-like devices vital data. This would allow the final data-centre to verify being used. While they are certainly cheap, they are also that the computations carried out along the data trail by generally dumb, in the sense that they have very limited other machines have been performed correctly. resources, meaning it is unlikely that these devices can be Other concerns arise for so called Smart Home setups. Fu- made to be smart. They merely collect data, which has to ture homes will be augmented with a multitude of sensors be passed on down the line. In this context, efficiency refers and control mechanisms, which in addition to forwarding to low power consumption, since it may be necessary to rely data to the cloud, might be controlled by the latter. Cur- on battery or solar power. Quality of service in this context rent setups are, for example, feedback-loops between window means the ability to prioritise data streams from different sensors and the heating system/climate control, automatic devices. Mobility, obviously refers to the fact that some door openers as well as integrated kitchen systems where devices need to be mobile, where these devices move physi- pans can automatically control stoves and ovens. All of cally from one place to another. Manageability means there which might be interesting for a malicious actor that can needs to be some way of intelligently managing the archi- utilize this to create additional costs (energy consumption) tecture, including both centralised and distributed control. or open otherwise closed doors. Infrastructure-wise we see Security and privacy are vital aspects of the architecture to a combination of dumb sensors, a local Smart Home hub ensure the archtecture is both resilient to attack, and able with limited processing capabilities and a direct uplink to to withstand leakage of personally identifiable data. the cloud for remote control capabilities. This Smart Hub However, since there are no agreed standards currently in will also be a prime target for attackers as it is in scope of existence, and there are many different ways of approaching the home user and thus seldom maintained by professional this task, we need to consider each deployment very carefully IT administration. based on the architecture specified, or actually in use. This The Smart Home area can be seen as the natural com- makes the task of ensuring the security and privacy aspects mercial extension of the original Industry 4.0 area. Here of the architecture very difficult indeed. sensors are integrated into the manufacturing process to im- The overall IoT architecture consists of uncountable mini- prove efficiency. The direct monetary incentive has lead to mal devices distributed throughout the world exchang- fast adoption within this area. Too fast, if you look at the ing data with fewer centralized servers. Given the amount various security incidents against industrial control systems. of data produced, the impact upon communication and pro- This area is also very vulnerable as traditional systems as- cessing infrastructure is very high. Another problem is the sume the local network to be secure, i.e. there are very few potentially high cyclic traffic pattern that creates short-term defensive security mechanisms in place. Now those areas traffic and utilization spikes. are accessible through a network, maybe even the Internet. The local devices themselves are resource-constrained. Nei- As already seen, those networks are a target for professional ther processing nor memory is abundant. Compared to a advanced persistent threat (APT) groups as well as for state- desktop-class computer, updating an IoT device is tough. owned actors. What could go wrong? As there is no user interface, a botched update may shut An area especially sensitive is Smart Health. It ranges down the device. Special care must be taken to make sure from local on-site medical monitoring to the highly sensitive that even a corrupt update can be recovered from. In addi- network within hospitals. Especially after the EUs General tion, all means that prevent updates in the first place, e.g., Data Protection Act (GDPA) with its increased fines for per- hardened systems that reduce the amount of needed secu- sonal data breaches, industry cannot ignore this area. Doc- rity updates, are important investments in an enterprises umented attacks (ransom-ware) as well as penetration-tests long-term business prospects. within prototype test hospital settings have shown the cur- Many of these devices use different hardware architectures rent low security level that medical devices currently have. and configurations, and often software needs to be written on IoT will increase the amount of devices used within this 2013 Code Threat setting, if they are not secure data leaks or invasive mali- A1 Injection Attacks cious attacks against medical devices (such as pacemakers A2 Broken Authentication and Session Management and drug dispensers) will become more common. A3 Cross Site Scripting (XSS) All of those scenarios have the common theme of massive A4 Insecure Direct Object References deployments. While the initial roll-out will be highly driven A5 Security Misconfiguration (and sometimes performed) by customers buying new de- A6 Sensitive Data Exposure vices, subsequent update needs might introduce new prob- A7 Missing Function Level Access Control lems. Companies producing the IoT devices (e.g., Smart A8 Cross Site Request Forgery (CSRF) Light Bulbs, Heat Sensors) need ways of updating the mil- A9 Using Components with Known Vulnerabilities lions of deployed devices. Compared to software, this has A10 Unvalidated Redirects and Forwards an additional problem: if a security sensor mandates the update of a million of loosely connected devices, and lives Table 2: OWASP Top Ten Web are in danger, there is a much higher level of urgency. Vulnerabilities 2013 [20]
3. IOT SECURITY AND PRIVACY CHAL- 2013 Code Threat
LENGES M1 Insecure Data Storage M2 Weak Server Side Controls For any enterprise, there are many security challenges M3 Insufficient Transport Layer Protection which must first be addressed. For any application using M4 Client Side Injection cloud, [9], have developed a useful list of ten key security M5 Poor Authorization and Authentication goals that must be addressed, which we see in Table 1 be- M6 Improper Session Handling low. M7 Security Decisions via Untrusted Inputs -5pt M8 Side Channel Data Leakage Number Key Security Challenges M9 Broken Cryptography 1 The definition of security goals M10 Sensitive Information Disclosure 2 Compliance with standards 3 Audit issues Table 3: OWASP Top Ten Mobile 4 Management approach Vulnerabilities 2013 [20] 5 Technical complexity of cloud 6 Lack of responsibility and accountability 7 Measurement and monitoring An important point to bear in mind is that the above ta- 8 Management attitude to security ble represents just the OWASP top ten vulnerability list. 9 Security culture in the company OWASP are currently working on a full list of 130 possible 10 The threat environment IoT vulnerabilities which might need to be taken into ac- count. While all this at first might seem like a huge task, Table 1: Duncan and Whittington OWASP do provide good suggestions as to how to mitigate 10 Key Security Issues 2016 [9] these issues. And the above just covers security issues. We also have to However, when we want to incorporate IoT into a cloud consider the challenges of privacy issues. With the increase setting, we must do more. For this purpose, we can start by in punitive legislation and regulation surrounding issues of looking at the work done by the Open Web Application Se- privacy, we must necessarily concern ourselves with provid- curity Project (OWASP), who publish a number of relevant ing the ability to ensure the goal of privacy can be achieved. lists we can use to help us deal with the additional issues The good news is that if we can achieve a high level of se- we will face in using the IoT. The first of these is their top curity, then it will be much easier to achieve a good level ten list of web security vulnerabilities , which they publish of privacy [8]. Good privacy depends on having a high level every three years. These lists are derived from real world of security. We can have security without privacy, but we intrusions reported globally, which are reflective of what the cant have privacy without security. attackers are actually doing successfully. Since these are live While the IoT has progressed significantly in technical and successful attacks, it makes sound sense to close these terms in recent years, it has very much done so at the ex- loopholes first. The latest list is provided in the table below. pense of security and privacy, for example accessing utility This list is based on the result of analysis of successful se- companes, including nuclear in the US [31], damage caused curity breaches across the globe, which seeks to highlight the to German steel mill by hackers [32], drug dispensing ma- worst areas of impact of weaknesses in web based comput- chines hacked in US [27], plane taken over by security expert ing systems. However, thanks to the innovative techniques mid-air [5], and a hack that switched off smart fridges if it de- in use for IoT, that is still not enough. OWASP now pro- tected ice cream [3]. While enterprises often might not care duce a list of the worst 10 vulnerabilities in the use of mobile too much about these issues, they should. If nothing else, technology, which we show in the list below. legislators and regulators are unlikely to forget, and will be But, of course, it is not quite as simple as that. The IoT keen to pursue enterprises for security and privacy breaches. mechanics extend beyond traditional web technology and In previous years, it was often the case that legislators and mobile technology. In 2014, OWASP developed a provisional regulators had little teeth, but consider how punitive fines top ten list of IoT vulnerabilities, which we outline below in have become in recent years following the banking crisis in Table 4. 2008. In the UK in 2014, the Financial Conduct Authority 2014 Code Threat the initial boot does not work. If the new system boots, the I1 Insecure Web Interface new system is marked as the new default operating system I2 Insufficient Authentication/Authorization and the (now) old partition will be used for the next system I3 Insecure Network Services upgrade. This allows high resilience in the face of potentially I4 Lack of Transport Encryption disrupting Chrome OS updates. A similar scheme is set to I5 Privacy Concerns be introduced for the upcoming Android Version 7. This I6 Insecure Cloud Interface scheme would be greatly aided by unikernels: they already I7 Insecure Mobile Interface provide a clear separation of data and control logic. A sys- I8 Insufficient Security Configure-ability tem upgrade would thus start a new unikernel and forward I9 Insecure Software/Firmware new requests to it. Of course, if the underlying hypervisor I10 Poor Physical Security has to be upgraded (which due to its minimal size should be a very rare event) the whole system might incorporate the Table 4: OWASP Top Ten IoT dual boot-partition approach. Vulnerabilities 2014 [21] 4.2 On the Server Given the large estimated number of IoT devices to be (FCA) fined a total of 1,427,943,800 [12], during the year. deployed in the near future, computational demand on data centres (or nowadays the cloud) can be immense. While IoT 4. THE UNIKERNEL ANGLE amplifies the amount of incoming traffic, it has some char- Why use unikernels for the IoT [22]? Unikernels are uniquely acteristics that should favour unikernel-like architectures. suited to benefit all areas (sensor, middleman, servers) within For one, our envisioned unikernels utilize a non-mutable the IoT chain. They allow for unified development utilizing state and are event-based. This combination allows for sim- the same software infrastructure for all layers. This may plified scale-out, i.e. it allows for dynamically starting more sound petty, but who would have thought JavaScript could unikernels if incoming requests demand it. We do believe be used on servers (think node.js) a couple of years ago? that many processing steps during an IoT dataflows lifetime will be parallelizable, e.g. data collected from one household 4.1 On the Client will not interact with data gathered by a different household from another continent during the initial processing steps, Unikernels are a form of virtualisation and thus offer all of or possibly never at all. As they do not interact, there is no its benefits: they provide a unified interface to diverse hard- chance of side effects, thus the incoming data can instantly ware platforms to application developers. This allows the be processed by a newly spawned unikernel. latter to focus on application development. They allow the Two recent trends in cloud computing are cloudlets and ability to mask changes of the underlying hardware platform fog computing. The former describes a small-scale data cen- behind the hypervisor. This also allows for application code tre located near the internets edge (i.e. co-located near to be reused between different hardware revisions. In addi- many sensors and acting as upstream for the incoming IoT tion, system and application development is often performed sensors) while the latter describes the overall technique of by disjunct groups within an enterprise. Using a unikernel placing storage or computational capabilities near the net- decouples both groups and thus allows parallel-alized de- work edges. To allow for easy usage of this paradigm, a velopment. Application developers can utilize a virtualized unified execution environment is needed: when the same testing environment on their workstations during develop- environment is employed, application code can easily be ment, but can assume that the same environment will be moved from the cloud towards the networks edge, i.e. into available within the production environment. the cloudlets. Unikernels offer closure over the applications Unikernels can produce leaner virtual machines when com- code, so the same unikernel can be deployed at a cloudlet pared to traditional virtualization solutions. This minimal- or within a central data centre. Of course, the unikernel ism yields a much reduced attack surface which in turn cre- itself might place requirements upon external facilities such ates more secure applications. Using a resource efficient as storage, which would need to be provided by the current unikernel such as IncludeOS will minimize the computa- execution environment. A consumer-grade version of this tional and memory overhead that otherwise would prevent trend can already be seen: many high-powered NAS devices virtualization from being used. While the small memory allow for local deployment of virtual machines or contain- and processing overhead enables the usage of virtualisation ers. This moves functionality from the cloud to a smallest- on low-powered IoT devices in the first place, it also aids scale local processing environment. A good use-case for this higher capacity devices. Lower resource utilization allows would be Smart Homes: here a local NAS can perform most for either better utilization (i.e., running more services on of the computations and then forward the compressed data the same hardware) or higher usage of low power modes towards a central data centre. In addition, this local pre- (thus reducing energy consumption). Both increase the sus- processing can apply various cryptographic means to im- tainability of IoT deployments. prove the uploaded datas integrity or confidentiality. Another feature that is in high demand by embedded sys- tems is atomic updates: a system supporting atomic updates either installs a system update or reverts back to a known 5. CHALLENGES, PROBLEMS, LIMITATIONS (working) system state. For example, Googles Chrome OS [16], achieves this by using two system partitions. A new 5.1 Unikernels are Only a Part of the Solution system upgrade is installed onto the currently unused parti- While they offer benefits for deployment and security tion. On the next boot the newly installed system is used, mostly through their compactness as well as their closure but the old system is pre-selected as a backup boot option if guarantees large-scale deployments place high stress on infrastructure for handling the roll-out, monitoring and log- self-healing capabilities are of even higher importance on ging. The software for this infrastructure has yet to be writ- devices with only limited means of user interaction. ten. 5.4 Virtualization in the Embedded Space 5.2 Production-Level Debugging As we already stated in Section 1, there are no standards First, in a perfect world, no production-level debugging when it comes to components for the IoT. This means there would ever occur, as all bugs would be detected and fixed is a huge range of different architectures vying for a place within the development or staging environment. But reality in this potentially massive market space. Obviously, from begs to differ. A common complaint is that unikernels lack a technical standpoint, greater flexibility and power can be debugging facilities: there is just no shell to log-in and vi- obtained through good use of virtualization. Virtualisation sualize the environment. The more root dependent the user is not new, and has been around since 1973 [23]. Bearing becomes, the more frequent this complaint arises. Uniker- in mind that dumb sensors do not have enough resources or nels (as well as Function-as-a-Service architectures) target lack hardware support for virtualisation (or at least Linux- DevOp outfits where development and administration has based virtualisation), we will have a quick look at some of been integrated. The person in charge of debugging is a the most popular hardware in use in this space. software developer herself and thus can utilize developer- ARM [15], presented the ARM capabilities at this work- centric debugging facilities. If debugging is to be performed shop in 2009. ARM is one of the most used platforms in by developers, groundwork is needed: there must be infras- the IoT. and has virtualization extensions. Columbia Uni- tructure in place that allows securely connecting the debug- versity have developed KVM/ARM, an Open-Source ARM ging tools to the running unikernel within the virtual ma- Virtualization System [4]. Dall and Nieh [6], have written chine. While this might be feasible for unikernels running an article on this work for LWN.net, and for a conference [7]. within an enterprises private cloud, the security impact of There has been paravirtualization support in ARM Coretex connecting to deployed IoT devices is massive. We believe A8 since 2006, and ARM Coretex A9 since 2008, with full that this infrastructure will remove most of the debugging virtualization since approx. 2009. Virtualisation is also in complaints. Linux Kernel 3.8. There are also MMU-less ARMs, although it unlikely that these could be used, unless we were to forfeit 5.3 Impact upon Software Development the unikernels protection. Most smart devices can generally handle virtualization We assume a unikernel to have a single execution flow, i.e. devices such as smart phones, smart automotive systems, to have a single execution thread or process, as well as to video boxes, play stations, and smart TVs too, although this offer no mutable state within the unikernel itself [2]. This may not necessarily be the case for small embedded compo- prevents quick adoption of many existing software packages. nents, such as wear-ables, sensors and other IoT compo- Where others see limitations, we see opportunities. The sin- nents. MIPS also supports virtualization [18][30]. Some In- gle execution-flow paradigm almost enforces the usage of an tel Atom processors support virtualization (the atom range event-based software programming style, i.e. all process- is huge). However, the low-power Intel Quark has no sup- ing is triggered by internal (e.g., timers) or external (e.g., port for virtualization whatsoever. The new Open-Source new incoming data) events. If no new event is available RISC-V architecture [25], also supports virtualization. or processed, the device can safely enter a deeper power- As we can see, many of the current IoT systems in use saving state. Minimizing energy consumption is paramount do have the capability to handle virtualization. For exam- for IoT devices so we assume that this is a much wanted fea- ple most high-powered NAS systems now have virtualization ture. On the server-side this will reduce the overall power- (and app) support. Thus we could potentially utilize NAS or consumption: while not being an essential requirement, as other low-powered devices (which are mostly ARM, MIPS for IoT devices, the reduced power bill will be a nice benefit or x86) to aggregate data on-site and then transport the for enterprises. reduced data to the real cloud. This stateless-ness allows us to start new unikernels on- At the moment, we should carefully consider the current demand. Together with an event-driven architecture and state of security and privacy in a massively connected world. rapid boot-up times, this allows us to minimize the number Now we can really see that big brother is watching you. of running unikernels. This reduces the memory consump- Not just through the use of massive CCTV networks, but tion (thus energy impact) of deployed services. Upgrading also through IoT enabled devices which will become embed- a unikernel also becomes easier: while the old version of ded in every smart city. It is estimated that in smart cities of unikernels are still processing their current request, new re- the future there will be approximately 5000 sensors watching quests will be forwarded to the new version of the unikernel. as you move through the city at all times. What could possi- This feature also allows for improved resilience in the face bly go wrong? How much personal information could leak as of errors. When functionality is split up between multiple you walk? How much of your money could NFC technology unikernels, faults are automatically contained within a sin- in the wrong hands steal from you, without you being aware gle executing unikernel [17]. Together with monitoring and of it happening? Do you trust the current technology? We automatic life-cycle management, this leads to error-resilient can read about more of these issues in [29]. services that have limited self-healing capabilities. Contrast this with monolithic applications where often the whole ap- plication or even worse, the application server containing 6. CONCLUSIONS multiple applications has to be restarted in the case of We have taken a look at the exciting new paradigm of the errors. Due to resource constraints, we are initially limiting IoT. While the possibilities are indeed exciting, the conse- resilience research to server-side unikernels, but the same quences of getting it wrong are likely to be catastrophic. We techniques can be applied on IoT devices as well. Arguably, cannot afford to carry blindly on. Instead, we must recognise that if the issues we have outlined on security and privacy are [9] B. Duncan and M. Whittington. Enhancing Cloud not tackled properly, and soon, we will all be sleep-walking Security and Privacy: The Power and the Weakness of into a disaster. However, if we realise that we need to take the Audit Trail. In Cloud Comput. 2016, pages some appropriate actions now, then we will be much better 125130, Rome, 2016. placed to feel comfortable in living in an IoT world. There [10] EMC. Discover the Digital Universe of Opportunities: are considerable potential benefits for everyone to be offered Rich Data and the Increasing Value of the Internet of from using our unikernel based approach. While we see se- Things, 2014. curity and confidentiality of data as paramount and given [11] D. Evans. The Internet of Things: How the Next the EUs GDPA, we believe the EU agrees security and Evolution of the Internet is Changing Everything. privacy do not directly translate into a monetary benefit for Technical report, Cisco, 2011. companies and thus are seldom enough for change to gain [12] FCA. Fines Table - 2014, 2014. traction. To better convince enterprises, we offer the added [13] J. F. Gantz, D. Reinsel, C. Chute, W. Schlichting, benefit of increasing developer efficiency. Experienced and J. McArthur, S. Minton, I. Xheneti, A. Toncheva, and talented developer resources are scarce at hand, so making A. Manfrediz. The Expanding Digital Universe: A the most of it is within an enterprises best interest. The Forecast of Worldwide Information Growth Through broad application of a virtualisation solution allows to bet- 2010. In Extern. Publ. IDC (Analyse Futur. Inf. Data, ter reuse existing knowledge and tools as developers gain a pages 121. IDC, 2007. virtual long-term environment that they can work in. [14] Gartner. Gartner Says 6.4 Billion Connected Things Virtualisation in combination with the special state-less Will Be in Use in 2016, Up 30 Percent From 2015, nature of many unikernels provide a solution for short-term 2015. processing spikes. Processing can be scaled-out to in-company or public clouds by deploying unikernelsas they do not re- [15] J. Goodacre. No Title. In Virtualization Euro Work. quire external dependencies and do not contain state, de- 2009, 2009. ployments are simplified. After their usage they can be dis- [16] Google. Google Chrome OS, 2015. carded (no state also means that no compromising informa- [17] A. Happe, B. Duncan, and A. Bratterud. An tion is stored at the cloud provider). In case of sensitive Architectural Framework for Secure, Large Unikernel information special means, e.g., homomorphic encryption or Cloud Systems. In Submitt. to Closer/Complexis 2017, verifiable computing technologies need to be employed to pages 18, 2016. protect data integrity or confidentiality. [18] Imgtech. MIPS Virtualization, 2016. Unikernels offer a high energy efficiency. This allows com- [19] K. Ingham and S. Forrest. A history and survey of panies to claim higher sustainability for their solutions while network firewalls. Univ. New Mex. Tech. Rep, 2002. reducing their energy costs. We view our proposed solution [20] OWASP. OWASP Top Ten Vulnerabilities 2013, 2013. as taking a smart approach to solving smart technology is- [21] OWASP. OWASP Top 10 IoT Vulnerabilities (2014), sues. It does not have to be exorbitantly expensive to do 2014. what we need, but by taking a simple approach, sensibly ap- [22] R. Pavlicek. Unikernel-based microservices will plied, we can all have much better faith in the consequences transform the cloud for the IoT age, 2016. of using this technology (as well as having the comfort of be- [23] G. J. Popek and R. P. Goldberg. Formal Requirements ing able to walk through a smart city without having your for Virtualizable Third Generation Architectures. bank account emptied. ACM SIGOPS Oper. Syst. Rev., 7(4):112, 1973. [24] J. Research. a YInternet A of Things Connected 7. REFERENCES Devices to Almost Triple to over 38 Billion Units by [1] BIIntelligence. Heres how the Internet of Things will 2020, 2016. explode by 2020, 2016. [25] Riskv.org. Open-Source RISK V Architecture, 2016. [2] A. Bratterud, A. Happe, and B. Duncan. Enhancing [26] G. Sachs. The Internet of Things: Making sense of the Cloud Security and Privacy: The Unikernel Solution. next mega-trend. Technical report, Goldman Sachs, In Submitt. to CloudComputing 2017, pages 18, 2017. 2014. [3] CBR. IoT security breach forces kitchen devices to [27] SecurityWeek. FDA Issues Alert Over Vulnerable reject junk food, 2015. Hospira Drug Pumps, 2015. [4] Columbia. KVM/ARM: an Open-Source ARM [28] T. Seo. Making Sense of Enterprise Security, 2016. Virtualization System, 2016. [29] S. Sharma, V. Chang, U. S. Tim, J. Wong, and [5] DailyMail. Security expert who hacked a commercial S. Gadia. Cloud-based Emerging Services Systems. flight and made it fly sideways bragged that he also Int. J. Inf. Manage., pages 119, 2016. hacked the International Space Station, 2015. [30] I. Technologies. The MIPS Architecture and [6] C. Dall and J. Nieh. Supporting KVM on the ARM Virtualization, 2016. Architecture, 2013. [31] U. Today. Hackers Breach US Dept of Energy [7] C. Dall and J. Nieh. KVM/ARM: the design and Copmputers 150 Times in 4 Years, Including 19 implementation of the linux ARM hypervisor. In ACM Nuclear Breaches, 2015. SIGPLAN Not., volume 49, pages 333348. ACM, [32] Wired. German Steel Mill HackedCausing Massive 2014. Damage, 2015. [8] B. Duncan, A. Bratterud, and A. Happe. Enhancing Cloud Security and Privacy: Time for a New Approach? In INTECH 2016, pages 16, Dublin, 2016.
Presentations Are Communication Tools That Can Be Demonstrations, Lectures, Speeches, Reports, And More. Most of the Time, They’Re Presented Before an Audience. They Have a Variety of Purposes, Making Them Powe (1)