Date：2015/3/17 (Tue.) Time：10:10~12:00 Location：Room 122, Engineering Building 3 (工程三館122) Moderator：Prof. Shiuhpyng Winston Shieh 3rd Party Software’s Trust Quagmire J. Voas ABSTRACT Current software development has trended toward the idea of integrating independent software sub-functions to create more complete software systems. Software sub-functions are often not homegrown – instead they are developed by unknown 3rd party organizations and reside in software marketplaces owned or controlled by others. Such software sub-functions carry plausible concern in terms of quality, origins, functionality, security, interoperability, to name a few. This talk surveys key technical difficulties in confidently building systems from acquired software sub-functions by calling out the principle software supply chain actors. ============++++++++++++=============== Networks of Things Pieces, Parts, and Data J. Voas ABSTRACT After surveying published IoT literature and products, there is clearly value in having many sensory devices connected to a larger infrastructure. There are also many use cases that illustrate that not only is such a paradigm valuable but that this will be the next evolutionary step for technology. However, the current IoT landscape appears as a confusing mix of buzzwords, consumer products (e.g., smart homes), and over sensationalized predictions. There is no clear formal, analytic, or even descriptive set of primitives that can govern the operation, security, and life-cycle of IoT ecosystems. To counter this, we have developed an IoT primitives approach focusing on specific case studies. This enables us to identify the fundamental underlying primitives and requirements to empower a robust and secure operation for most IoT ecosystems. We envision that this work will become a blueprint that will define those principles common to all Private Networks of Things (PNoTs). Thus far we have identified 10 primitives[1] common to all IoTs, and we are in the process of building the assumptions and formalisms for each primitive. Note that those primitives become crucial when we wish to argue about IoT systems as a whole. They are also a unifying theme allowing us to compose and exchange information among differently purposed ecosystems. Besides our work on the IoT primitives, we have another preliminary result; we have partitioned those primitives with cyber-security ramifications, and those for which enhanced security will offer little ROI. Moreover, we have partitioned those primitives for which reliability is a greater concern than security. And not surprisingly, there are those that fit in the grey area between the extremes. By having primitives, we can analytically and formally argue about “use case” scenarios that address the “what if” questions and scenarios that most vendors and current IoT practitioners avoid. These scenarios can yield a quick determination as to which existing security approaches apply, to what degree, and at what cost. [1] Sensor, owner, cluster, concentrator, communication channel, decision, time snapshot, geographic location, weight, and e-Utility.