Visible to the public Biblio

Filters: Keyword is REST API  [Clear All Filters]
2020-07-30
Garg, Hittu, Dave, Mayank.  2019.  Securing IoT Devices and SecurelyConnecting the Dots Using REST API and Middleware. 2019 4th International Conference on Internet of Things: Smart Innovation and Usages (IoT-SIU). :1—6.

Internet of Things (IoT) is a fairly disruptive technology with inconceivable growth, impact, and capability. We present the role of REST API in the IoT Systems and some initial concepts of IoT, whose technology is able to record and count everything. We as well highlight the concept of middleware that connects these devices and cloud. The appearance of new IoT applications in the cloud has brought new threats to security and privacy of data. Therefore it is required to introduce a secure IoT system which doesn't allow attackers infiltration in the network through IoT devices and also to secure data in transit from IoT devices to cloud. We provide the details on how Representational State Transfer (REST) API allows to securely expose connected devices to applications on cloud and users. In the proposed model, middleware is primarily used to expose device data through REST and to hide details and act as an interface to the user to interact with sensor data.

2019-02-08
Katt, Basel, Prasher, Nishu.  2018.  Quantitative Security Assurance Metrics: REST API Case Studies. Proceedings of the 12th European Conference on Software Architecture: Companion Proceedings. :59:1-59:7.

Security assurance is the confidence that a system meets its security requirements based on specific evidences that an assurance technique provide. The notion of measuring security is complex and tricky. Existing approaches either (1) consider one aspect of assurance, like security requirements fulfillment, or threat/vulnerability existence, or (2) do not consider the relevance of the different security requirements to the evaluated application context. Furthermore, they are mostly qualitative in nature and are heavily based on manual processing, which make them costly and time consuming. Therefore, they are not widely used and applied, especially by small and medium-sized enterprises (SME), which constitute the backbone of the Norwegian economy. In this paper, we propose a quantification method that aims at evaluating security assurance of systems by measuring (1) the level of confidence that the mechanisms fulfilling security requirements are present and (2) the vulnerabilities associated with possible security threats are absent. Additionally, an assurance evaluation process is proposed. Two case studies applying our method are presented. The case studies use our assurance method to evaluate the security level of two REST APIs developed by Statistics Norway, where one of the authors is employed. Analysis shows that the API with the most security mechanisms implemented got a slightly higher security assurance score. Security requirement relevance and vulnerability impact played a role in the overall scores.

Du, Sang Gyun, Lee, Jong Won, Kim, Keecheon.  2018.  Proposal of GRPC As a New Northbound API for Application Layer Communication Efficiency in SDN. Proceedings of the 12th International Conference on Ubiquitous Information Management and Communication. :68:1-68:6.

Software Defined Networking (SDN) is a programmable network technology which aims to move an existing controller role in hardware equipment into an area of software. The control layer employs an application programming interface (API) to communicate with the application and infrastructure layers as it is centered between two layers. As the Southbound API used in communication with the infrastructure layer, the OpenFlow is defined as the current de factor standard in most SDN controllers. In contrast, the Northbound API used in communication with the application layer had no standard. Only REST API is used in Floodlight or OpenDaylight. Thus, the development in application area where SDN's true value lies to achieve network intelligence is not promoted well enough. In this paper, a gRPC protocol is proposed as useable Northbound API rather than REST API used in some controllers, and applicability of new standard as Northbound API is investigated.

2017-11-13
Ueta, K., Xue, X., Nakamoto, Y., Murakami, S..  2016.  A Distributed Graph Database for the Data Management of IoT Systems. 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). :299–304.

The Internet of Things(IoT) has become a popular technology, and various middleware has been proposed and developed for IoT systems. However, there have been few studies on the data management of IoT systems. In this paper, we consider graph database models for the data management of IoT systems because these models can specify relationships in a straightforward manner among entities such as devices, users, and information that constructs IoT systems. However, applying a graph database to the data management of IoT systems raises issues regarding distribution and security. For the former issue, we propose graph database operations integrated with REST APIs. For the latter, we extend a graph edge property by adding access protocol permissions and checking permissions using the APIs with authentication. We present the requirements for a use case scenario in addition to the features of a distributed graph database for IoT data management to solve the aforementioned issues, and implement a prototype of the graph database.