دانلود مقاله مهار مسائل امنیتی در توسعه دهندگان مبتدی سیستم های ابری
چکیده
مقدمه
مطالب مرتبط
بحث
دستورالعمل های پیشنهادی
نتیجه گیری
منابع
Abstract
Introduction
Related work
Discussion
Proposed guidelines
Conclusions
References
چکیده
توسعه سیستمهای اینترنت اشیا (IoT) متصل به ابر، به لطف پلتفرمهای ابری اختصاصی که قبلاً عملکرد اصلی مورد نیاز یک سیستم اینترنت اشیا را ادغام میکنند، حتی برای برنامهنویسان مبتدی مقرون به صرفهتر میشود. در این زمینه، تعداد فزایندهای از سیستمهای اینترنت اشیا در حال توسعه و استقرار در شبکههای باز هستند، اغلب بدون ادغام امنیت کافی در فرآیند. برنامه نویسان مبتدی اینترنت اشیا، به ویژه، تمایل دارند که مسائل امنیتی را نادیده بگیرند، همانطور که توسط یک مطالعه کوچک کاربر تأیید شده است. با شروع از این خطر، این مقاله ویژگیهای امنیتی موجود در دو پلتفرم اصلی ابر-IoT (سرویسهای وب آمازون و مایکروسافت آزور) را تجزیه و تحلیل میکند و آن تنظیمات، ابزارها و شیوههایی را که برای اطمینان از اجرای ایمنتر طراحی شدهاند، برجسته میکند. ما مشاهده کردیم که این پلتفرمها بهطور منطقی بسیاری از مشکلات امنیتی شناساییشده در مطالعه را برطرف میکنند، اگر فقط ویژگیهای صحیح شناسایی و استفاده شوند. این مقاله در نهایت مجموعهای از دستورالعملها را برای حمایت از توسعهدهندگان مبتدی اینترنت اشیا در اجتناب از مسائل امنیتی اصلی و مکرر در پروژههای خود و بهرهبرداری بهتر از ویژگیهای امنیتی ذاتی پلتفرمهای اینترنت اشیاء ابری ارائه میکند.
توجه! این متن ترجمه ماشینی بوده و توسط مترجمین ای ترجمه، ترجمه نشده است.
Abstract
The development of cloud-connected Internet of Things (IoT) systems is becoming more and more affordable, even to novice programmers, thanks to dedicated cloud platforms that already integrate the core functionality needed by an IoT system. In this context, a growing number of IoT systems are being developed and deployed on open networks, often without integrating adequate security in the process. Novice IoT programmers, in particular, tend to overlook security issues, as confirmed by a small user study. Starting from this risk, the paper analyzes the security features available in two major cloud-IoT platforms (Amazon Web Services and Microsoft Azure) and highlights those settings, tools, and practices designed to ensure more secure implementations. We observed that these platforms would reasonably address many security problems detected in the study, if only the correct features were identified and used. The paper finally contributes a set of guidelines to support novice IoT developers in avoiding the main and recurrent security issues in their projects and better exploiting cloud-IoT platforms’ inherent security features.
Introduction
Internet of Things (IoT) and cloud computing are two widespread emerging technologies that are becoming very popular not only for scholars and expert developers but also for hobbyists and novice developers. Many users are now using IoT devices in their houses [1], and the cloud computing market is expanding year after year. The growth of these two fields brings to the inclusion of IoT functionalities inside the cloud platforms and the emergence of specialized features needed in IoT systems. In the past years, these platforms aided the development of IoT solutions thanks to the already integrated functionality a cloud-connected IoT application needs. Nowadays, these platforms are quite easy to use, even by novice programmers, and more affordable than a few years ago. Furthermore, cloud computing service providers allow their customers to pay only for the resources effectively consumed, facilitating the entry of many developers into this market.
Conclusions
Starting from a preliminary study conducted on a small pool of novice IoT developers, this paper analyzes the more relevant security features available in two major cloud-IoT platforms. In particular, it highlights those settings, tools, and practices useful to achieve a higher level of reliability and security. Even if we noticed that the developers involved in the study did not correctly consider security issues in their IoT projects during the design and implementation phases, we observed that the platforms effectively support many of the highlighted security best practices and recommendations. However, sometimes, developers have to identify and use the correct features to reach a proper level of protection. Indeed, after discussing the outcome of the survey and the relevant features of the two cloud-IoT platforms, this work contributes a set of guidelines to support novice IoT developers in reaching such protection. The final purpose of these guidelines is to avoid the primary and recurrent security issues in cloud-IoT projects and better exploit the inherent features of the cloud-IoT platforms.