Continuous Monitoring Approach for Visibility into the Security Footprint of an IoT Cloud Platform

No Thumbnail Available
Journal Title
Journal ISSN
Volume Title
Perustieteiden korkeakoulu | Master's thesis
Security and Cloud Computing
Degree programme
Master’s Programme in Security and Cloud Computing (SECCLO)
The use of Internet of Things (IoT) devices has increased in the past decade. These IoT devices generate data processed by applications running inside a cloud environment. These applications generate security footprints, such as ports, services running behind the ports, cookies, and SSL-related information. Some of these security footprints should not be exposed to the internet. For this reason, it is imperative to monitor what information is disclosed by applications to the external internet. The thesis uses design science to gather requirements, design solutions, and evaluate the solutions. The final product is a methodology and architectural prototype that can provide monitoring capability into the security footprints of cloud applications. We examine a case in a company specializing in escalators and elevators, which are examples of industrial IoT. We performed five expert interviews, in-depth internal documentation studies, and literature reviews to address the lack of visibility into their IoT platforms. We examined the issue from the perspectives of development, operational, and cloud security teams. We maintained regular communication with the experts to develop a thesis that meets the company's needs. The company's security specialists examined each stage of the artifact's creation before moving on to the next stage of development. We developed a prototype with two components: (1) Scanner and preprocessor, which runs multiple scanners to collect information from the target hosts (API endpoints). Then, process them to generate readable and evaluable output. (2) Validator accepts rules that should not be violated. It evaluates the result generated from the scanner and preprocessor component based on these rules. We used Amazon Web Service (AWS) cloud service provider to deploy and run our prototype. We used Docker as a packaging tool. Python was used to automate the scanning provided by tools, such as Nmap and SSLscan. Furthermore, JSON served as a communication method between the components. We ran the application against 100 hosts and found 23 security issues. This thesis reports the prototype design and discusses the outcome.
Fagerholm, Fabian
Thesis advisor
Fagerholm, Fabian
recconnaisance, monitoring, cloud platforms, DevSecOps, DevOps, security
Other note