Continuous Monitoring Approach for Visibility into the Security Footprint of an IoT Cloud Platform

dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.advisorFagerholm, Fabian
dc.contributor.authorAbebaw, Alazar
dc.contributor.schoolPerustieteiden korkeakoulufi
dc.contributor.supervisorFagerholm, Fabian
dc.date.accessioned2022-08-28T17:11:15Z
dc.date.available2022-08-28T17:11:15Z
dc.date.issued2022-08-22
dc.description.abstractThe use of Internet of Things (IoT) devices has increased in the past decade. These IoT devices generate data processed by applications running inside a cloud environment. These applications generate security footprints, such as ports, services running behind the ports, cookies, and SSL-related information. Some of these security footprints should not be exposed to the internet. For this reason, it is imperative to monitor what information is disclosed by applications to the external internet. The thesis uses design science to gather requirements, design solutions, and evaluate the solutions. The final product is a methodology and architectural prototype that can provide monitoring capability into the security footprints of cloud applications. We examine a case in a company specializing in escalators and elevators, which are examples of industrial IoT. We performed five expert interviews, in-depth internal documentation studies, and literature reviews to address the lack of visibility into their IoT platforms. We examined the issue from the perspectives of development, operational, and cloud security teams. We maintained regular communication with the experts to develop a thesis that meets the company's needs. The company's security specialists examined each stage of the artifact's creation before moving on to the next stage of development. We developed a prototype with two components: (1) Scanner and preprocessor, which runs multiple scanners to collect information from the target hosts (API endpoints). Then, process them to generate readable and evaluable output. (2) Validator accepts rules that should not be violated. It evaluates the result generated from the scanner and preprocessor component based on these rules. We used Amazon Web Service (AWS) cloud service provider to deploy and run our prototype. We used Docker as a packaging tool. Python was used to automate the scanning provided by tools, such as Nmap and SSLscan. Furthermore, JSON served as a communication method between the components. We ran the application against 100 hosts and found 23 security issues. This thesis reports the prototype design and discusses the outcome.en
dc.format.extent54
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/116318
dc.identifier.urnURN:NBN:fi:aalto-202208285132
dc.language.isoenen
dc.programmeMaster’s Programme in Security and Cloud Computing (SECCLO)fi
dc.programme.majorSecurity and Cloud Computingfi
dc.programme.mcodeSCI3113fi
dc.subject.keywordrecconnaisanceen
dc.subject.keywordmonitoringen
dc.subject.keywordcloud platformsen
dc.subject.keywordDevSecOpsen
dc.subject.keywordDevOpsen
dc.subject.keywordsecurityen
dc.titleContinuous Monitoring Approach for Visibility into the Security Footprint of an IoT Cloud Platformen
dc.typeG2 Pro gradu, diplomityöfi
dc.type.ontasotMaster's thesisen
dc.type.ontasotDiplomityöfi
local.aalto.electroniconlyyes
local.aalto.openaccessno
Files