Feature-driven mediator synthesis: supporting collaborative security in the internet of things

As the number, complexity, and heterogeneity of connected devices in the Internet of Things (IoT) increase, so does our need to secure these devices, the environment in which they operate, and the assets they manage or control. Collaborative security exploits the capabilities of these connected devices and opportunistically composes them in order to protect assets from potential harm. By dynamically composing these capabilities, collaborative security implements the security controls that satisfy both security and non-security requirements. However, this dynamic composition is often hampered by the heterogeneity of the devices available in the environment and the diversity of their behaviours. In this paper we present a systematic, tool-supported approach for collaborative security where the analysis of requirements drives the opportunistic composition of capabilities in order to realise the appropriate security control in the operating environment. This opportunistic composition is supported through a combination of feature modelling and mediator synthesis. We use features and transition systems to represent and reason about capabilities and requirements. We formulate the selection of the optimal set of features to implement adequate security control as a multi-objective constrained optimisation problem and use constraint programming to solve it efficiently. The selected features are then used to scope the behaviours of the capabilities and thereby restrict the state space for synthesising the appropriate mediator. The synthesised mediator coordinates the behaviours of the capabilities to satisfy the behaviour specified by the security control. Our approach ensures that the implemented security controls are the optimal ones given the capabilities available in the operating environment. We demonstrate the validity of our approach by implementing a Feature-driven medIation for Collaborative Security (FICS) tool and applying it to a collaborative robots case study.