The Internet of Things (IoT) has been involved in all parts of our life (e.g., healthcare, smart cars, smart home appliances, smart cities). It is expected that by 2025, the number is expected to be around 75 billion. However, security is one of the major problems in IoT and even the manufacturers have not considered security in their design for a very long time. Furthermore, IoT devices have limited computational power and they are mostly battery operated, so we cannot have heavy security controls running on them. Hence, many IoT devices are still vulnerable to cyberattacks. NIST SP 800-207, Zero Trust Architecture (ZTA), has been gaining high interest due to the "never trust, always verify" principle. However, ZTA implementation and compliance-check mechanisms are still immature, especially for IoT. As a solution, we need architectures to monitor IoT-based environments and check the IoT devices’ operation requirements and capabilities and apply the required security controls continuously according to their requirements and capabilities. Nevertheless, current techniques are mostly manual and tedious making them prone to errors. Therefore, we need to apply this solution in an autonomous manner to reduce the human intervention. Therefore, in this work, we will investigate creating an autonomous engine to check if a given cyberspace fulfills IoT devices' requirements, monitor the IoT operations, and investigate if these devices behave correctly based on their given capabilities list.
Cihan Tunc
Thursday Block I
Designation Track