It is very hard (or ineffective) to take an old system and add to it security features like plug-ins. Therefore, a computer system is much more reliable designed with the approach of security-by-design. Nowadays, there are several tools, middlewares, and platforms designed with this concept in mind, but they must be appropriately used to guarantee a suitable level of reliability and safety. A security-by-design approach is fundamental when creating a distributed application in the IoT field, composed of sensors, actuators, and cloud services. The IoT usually requires handling different programming languages and technologies in which a developer might not be very expert.
Through a use case, we analyzed the security of some IoT components of Amazon Web Services (AWS) from a novice programmer’s point of view. Even if such a platform could be secure by itself, a novice programmer could do something wrong and leave some possible attack points to a malicious user.
To this end, we also surveyed a small pool of novice IoT programmers from a consulting engineering company. Even if we discovered that AWS seems quite robust, we noticed that some common security concepts are often not clear or applied, leaving the door open to possible issues.
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
Tel.: +1 703 830 6300
Fax: +1 703 830 2300 firstname.lastname@example.org
(Corporate matters and books only) IOS Press c/o Accucoms US, Inc.
For North America Sales and Customer Service
West Point Commons
Lansdale PA 19446
Tel.: +1 866 855 8967
Fax: +1 215 660 5042 email@example.com