Subscribe to our Newsletter | To Post On IoT Central, Click here


software development (4)

There is no overstatement in the saying that that Internet of Things (IoT) is reshaping business processes and workplaces in a never-before way. Connected devices are increasingly pushing the boundary of innovation for the enterprises and industries of all niches. Thanks to these connected devices and a huge upsurge of IOT mobile app development, consumers are being benefited most through frictionless user experience.

No wonder in the fact that the IoT software development is exploding with all possibilities and promises. Just like ever before, the market is brimming with a whole array of scalable, feature-rich, secure and user-optimized connected solutions that are transforming the way we interact with devices and use software solutions at the workplace.

In spite of such huge promise and possibilities, IOT software and app development faces some hefty and crucial challenges that developers of the present-day need to be aware of. Here we are going to explain some of these challenges in brief.

  • Operating System (OS) Considerations

The first technical challenge and pulling factor that IOT app development companies need to deal with is the consideration of the operating system of the devices. Since IOT devices have mostly shorter memory capacity and a single track operational capacity, developers need to approach the development challenges for such devices in a different way than with the desktop solutions. The developers need to pick an OS that perfectly fits the device capability and the objective of the application.

As of now, most of the IOT developers surveyed for their OS preferences have clearly chosen Linux. Linux according to most IOT developers, offers the perfect OS for IOT devices with a lot of memory constraints, microcontrollers, and IOT gateways.

  • Selecting the Gateways

The gateways in the IOT landscape plays the most critical role by connecting almost all the constituent elements ranging from connectivity protocols like Wi-Fi or Bluetooth, ports, IOT sensors, cloud systems, etc. Naturally, for the whole IOT ecosystem gateways really play the mission-critical role. 

When it comes to the choice of appropriate gateways for your IOT application, you have several well-known choices from renowned technology companies like Dell, Nexcom, Intel, etc. These gateway providers as if now are proved to be highly effective for end number of applications. Some of the key aspects that you need to consider in gateways include the particular specifications for the network, supporting development environment, power rating, memory capacity, etc.

  • Security & Privacy

One of the key aspects that IOT app developers should give utmost priority is the app security and privacy. The security here not just refers to the network security but practically security of every different component. As IOT devices penetrate the personal spaces of the users, they are often vulnerable to misuse and breaching of data security through cyber-attacks.

Maintaining optimum data security and safeguarding privacy are two aspects that always remained to be the contentious areas for the IOT app developers worldwide. Let us have a closer look at various security aspects of an IOT app.

  • Data Exchange Security: The data generated through an IOT app through the IoT sensors and devices pass through the gateway and is finally stored at the cloud server. To ensure optimum security to this data it is important to use encryption for safeguarding the data.
  • Physical Security: The IoT devices unlike other computing devices are normally used in private and remain unattended most of the times. This is why they remain vulnerable to a lot of security threats from hackers at the device level.
  • Cloud Storage Security: A cloud storage solution normally remains secure from threats and intrusions. Even then, the developers of the IOT apps need to make sure that the data in cloud storage remain safe and secure.
  • Privacy Updates: To protect the privacy of the user data processed and fetched by IoT devices, there need to be certain compliance rules. For instance, all fitness tracker devices collect user data on the basis of HIPAA guidelines. Such regulations and compliance standards basically safeguard the privacy of the user data.
  • Network Connectivity

The quintessential aspect of IOT app development is the fast and real-time data transmission between the device and the IOT gateway and the gateway to the cloud server. Poor connectivity will only render most of the critical app features to be ineffective. The connectivity issues and server breakdown still remain to be the major problems for too many IOT devices.

Actually, connectivity remains to be the first and foremost area of importance for connected devices that work hand in hand with gateways and cloud platforms. For meeting this challenge corresponding to connectivity with appropriate measures, the app design and device app environment play an important role. The connectivity solution should be considered as per the device constraints and capacities.

  • User-Optimized App Design

Another major focus area for IOT app development should be on the app design. The app design should be thoroughly intuitive and user-focused so that the users do not need to study manuals for using an IOT device. Even for industrial IOT devices, simple and clean design is extremely important to ensure faster decision making and visualization of the data. In this respect, close and mutually reciprocating cooperation between the developers and designers is a must for building IOT apps. Some of the key attributes that design inputs should ensure include the following.

  • Safe and secure user authentication
  • Frictionless transition across devices and applications
  • Personalized user experience based on user behavior and preferences
  • A consolidated IOT environment comprising all the elements in the pipeline.

 

  • Cross-Platform Deployment

Last but not least of all the major challenges that IOT app developers must deal with is deploying the app across multiple OS platforms. Since the IOT ecosystem comprises of a variety of device architectures, protocols, and operating systems, the app should be built to fit with all these variables for a seamless and efficient performance. This is why experts of international organizations such as the Engineering Task Force (IETF) and the Institute for Electrical and Electronic Engineers (IEEE) have already come up with explicit cross-platform development standards and architecture models to help smooth deployment across multiple OS platforms.

Conclusion

In spite of the overwhelming growth of the IOT applications and the ecosystem of connected devices, there is a multitude of challenges that the IOT app developers need to encounter regularly. By focusing on these challenges beforehand, they can at least take appropriate precautionary steps to ensure optimum quality and efficient output.

 

Read more…

For IoT and M2M device security assurance, it's critical to introduce automated software development tools into the development lifecycle. Although software tools' roles in quality assurance is important, it becomes even more so when security becomes part of a new or existing product's requirements.

Automated Software Development Tools

There are three broad categories of automated software development tools that are important for improving quality and security in embedded IoT products:

  • Application lifecycle management (ALM): Although not specific to security, these tools cover requirements analysis, design, coding, testing and integration, configuration management, and many other aspects of software development. However, with a security-first embedded development approach, these tools can help automate security engineering as well. For example, requirements analysis tools (in conjunction with vulnerability management tools) can ensure that security requirements and known vulnerabilities are tracked throughout the lifecycle.  Design automation tools can incorporate secure design patterns and then generate code that avoids known security flaws (e.g. avoiding buffer overflows or checking input data for errors). Configuration management tools can insist on code inspection or static analysis reports before checking in code. Test automation tools can be used to test for "abuse" cases against the system. In general, there is a role for ALM tools in the secure development just as there is for the entire project.
  • Dynamic Application Security Testing (DAST): Dynamic testing tools all require program execution in order to generate useful results. Examples include unit testing tools, test coverage, memory analyzers, and penetration test tools. Test automation tools are important for reducing the testing load on the development team and, more importantly, detecting vulnerabilities that manual testing may miss.
  • Static Application Security Testing (SAST): Static analysis tools work by analyzing source code, bytecode (e,g, compiled Java), and binary executable code. No code is executed in static analysis, but rather the analysis is done by reasoning about the potential behavior of the code. Static analysis is relatively efficient at analyzing a codebase compared to dynamic tools. Static analysis tools also analyze code paths that are untested by other methods and can trace execution and data paths through the code. Static analysis can be incorporated early during the development phase for analyzing existing, legacy, and third-party source and binaries before incorporating them into your product. As new source is added, incremental analysis can be used in conjunction with configuration management to ensure quality and security throughout. 

Figure 1: The application of various tool classes in the context of the software development lifecycle.

Although adopting any class of tools helps productivity, security, and quality, using a combination of these is recommended. No single class of tools is the silver bullet[1]. The best approach is one that automates the use of a combination of tools from all categories, and that is based on a risk-based rationale for achieving high security within budget.

The role of static analysis tools in a security-first approach

Static analysis tools provide critical support in the coding and integration phases of development. Ensuring continuous code quality, both in the development and maintenance phases, greatly reduces the costs and risks of security and quality issues in software. In particular, it provides some of the following benefits:

  • Continuous source code quality and security assurance: Static analysis is often applied initially to a large codebase as part of its initial integration as discussed below. However, where it really shines is after an initial code quality and security baseline is established. As each new code block is written (file or function), it can be scanned by the static analysis tools, and developers can deal with the errors and warnings quickly and efficiently before checking code into the build system. Detecting errors and vulnerabilities (and maintaining secure coding standards, discussed below) in the source at the source (developers themselves) yields the biggest impact from the tools.
  • Tainted data detection and analysis: Analysis of the data flows from sources (i.e. interfaces) to sinks (where data gets used in a program) is critical in detecting potential vulnerabilities from tainted data. Any input, whether from a user interface or network connection, if used unchecked, is a potential security vulnerability.  Many attacks are mounted by feeding specially-crafted data into inputs, designed to subvert the behavior of the target system. Unless data is verified to be acceptable both in length and content, it can be used to trigger error conditions or worse. Code injection and data leakage are possible outcomes of these attacks, which can have serious consequences.
  • Third-party code assessment: Most projects are not greenfield development and require the use of existing code within a company or from a third party. Performing testing and dynamic analysis on a large existing codebase is hugely time consuming and may exceed the limits on the budget and schedule. Static analysis is particularly suited to analyzing large code bases and providing meaningful errors and warnings that indicate both security and quality issues. GrammaTech CodeSonar binary analysis can analyze binary-only libraries and provide similar reports as source analysis when source is not available. In addition, CodeSonar binary analysis can work in a mixed source and binary mode to detect errors in the usage of external binary libraries from the source code. 
  • Secure coding standard enforcement: Static analysis tools analyze source syntax and can be used to enforce coding standards. Various code security guidelines are available such as SEI CERT C [2] and Microsoft's Secure Coding Guidelines [3]. Coding standards are good practice because they prevent risky code from becoming future vulnerabilities. As mentioned above, integrating these checks into the build and configuration management system improves the quality and security of code in the product.

As part of a complete tools suite, static analysis provides key capabilities that other tools cannot. The payback for adopting static analysis is the early detection of errors and vulnerabilities that traditional testing tools may miss. This helps ensure a high level of quality and security on an on-going basis.

Conclusion

Machine to machine and IoT device manufacturers incorporating a security-first design philosophy with formal threat assessments, leveraging automated tools, produce devices better secured against the accelerating threats on the Internet. Modifying an existing successful software development process that includes security at the early stages of product development is key. Smart use of automated tools to develop new code and analyze existing and third party code allows development teams to meet strict budget and schedule constraints. Static analysis of both source and binaries plays a key role in a security-first development toolset. 

References

  1. No Silver Bullet – Essence and Accident in Software Engineering, Fred Brooks, 1986
  2. SEI CERT C Coding Standard,
  3. Outsource Code Development Driving Automated Test Tool Market, VDC Research, IoT & Embedded Blog, October 22, 2013

 

Read more…
A security-first approach to developing IoT device software is critical, a key ingredient is an end-to-end threat assessment and analysis. A threat assessment includes taking stock of the various physical connections, potential losses/impacts, threats and the the difficulty of the attack. Importantly, addressing these threats needs to be prioritized based on likelihood and potential impact.
Read more…

Security-First Design for IoT Devices

Machine to Machine (M2M) and Internet of Things (IoT) realities mean that more and more devices are being deployed and connected to each other. This connectivity is both the promise of IoT (data gathering, intelligent control, analytics, etc.) and its Achilles’ heel. With ubiquitous connectivity comes security threats -- the reason security has received such a high profile in recent discussions of IoT.
Read more…

Upcoming IoT Events

More IoT News

How wireless charging works

Wireless charging technology has been around for over 100 years, but it has only recently found mainstream practical use for powering electronic devices like smartphones. Learn how this technology works and what advancements we may see in the future.

How wearables can improve healthcare | TECH(talk)

Wearable tech can help users track their fitness goals, but these devices can also give wearers ownership of their electronic health records. TECH(talk)'s Juliet Beauchamp and Computerworld's Lucas Mearian take a look at how wearable health tech can… Continue

IoT Career Opportunities