@INPROCEEDINGS{192034,    AUTHOR="Pahl, Marc-Oliver",    TITLE="Multi-Tenant IoT Service Management towards an IOT App Economy",    BOOKTITLE="Hot Topics in Network and Service Management (HotNSM) at International Symposium on Integrated Network Management (IM)",    ADDRESS="Washington DC, USA",    DAYS="8-12",    MONTH="apr",    YEAR="2019"}<br><br>@INPROCEEDINGS{192034,    AUTHOR="Pahl, Marc-Oliver",    TITLE="Multi-Tenant IoT Service Management towards an IOT App Economy",    BOOKTITLE="Hot Topics in Network and Service Management (HotNSM) at International Symposium on Integrated Network Management (IM)",    ADDRESS="Washington DC, USA",    DAYS="8-12",    MONTH="apr",    YEAR="2019"}<br><br>@INPROCEEDINGS{192063,    AUTHOR="Pahl, Marc-Oliver and Liebald, Stefan and Wüstrich, Lars",    TITLE="Machine-learning based IoT Data Caching",    BOOKTITLE="Hot Topics in Network and Service Management (HotNSM) at International Symposium on Integrated Network Management (IM)",    ADDRESS="Washington DC, USA",    DAYS="8-12",    MONTH="apr",    YEAR="2019"}<br><br>@INPROCEEDINGS{192063,    AUTHOR="Pahl, Marc-Oliver and Liebald, Stefan and Wüstrich, Lars",    TITLE="Machine-learning based IoT Data Caching",    BOOKTITLE="Hot Topics in Network and Service Management (HotNSM) at International Symposium on Integrated Network Management (IM)",    ADDRESS="Washington DC, USA",    DAYS="8-12",    MONTH="apr",    YEAR="2019"}<br><br>@INPROCEEDINGS{netsys2019:data-centri-vsl,AUTHOR="Pahl, Marc-Oliver and Liebald, Stefan",TITLE="Designing a {Data-Centric} Internet of Things",BOOKTITLE="2019 International Conference on Networked Systems (NetSys) (NetSys'19)",ADDRESS="Garching b. München, Germany",DAYS=17,MONTH=mar,YEAR=2019,ABSTRACT="The oil of the Internet of Things (IoT) is data. Consequently adata-centric or name-based design fits the challenges of the IoT very well.Especially when looking at edge-based approaches introducing a data-centricInternet architecture becomes possible as it does not require any changesat the core. Scalability and latency issues also play a smaller role at theedge, leveraging some problems of data-centric architectures.In this paper we present an edge-based data-centric architecture for theInternet of things (IoT). Our system architecture consists of distributedcomputing nodes. We show how they can manage themselves, forming an overlaythat enables data exchange between IoT services running on any node. Thecore of our abstraction is a hierarchical addressing scheme. We show how itenables complex service discovery. A key feature of our solution is usingdata as interface to services. We show how we solve the challenge ofunifying interfaces.We evaluate our solution in three perspectives: usability, performance interms of latency, and scalability in terms of throughput."}<br><br>@INPROCEEDINGS{netsys2019:data-centri-vsl,AUTHOR="Pahl, Marc-Oliver and Liebald, Stefan",TITLE="Designing a {Data-Centric} Internet of Things",BOOKTITLE="2019 International Conference on Networked Systems (NetSys) (NetSys'19)",ADDRESS="Garching b. München, Germany",DAYS=17,MONTH=mar,YEAR=2019,ABSTRACT="The oil of the Internet of Things (IoT) is data. Consequently adata-centric or name-based design fits the challenges of the IoT very well.Especially when looking at edge-based approaches introducing a data-centricInternet architecture becomes possible as it does not require any changesat the core. Scalability and latency issues also play a smaller role at theedge, leveraging some problems of data-centric architectures.In this paper we present an edge-based data-centric architecture for theInternet of things (IoT). Our system architecture consists of distributedcomputing nodes. We show how they can manage themselves, forming an overlaythat enables data exchange between IoT services running on any node. Thecore of our abstraction is a hierarchical addressing scheme. We show how itenables complex service discovery. A key feature of our solution is usingdata as interface to services. We show how we solve the challenge ofunifying interfaces.We evaluate our solution in three perspectives: usability, performance interms of latency, and scalability in terms of throughput."}<br><br>@INPROCEEDINGS{189450,    AUTHOR="Pahl, Marc-Oliver and Liebald, Stefan",    TITLE="A Modular Distributed IoT Service Discovery",    BOOKTITLE="International Symposium on Integrated Network Management (IM)",    ADDRESS="Washington DC, USA",    DAYS="8-12",    MONTH="apr",    YEAR="2019",    ABSTRACT="The Internet of Things (IoT) consists of collaborating microservices ($\mu$Ss). Some services offer interfaces to manage entities, others implement orchestration logic, yet others interface users. Dynamic binding of services is fundamental to enable portability and adaptivity of $\mu$Ss to their local (service) context. The central challenge of service composition is service discovery. Service discovery has been investigated a lot in the past. However, the focus was on low ISO/ OSI layer technologies such as UPNP or Bonjour. Implementing the IoT as a Service-Oriented Architecture (SOA) of $\mu$Ss requires a significantly more feature rich discovery on the application layer. A major challenge here is that the IoT is more heterogeneous and dynamic than classic IT SOA systems. The IoT therefore requires a novel service discovery. We present a semantically rich yet simple to use IoT service discovery mechanism. It consists of distributed so called search providers that implement semantic directories, and a federation mechanism that allows mapping complex search queries to simple search provider modules. Our approach reflects the heterogeneity of managed entities, and the dynamic adaptivity required to reflect the continuous changes of IoT spaces. We evaluate our solution qualitatively with a user study and quantitatively via latency measurements.",    KEYWORDS="Internet of Things Networks ; Internet of Things Services ; Context-Aware Services ; Fog and Mobile Edge Computing ",    URL="http://XXXXX/189450.pdf"}<br><br>@INPROCEEDINGS{189450,    AUTHOR="Pahl, Marc-Oliver and Liebald, Stefan",    TITLE="A Modular Distributed IoT Service Discovery",    BOOKTITLE="International Symposium on Integrated Network Management (IM)",    ADDRESS="Washington DC, USA",    DAYS="8-12",    MONTH="apr",    YEAR="2019",    ABSTRACT="The Internet of Things (IoT) consists of collaborating microservices ($\mu$Ss). Some services offer interfaces to manage entities, others implement orchestration logic, yet others interface users. Dynamic binding of services is fundamental to enable portability and adaptivity of $\mu$Ss to their local (service) context. The central challenge of service composition is service discovery. Service discovery has been investigated a lot in the past. However, the focus was on low ISO/ OSI layer technologies such as UPNP or Bonjour. Implementing the IoT as a Service-Oriented Architecture (SOA) of $\mu$Ss requires a significantly more feature rich discovery on the application layer. A major challenge here is that the IoT is more heterogeneous and dynamic than classic IT SOA systems. The IoT therefore requires a novel service discovery. We present a semantically rich yet simple to use IoT service discovery mechanism. It consists of distributed so called search providers that implement semantic directories, and a federation mechanism that allows mapping complex search queries to simple search provider modules. Our approach reflects the heterogeneity of managed entities, and the dynamic adaptivity required to reflect the continuous changes of IoT spaces. We evaluate our solution qualitatively with a user study and quantitatively via latency measurements.",    KEYWORDS="Internet of Things Networks ; Internet of Things Services ; Context-Aware Services ; Fog and Mobile Edge Computing ",    URL="http://XXXXX/189450.pdf"}<br><br>@INPROCEEDINGS{189451,    AUTHOR="Pahl, Marc-Oliver and Donini, Lorenzo",    TITLE="Giving IoT Edge Services an Identity and Changeable Attributes",    BOOKTITLE="International Symposium on Integrated Network Management (IM)",    ADDRESS="Washington DC, USA",    DAYS="8-12",    MONTH="apr",    YEAR="2019",    ABSTRACT="The Internet of Things (IoT) is managed by soft- ware. This software interfaces our physical surroundings. For a successful deployment of the IoT, providing adequate service security is essential. However, with its distributed heterogeneous nature, and its different stakeholders in the development process, securing IoT services is challenging. In this work we how certificates can be used to give services an identity for authentication. We show how the mechanism can be used to securely add attributes to the service executable. To reflect the dynamic distributed nature of the IoT, we show how the securely added attributes can be changed at runtime and how security policies can be enforced even on distributed loosely coupled IoT nodes. Our solution is based on pinning X.509v3 certificates to the service executables, and autonomously managing short certificate lifetimes for ensuring the desired security policies within guaranteed time limits. Besides the feasibility of our approach we asses the resulting traffic of the renewals and the power consumption of this process.",    KEYWORDS="Internet of Things Networks ; Internet of Things Services ; Security Services ; Security Services ; Fog and Mobile Edge Computing ; Deployment of Services ",    URL="http://XXXXX/189451.pdf"}<br><br>@INPROCEEDINGS{189451,    AUTHOR="Pahl, Marc-Oliver and Donini, Lorenzo",    TITLE="Giving IoT Edge Services an Identity and Changeable Attributes",    BOOKTITLE="International Symposium on Integrated Network Management (IM)",    ADDRESS="Washington DC, USA",    DAYS="8-12",    MONTH="apr",    YEAR="2019",    ABSTRACT="The Internet of Things (IoT) is managed by soft- ware. This software interfaces our physical surroundings. For a successful deployment of the IoT, providing adequate service security is essential. However, with its distributed heterogeneous nature, and its different stakeholders in the development process, securing IoT services is challenging. In this work we how certificates can be used to give services an identity for authentication. We show how the mechanism can be used to securely add attributes to the service executable. To reflect the dynamic distributed nature of the IoT, we show how the securely added attributes can be changed at runtime and how security policies can be enforced even on distributed loosely coupled IoT nodes. Our solution is based on pinning X.509v3 certificates to the service executables, and autonomously managing short certificate lifetimes for ensuring the desired security policies within guaranteed time limits. Besides the feasibility of our approach we asses the resulting traffic of the renewals and the power consumption of this process.",    KEYWORDS="Internet of Things Networks ; Internet of Things Services ; Security Services ; Security Services ; Fog and Mobile Edge Computing ; Deployment of Services ",    URL="http://XXXXX/189451.pdf"}<br><br>@INPROCEEDINGS{Pahl1811:All,AUTHOR="Pahl, Marc-Oliver and Aubet, Francois-Xavier",TITLE="All Eyes on You: Distributed {Multi-Dimensional} {IoT} Microservice AnomalyDetection",BOOKTITLE="2018 14th International Conference on Network and Service Management (CNSM)(CNSM 2018)",ADDRESS="Rome, Italy",DAYS=4,MONTH=nov,  webpdf = {https://s2labs.org/download/publications/2018-11_CNSM_All_Eyes_On_You_pahl.pdf},YEAR=2018,ABSTRACT="The Internet of Things (IoT) is a Distributed System of cooperatingMicroservices (μSs). IoT services manage devices that monitor and controltheir environments. The interaction of the IoT with the physicalenvironment creates strong security, privacy, and safety implications. Itmakes providing adequate security for IoT μSs essential. However, thecomplexity of IoT services makes detecting anomalous behavior difficult.We present a machine-learning based approach for modeling IoT servicebehavior by only observing inter-service communication. Our algorithmcontinuously learns μS models on distributed IoT nodes within an IoT site.Combining the learned models within and in-between IoT sites converges ourμS models within short time. Sharing the resulting stable models amongcompute nodes enables good anomaly detection.As one application, firewalling IoT μSs becomes possible. Combining ourautonomous μS modeling with firewalling enables retrofitting security toexisting IoT installations. We enable retrofitting access control toexisting non-secure IoT installations.Our proposed approach is resource efficient matching the requirements ofthe IoT. To evaluate the quality of our proposed algorithm, we show thebehavior of our proposed algorithm for a set of common IoT attacks. Weevaluate how domain knowledge enables us to decorrelate events on a node,and how adding context features improves the detection rate."}<br><br>@INPROCEEDINGS{Pahl1811:All,AUTHOR="Pahl, Marc-Oliver and Aubet, Francois-Xavier",TITLE="All Eyes on You: Distributed {Multi-Dimensional} {IoT} Microservice AnomalyDetection",BOOKTITLE="2018 14th International Conference on Network and Service Management (CNSM)(CNSM 2018)",ADDRESS="Rome, Italy",DAYS=4,MONTH=nov,  webpdf = {https://s2labs.org/download/publications/2018-11_CNSM_All_Eyes_On_You_pahl.pdf},YEAR=2018,ABSTRACT="The Internet of Things (IoT) is a Distributed System of cooperatingMicroservices (μSs). IoT services manage devices that monitor and controltheir environments. The interaction of the IoT with the physicalenvironment creates strong security, privacy, and safety implications. Itmakes providing adequate security for IoT μSs essential. However, thecomplexity of IoT services makes detecting anomalous behavior difficult.We present a machine-learning based approach for modeling IoT servicebehavior by only observing inter-service communication. Our algorithmcontinuously learns μS models on distributed IoT nodes within an IoT site.Combining the learned models within and in-between IoT sites converges ourμS models within short time. Sharing the resulting stable models amongcompute nodes enables good anomaly detection.As one application, firewalling IoT μSs becomes possible. Combining ourautonomous μS modeling with firewalling enables retrofitting security toexisting IoT installations. We enable retrofitting access control toexisting non-secure IoT installations.Our proposed approach is resource efficient matching the requirements ofthe IoT. To evaluate the quality of our proposed algorithm, we show thebehavior of our proposed algorithm for a set of common IoT attacks. Weevaluate how domain knowledge enables us to decorrelate events on a node,and how adding context features improves the detection rate."}<br><br>