A Methodological Approach for the Security Analysis of FIWARE Technology

Juan Pablo Perata; Gustavo Betarte

doi:10.19153/cleiej.27.4.2

CLEI Electronic Journal (Sep 2024)

A Methodological Approach for the Security Analysis of FIWARE Technology

Juan Pablo Perata,
Gustavo Betarte

Affiliations

Juan Pablo Perata: Facultad de Ingeniería, Universidad de la República
Gustavo Betarte

DOI: https://doi.org/10.19153/cleiej.27.4.2
Journal volume & issue: Vol. 27, no. 4

Abstract

Read online

This paper presents the results of a security assessment of FIWARE technology. We adopted an offensive perspective to identify vulnerabilities in deploying FIWARE components in specific architecture configurations. We identify security issues by experimenting in a locally controlled environment and propose a threat model following the OWASP methodology. We implemented attacks for three of the identified attack goals and validated our approach with an exploratory analysis of an actual working and productive FIWARE platform. This analysis helped us distinguish different types of attacks, and we ended up with recommendations for components, architecture, and access control.

Published in CLEI Electronic Journal

ISSN: 0717-5000 (Online)
Publisher: Centro Latinoamericano de Estudios en Informática
Country of publisher: Chile
LCC subjects: Science: Mathematics: Instruments and machines: Electronic computers. Computer science
Website: http://www.clei.org/cleiej/

About the journal

Abstract

Keywords