BRAIN-IoT looks at heterogeneous IoT scenarios where instances of IoT architectures can be built dynamically combining and federating a distributed set of IoT services, IoT platforms and other enabling functionalities made available in marketplaces and accessible by means of open and standard IoT APIs and protocols.

At the bottom of the conceptual architecture, the IoT Devices and Gateways layer represents all physical world IoT devices with sensing or actuating capabilities, computing devices and includes complex subsystems such as autonomous robots and critical control devices. It is worth observing that BRAIN-IoT specifically aims to support the integration into an IoT environment of devices and subsystems with actuation features that could possible give rise to mixed-criticality situations and require the implementation of distributed processing approaches.
The BRAIN-IoT Management capabilities includes all the features needed to support the envisioned fully de-centralized scenario dynamically integrating heterogeneous IoT Devices and Gateways as well as

1. IoT Services – third party services accessible through open interfaces and offering data or various functionalities including data storage, data statistics and analytics, data visualization;
2. IoT Platforms – instances of open IoT platforms whose configuration and functionalities can be dynamically updated;
3. IoT Modules – enabling functionalities (e.g., smart control features, data processing, data storage) that can be associated to a specific IoT platform instance and composed in order to meet given functional requirements.

Concerning the IoT Modules, the ones supporting smart control features are particularly relevant for the BRAIN-IoT challenging scenarios encompassing heterogeneous sensors and actuators autonomously cooperating in complex, dynamic tasks, possibly across different IoT Platforms. BRAIN-IoT will then develop a library of IoT modules implementing algorithms promoting collaborative context-based behaviours, control solutions based on Machine Learning Control, real-time data analysis and knowledge extraction techniques. Concerning the IoT Platforms, BRAIN-IoT will support different existing IoT solutions including e.g., ALMANAC, sensiNact, VIRTUS, SICA (supported by consortium partners) as well as FIWARE and SOFIA. All the above IoT building blocks can be described by a set of open and extendable vocabularies as well as semantic and behavioural models. This actually allows moving forward an easier, automated and dynamic integration within the BRAIN-IoT environment of new and existing IoT Services, Platforms and Modules available for traditional IoT applications. In fact, BRAIN-IoT defines a new meta-language, namely the IoT Modelling Language (IoT-ML), which uses the above set of vocabularies and models to formally describe an IoT Instance i.e., how a given set of IoT services and Platforms are interconnected with each other and federated and which IoT Modules are associated to the considered IoT Platforms. IoT-ML will base on existing solutions provided by OMG and W3C.
The Decentralized IoT Instances management is instead in charge of offering the capabilities needed to support the dynamic composition of a given set of IoT building blocks into a specific IoT Instance.
The vision is to progress from the fog computing paradigm and create distributed IoT Micro-cloud environments hosting IoT Platforms and IoT Modules and advertising their runtime capabilities. The resulting Micro-cloud environments are enhanced with management capabilities that allow search and discovery operations and their dynamic federation to form a specific IoT instance. These capabilities pave the way toward highly dynamic scenarios where IoT Modules and relevant functionalities can be composed and migrated runtime from one IoT Platform to another, complex tasks can be dynamically distributed between the edge and the cloud IoT Platforms depending on variable requirements and where IoT Instances can be fully reconfigured adding/removing runtime new IoT building blocks from the federation. BRAIN-IoT will also provide peculiar management strategies and techniques permitting the dynamic deployment/transfer of Smart Control IoT Modules across mixed edge and cloud environments.
The Decentralized IoT Instances management also handles advanced IoT Instances configurations, properly orchestrating external IoT services with other IoT building blocks active in the resulting BRAIN-IoT fog environment. Finally, monitoring components allow to continuously supervise the overall IoT Instance and relevant composite application. In this way, it is possible to check the status of the federated building blocks, provide alerting, reporting and logging mechanisms and, if needed, trigger an IoT Instance reconfiguration e.g., because of a failure in one of the adopted IoT Modules, Platforms or Services.
All the described management capabilities will base on relevant industry standards i.e., W3C Web of Things and OSGi, and will be extended to support agile composition and orchestration. The scalability aspects will be taken into careful consideration to support effective discovery and search of a potential high number of IoT building blocks.
The orchestration process is conceived in such a way that it is possible to import/link IoT Modules, Platforms and Services made available from a BRAIN-IoT Marketplace characterized by a relevant set of open APIs. The concept is to not have just a single unique marketplace but rather to propose a mechanism and a set of adaptors by which a BRAIN-IoT developer can benefit from a set of already existing marketplaces properly integrated in the BRAIN-IoT federated environment. More specifically, BigIoT and COMPOSITION marketplaces will be possibly exploited thanks to the involvement of few BRAIN-IoT partners in the relevant EU projects.
From the security and privacy perspective, IoT currently presents inherent weaknesses mainly related to the design phase. To provide secure IoT solutions, modelling and analysis need to be integrated in the design and validation of application scenarios and IoT architectures. If the focus moves to a scenario, like the one proposed, where different heterogeneous building blocks are dynamically composed, additional security and privacy concerns arise.
As a consequence, BRAIN-IoT first provides a methodology to address security in the considered fog environment. More specifically, BRAIN-IoT will extend the successful methods of attack tree modelling and quantitative analysis to support secure composable IoT systems. The extension will enable transparent risk assessment of IoT security architectures, i.e., it will address the needs and potential risks involved in an IoT environment specifying when and where to apply security controls in an understandable way thus raising user-awareness and trustworthiness.
Second, BRAIN-IoT integrates Decentralized Security and Privacy Capabilities including Authentication, Authorization and Accounting for the overall distributed fog environment and end-to-end security for IoT data-flows. The adoption of fully distributed security architectures exploiting the block-chain technology will be investigated. A cross-platforms framework facilitating the adoption of privacy control policies is also hosted in the BRAIN-IoT environment. The objective is to provide end users with the means to easily monitor and control which data to collect and to who make it available.
The overall depicted concept draws requirements and challenging use cases from IoT applications in two usage scenarios, namely Service Robotics and Critical Infrastructure Management, which provide the suitable setting to reflect future challenges in terms of dependability, need for smart behaviour, security and privacy/data ownership management which are expected to become more significant and impacting in the long-term (10+years).

Requirements and challenges related to the large-scale nature of IoT applications are instead drawn from other Large-Scale Pilots (LSP) initiatives, leveraging challenges proposed and lessons learned from other on-going EU initiatives.
As already mentioned, one of the most peculiar aspects being considered in BRAIN-IoT is the management of actuation capabilities in the considered Fog environment. In this context, the possibility to easily develop the previously introduced smart control features is pretty relevant. To this aim, BRAIN-IoT will evolve from already existing solutions such Papyrus and Dog and develop Model Binding and Synthesis tools extended to support the BRAIN-IoT open vocabularies and models, the IoT-ML and other IoT related standards. The resulting toolset will be used to develop novel Smart Control Features that could be possibly published as IoT Modules in the BRAIN-IoT Marketplace, as depicted in the following figure.

Finally, next figure summarizes the above description of the BRAIN-IoT environment offering a possible deployment view along with a set of possible configurations of an IoT Instance with different distribution of the IoT building blocks between edge and cloud.