AI-RMF-Governed, Zero-Trust Architecture for AI-Enabled IoTaaS: An Industrial Perspective

Julio Yair Rivera; Cesar Viloria Nunez; Erwin J. Sacoto Cabrera; Eduardo Ahumada Tello; Mobashar Mubarik; Angel Pinto

doi:10.1109/GCAIoT68269.2025.11275565

AI-RMF-Governed, Zero-Trust Architecture for AI-Enabled IoTaaS: An Industrial Perspective

Julio Yair Rivera
, Cesar Viloria Nunez
, Erwin J. Sacoto Cabrera
, Eduardo Ahumada Tello
, Mobashar Mubarik
, Angel Pinto

Research Group in Cloud Computing Smart Cities & High Performance Computing (GIHP4C)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The convergence of Artificial Intelligence (AI) and the Internet of Things (IoT) has enabled the IoT-as-a-Service (IoTaaS) paradigm, offering scalable, cloud-integrated solutions for industrial environments. However, the resulting attack surface includes AI-specific threats that current IoT security frameworks do not adequately address. This paper presents a five-layer, AI RMF-governed, zero-trust architecture for AIenabled IoTaaS, targeting three high-impact OWASP IoT Top10 categories: sensor data poisoning (IoT04), firmware/model tampering (IoT05), and unsafe command injection (IoT02). The design combines topology- and ontology-aware validation, edge sandboxing, privacy-preserving gateways, and hardwarebacked remote attestation, with all controls integrated into the AI RMF Govern-Map-Measure-Manage loop. Evaluation on a validated industrial IoT testbed achieved a Poison Detection Rate (PDR) of 94.6% and an Unsafe Command Suppression Rate (UCSR) of 91.3%, with a median added latency of 66 ms (p90=352 ms). These results demonstrate that layered AI-driven controls can substantially improve industrial IoT security without compromising real-time operational constraints, while providing governance-aligned risk visibility and a pathway for regulatory compliance.

Original language	English
Title of host publication	2025 IEEE Global Conference on Artificial Intelligence and Internet of Things, GCAIoT 2025
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9798331568795
DOIs	https://doi.org/10.1109/GCAIoT68269.2025.11275565
State	Published - 2025
Event	2025 IEEE Global Conference on Artificial Intelligence and Internet of Things, GCAIoT 2025 - Ben Guerir, Morocco Duration: 23 Nov 2025 → 25 Nov 2025

Publication series

Name	2025 IEEE Global Conference on Artificial Intelligence and Internet of Things, GCAIoT 2025

Conference

Conference	2025 IEEE Global Conference on Artificial Intelligence and Internet of Things, GCAIoT 2025
Country/Territory	Morocco
City	Ben Guerir
Period	23/11/25 → 25/11/25

Bibliographical note

Publisher Copyright:
© 2025 IEEE.

Keywords

Artificial Intelligence
Industrial Internet of Things
Internet of Things
Risk Management
Zero Trust Security

Access to Document

10.1109/GCAIoT68269.2025.11275565

Cite this

Yair Rivera, J., Viloria Nunez, C., Sacoto Cabrera, E. J., Ahumada Tello, E., Mubarik, M., & Pinto, A. (2025). AI-RMF-Governed, Zero-Trust Architecture for AI-Enabled IoTaaS: An Industrial Perspective. In 2025 IEEE Global Conference on Artificial Intelligence and Internet of Things, GCAIoT 2025 (2025 IEEE Global Conference on Artificial Intelligence and Internet of Things, GCAIoT 2025). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/GCAIoT68269.2025.11275565

Yair Rivera, Julio ; Viloria Nunez, Cesar ; Sacoto Cabrera, Erwin J. et al. / AI-RMF-Governed, Zero-Trust Architecture for AI-Enabled IoTaaS : An Industrial Perspective. 2025 IEEE Global Conference on Artificial Intelligence and Internet of Things, GCAIoT 2025. Institute of Electrical and Electronics Engineers Inc., 2025. (2025 IEEE Global Conference on Artificial Intelligence and Internet of Things, GCAIoT 2025).

@inproceedings{005e84b3b04b435398b083024622d484,

title = "AI-RMF-Governed, Zero-Trust Architecture for AI-Enabled IoTaaS: An Industrial Perspective",

abstract = "The convergence of Artificial Intelligence (AI) and the Internet of Things (IoT) has enabled the IoT-as-a-Service (IoTaaS) paradigm, offering scalable, cloud-integrated solutions for industrial environments. However, the resulting attack surface includes AI-specific threats that current IoT security frameworks do not adequately address. This paper presents a five-layer, AI RMF-governed, zero-trust architecture for AIenabled IoTaaS, targeting three high-impact OWASP IoT Top10 categories: sensor data poisoning (IoT04), firmware/model tampering (IoT05), and unsafe command injection (IoT02). The design combines topology- and ontology-aware validation, edge sandboxing, privacy-preserving gateways, and hardwarebacked remote attestation, with all controls integrated into the AI RMF Govern-Map-Measure-Manage loop. Evaluation on a validated industrial IoT testbed achieved a Poison Detection Rate (PDR) of 94.6\% and an Unsafe Command Suppression Rate (UCSR) of 91.3\%, with a median added latency of 66 ms (p90=352 ms). These results demonstrate that layered AI-driven controls can substantially improve industrial IoT security without compromising real-time operational constraints, while providing governance-aligned risk visibility and a pathway for regulatory compliance.",

keywords = "Artificial Intelligence, Industrial Internet of Things, Internet of Things, Risk Management, Zero Trust Security",

author = "\{Yair Rivera\}, Julio and \{Viloria Nunez\}, Cesar and \{Sacoto Cabrera\}, \{Erwin J.\} and \{Ahumada Tello\}, Eduardo and Mobashar Mubarik and Angel Pinto",

note = "Publisher Copyright: {\textcopyright} 2025 IEEE.; 2025 IEEE Global Conference on Artificial Intelligence and Internet of Things, GCAIoT 2025 ; Conference date: 23-11-2025 Through 25-11-2025",

year = "2025",

doi = "10.1109/GCAIoT68269.2025.11275565",

language = "English",

series = "2025 IEEE Global Conference on Artificial Intelligence and Internet of Things, GCAIoT 2025",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "2025 IEEE Global Conference on Artificial Intelligence and Internet of Things, GCAIoT 2025",

address = "United States",

}

Yair Rivera, J, Viloria Nunez, C, Sacoto Cabrera, EJ, Ahumada Tello, E, Mubarik, M & Pinto, A 2025, AI-RMF-Governed, Zero-Trust Architecture for AI-Enabled IoTaaS: An Industrial Perspective. in 2025 IEEE Global Conference on Artificial Intelligence and Internet of Things, GCAIoT 2025. 2025 IEEE Global Conference on Artificial Intelligence and Internet of Things, GCAIoT 2025, Institute of Electrical and Electronics Engineers Inc., 2025 IEEE Global Conference on Artificial Intelligence and Internet of Things, GCAIoT 2025, Ben Guerir, Morocco, 23/11/25. https://doi.org/10.1109/GCAIoT68269.2025.11275565

AI-RMF-Governed, Zero-Trust Architecture for AI-Enabled IoTaaS: An Industrial Perspective. / Yair Rivera, Julio; Viloria Nunez, Cesar; Sacoto Cabrera, Erwin J. et al.
2025 IEEE Global Conference on Artificial Intelligence and Internet of Things, GCAIoT 2025. Institute of Electrical and Electronics Engineers Inc., 2025. (2025 IEEE Global Conference on Artificial Intelligence and Internet of Things, GCAIoT 2025).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - AI-RMF-Governed, Zero-Trust Architecture for AI-Enabled IoTaaS

T2 - 2025 IEEE Global Conference on Artificial Intelligence and Internet of Things, GCAIoT 2025

AU - Yair Rivera, Julio

AU - Viloria Nunez, Cesar

AU - Sacoto Cabrera, Erwin J.

AU - Ahumada Tello, Eduardo

AU - Mubarik, Mobashar

AU - Pinto, Angel

PY - 2025

Y1 - 2025

N2 - The convergence of Artificial Intelligence (AI) and the Internet of Things (IoT) has enabled the IoT-as-a-Service (IoTaaS) paradigm, offering scalable, cloud-integrated solutions for industrial environments. However, the resulting attack surface includes AI-specific threats that current IoT security frameworks do not adequately address. This paper presents a five-layer, AI RMF-governed, zero-trust architecture for AIenabled IoTaaS, targeting three high-impact OWASP IoT Top10 categories: sensor data poisoning (IoT04), firmware/model tampering (IoT05), and unsafe command injection (IoT02). The design combines topology- and ontology-aware validation, edge sandboxing, privacy-preserving gateways, and hardwarebacked remote attestation, with all controls integrated into the AI RMF Govern-Map-Measure-Manage loop. Evaluation on a validated industrial IoT testbed achieved a Poison Detection Rate (PDR) of 94.6% and an Unsafe Command Suppression Rate (UCSR) of 91.3%, with a median added latency of 66 ms (p90=352 ms). These results demonstrate that layered AI-driven controls can substantially improve industrial IoT security without compromising real-time operational constraints, while providing governance-aligned risk visibility and a pathway for regulatory compliance.

AB - The convergence of Artificial Intelligence (AI) and the Internet of Things (IoT) has enabled the IoT-as-a-Service (IoTaaS) paradigm, offering scalable, cloud-integrated solutions for industrial environments. However, the resulting attack surface includes AI-specific threats that current IoT security frameworks do not adequately address. This paper presents a five-layer, AI RMF-governed, zero-trust architecture for AIenabled IoTaaS, targeting three high-impact OWASP IoT Top10 categories: sensor data poisoning (IoT04), firmware/model tampering (IoT05), and unsafe command injection (IoT02). The design combines topology- and ontology-aware validation, edge sandboxing, privacy-preserving gateways, and hardwarebacked remote attestation, with all controls integrated into the AI RMF Govern-Map-Measure-Manage loop. Evaluation on a validated industrial IoT testbed achieved a Poison Detection Rate (PDR) of 94.6% and an Unsafe Command Suppression Rate (UCSR) of 91.3%, with a median added latency of 66 ms (p90=352 ms). These results demonstrate that layered AI-driven controls can substantially improve industrial IoT security without compromising real-time operational constraints, while providing governance-aligned risk visibility and a pathway for regulatory compliance.

KW - Artificial Intelligence

KW - Industrial Internet of Things

KW - Internet of Things

KW - Risk Management

KW - Zero Trust Security

UR - https://www.scopus.com/pages/publications/105031646619

U2 - 10.1109/GCAIoT68269.2025.11275565

DO - 10.1109/GCAIoT68269.2025.11275565

M3 - Conference contribution

AN - SCOPUS:105031646619

T3 - 2025 IEEE Global Conference on Artificial Intelligence and Internet of Things, GCAIoT 2025

BT - 2025 IEEE Global Conference on Artificial Intelligence and Internet of Things, GCAIoT 2025

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 23 November 2025 through 25 November 2025

ER -

Yair Rivera J, Viloria Nunez C, Sacoto Cabrera EJ, Ahumada Tello E, Mubarik M, Pinto A. AI-RMF-Governed, Zero-Trust Architecture for AI-Enabled IoTaaS: An Industrial Perspective. In 2025 IEEE Global Conference on Artificial Intelligence and Internet of Things, GCAIoT 2025. Institute of Electrical and Electronics Engineers Inc. 2025. (2025 IEEE Global Conference on Artificial Intelligence and Internet of Things, GCAIoT 2025). doi: 10.1109/GCAIoT68269.2025.11275565

AI-RMF-Governed, Zero-Trust Architecture for AI-Enabled IoTaaS: An Industrial Perspective

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Cite this