Designing and assessing the security of IoT systems is very challenging, mainly due to the fact that new threats and vulnerabilities affecting IoT devices are continually discovered and published. Moreover, new (typically low-cost) devices are continuously plugged-in into IoT systems, thus introducing unpredictable security issues. This paper proposes a methodology aimed at automating the threat modeling and risk analysis processes for an IoT system. Such methodology enables to identify existing threats and related countermeasures and relies upon an open catalogue, built in the context of EU projects, for gathering information about threats and vulnerabilities of the IoT system under analysis. In order to validate the proposed methodology, we applied it to a real case study, based on a commercial smart home application.
Automated risk analysis for IOT systems
Villano U.
2019-01-01
Abstract
Designing and assessing the security of IoT systems is very challenging, mainly due to the fact that new threats and vulnerabilities affecting IoT devices are continually discovered and published. Moreover, new (typically low-cost) devices are continuously plugged-in into IoT systems, thus introducing unpredictable security issues. This paper proposes a methodology aimed at automating the threat modeling and risk analysis processes for an IoT system. Such methodology enables to identify existing threats and related countermeasures and relies upon an open catalogue, built in the context of EU projects, for gathering information about threats and vulnerabilities of the IoT system under analysis. In order to validate the proposed methodology, we applied it to a real case study, based on a commercial smart home application.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.