Toward the automation of threat modeling and risk assessment in IoT systems

Internet of Things - Tập 7 - Trang 100056 - 2019
Valentina Casola1, Alessandra De Benedictis1, Massimiliano Rak2, Umberto Villano3
1Department of Electrical Engineering and Information Technologies, University of Naples, Via Claudio 21, 80125, Italy
2Department of Computer Engineering, University of Campania Luigi Vanvitelli, Via Roma 29, 81031, Aversa, Italy
3Department of Engineering, University of Sannio, Via Traiano 3, 82100, Benevento, Italy

Tài liệu tham khảo

Di Martino, 2018, Internet of things reference architectures, security and interoperability: a survey, Interne. Things, 1–2, 99, 10.1016/j.iot.2018.08.008 Internet of Things Reference Architecture (IoT RA). ISO/IEC CD 30141:20160910(E). ISO; 2016. Geneva, Switzerland. Rak, 2019, Automated risk analysis for iot systems OWASP, The OWASP Risk Rating Methodology Wiki Page, https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology (accessed 20 May 2019). I. Gartner, Forecast: Internet of things endpoints and associated services, worldwide, 2017, (https://www.gartner.com/doc/3840665/forecast-internet-things--endpoints). Kolias, 2017, Ddos in the IoT: Mirai and other botnets, Computer, 50, 80, 10.1109/MC.2017.201 Khan, 2018, Five acts of consumer behavior: A potential security and privacy threat to internet of things, 1 Weyrich, 2016, Reference architectures for the internet of things, IEEE Softw., 33, 112, 10.1109/MS.2016.20 Yaqoob, 2017, Internet of things architecture: Recent advances, taxonomy, requirements, and open challenges, IEEE Wirel. Commun., 24, 10, 10.1109/MWC.2017.1600421 Borgia, 2014, The internet of things vision: Key features, applications and open issues, Comput. Commun., 54, 1, 10.1016/j.comcom.2014.09.008 Xu, 2014, Internet of things in industries: a survey, IEEE Trans. Indust. Inf., 10, 2233, 10.1109/TII.2014.2300753 S.-W. Lin (Thingswise), M. Crawford (SAP) and M. Stephen (IIC), eds. The Industrial Internet of Things Volume G1: Reference Architecture. Report no. IIC:PUB:G1:V1.80:20170131. Industrial Internet Consortium, 2017. F. Carrez, eds. Deliverable D1.5 Final architectural reference model for the IoT v3.0. IoT-A Consortium, 2013. 2015 Minoli, 2017, IoT security (IoTSec) considerations, requirements, and architectures, 1006 Zhao, 2013, A survey on the internet of things security, 663 Yang, 2017, A survey on security and privacy issues in internet-of-things, IEEE Internet Things J., 4, 1250, 10.1109/JIOT.2017.2694844 Mosenia, 2017, A comprehensive study of security of internet-of-things, IEEE Trans. Emerg. Top. Comput., 5, 586, 10.1109/TETC.2016.2606384 Rizvi, 2018, Securing the internet of things (iot): a security taxonomy for iot, 163 Alaba, 2017, Internet of Things security: a survey, J. Netw. Comput. Appl., 88, 10, 10.1016/j.jnca.2017.04.002 Riahi Sfar, 2018, A roadmap for security challenges in the Internet of Things, Dig. Commun. Netw., 4, 118, 10.1016/j.dcan.2017.04.003 Sicari, 2015, Security, privacy and trust in Internet of Things: The road ahead, Comput. Netw., 76, 146, 10.1016/j.comnet.2014.11.008 Roman, 2013, On the features and challenges of security and privacy in distributed internet of things, Comput. Netw., 57, 2266, 10.1016/j.comnet.2012.12.018 Kasinathan, 2013, Denial-of-Service detection in 6LoWPAN based Internet of Things, 600 Hodo, 2016, Threat analysis of iot networks using artificial neural network intrusion detection system, 1 Lewis, 2018, Using graph databases to assess the security of thingernets based on the thingabilities and thingertivity of things, 1 National Institute of Standards and Technology, 2013, SP 800–53 Rev 4: Recommended Security and Privacy Controls for Federal Information Systems and Organizations MicroBees, The MicroBees web site, 2018. Rak, 2017, Security assurance of (multi-)cloud application with security SLA composition, Lect. Notes Comput. Sci., 10232, 786, 10.1007/978-3-319-57186-7_57 Casola, 2018, Security-by-design in multi-cloud applications: an optimization approach, Inf. Sci., 454–455, 344, 10.1016/j.ins.2018.04.081 Microsoft Corporation, The STRIDE Threat Model, 2016 https://docs.microsoft.com/en-us/previous-versions/commerce-server/ee823878(v=cs.20). Casola, 2018, Towards automated penetration testing for cloud applications, 24