A Comprehensive Approach for Applying Threat Modeling to Internet of Things Systems

2022 IEEE 8th World Forum on Internet of Things (WF-IoT) Pub Date : 2022-10-26 DOI:10.1109/WF-IoT54382.2022.10152291

Lucas Peixoto da Silva, Bernardo S. Nascimento, Rafael A. Mello P. Dias, D. S. Mendonça

{"title":"A Comprehensive Approach for Applying Threat Modeling to Internet of Things Systems","authors":"Lucas Peixoto da Silva, Bernardo S. Nascimento, Rafael A. Mello P. Dias, D. S. Mendonça","doi":"10.1109/WF-IoT54382.2022.10152291","DOIUrl":null,"url":null,"abstract":"Internet of Things (IoT) technologies are being increasingly used by society. Industry, Agriculture, and Healthcare are examples of areas where IoT is intensively used. In this way, security became a primary concern for IoT systems since its lack can cause considerable damages from the disclosure of restricted information to the loss of lives. Threat Modeling is a well-known approach to mitigating security threats in information systems. However, to appropriately applying Threat Modeling to the IoT context is necessary to adjust the modeling to consider attacks that affect the security of those systems. This work presents a comprehensive approach for applying threat modeling to IoT systems. We performed survey-of-surveys on attacks and countermeasures for IoT and used this survey as input for traditional Threat Modeling techniques such as STRIDE and DREAD. We applied the adjusted approach to an open-source smart lock system finding some possible attacks. We present the process's steps to other practitioners performing threat modeling for IoT systems.","PeriodicalId":176605,"journal":{"name":"2022 IEEE 8th World Forum on Internet of Things (WF-IoT)","volume":"43 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 8th World Forum on Internet of Things (WF-IoT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WF-IoT54382.2022.10152291","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Internet of Things (IoT) technologies are being increasingly used by society. Industry, Agriculture, and Healthcare are examples of areas where IoT is intensively used. In this way, security became a primary concern for IoT systems since its lack can cause considerable damages from the disclosure of restricted information to the loss of lives. Threat Modeling is a well-known approach to mitigating security threats in information systems. However, to appropriately applying Threat Modeling to the IoT context is necessary to adjust the modeling to consider attacks that affect the security of those systems. This work presents a comprehensive approach for applying threat modeling to IoT systems. We performed survey-of-surveys on attacks and countermeasures for IoT and used this survey as input for traditional Threat Modeling techniques such as STRIDE and DREAD. We applied the adjusted approach to an open-source smart lock system finding some possible attacks. We present the process's steps to other practitioners performing threat modeling for IoT systems.

查看原文本刊更多论文

威胁建模在物联网系统中的综合应用

物联网(IoT)技术正越来越多地被社会所使用。工业、农业和医疗保健是物联网被广泛使用的领域。通过这种方式，安全性成为物联网系统的主要关注点，因为缺乏安全性可能会造成相当大的损害，从限制信息的泄露到生命损失。威胁建模是缓解信息系统中安全威胁的一种众所周知的方法。然而，为了适当地将威胁建模应用于物联网环境，有必要调整建模以考虑影响这些系统安全性的攻击。这项工作提出了一种将威胁建模应用于物联网系统的综合方法。我们对物联网的攻击和对策进行了调查的调查，并将此调查作为传统威胁建模技术(如STRIDE和DREAD)的输入。我们将调整后的方法应用于一个开源智能锁系统，发现了一些可能的攻击。我们将该过程的步骤介绍给为物联网系统执行威胁建模的其他从业者。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 IEEE 8th World Forum on Internet of Things (WF-IoT)

自引率

0.00%

发文量