CRASHED: Cyber risk assessment for smart home electronic devices

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2025-04-18 DOI:10.1016/j.jisa.2025.104054

Georgios Paparis , Apostolis Zarras , Aristeidis Farao , Christos Xenakis

{"title":"CRASHED: Cyber risk assessment for smart home electronic devices","authors":"Georgios Paparis , Apostolis Zarras , Aristeidis Farao , Christos Xenakis","doi":"10.1016/j.jisa.2025.104054","DOIUrl":null,"url":null,"abstract":"<div><div>The rapid proliferation of Internet of Things (IoT) technology has enriched modern households with smart home devices, enhancing convenience, but simultaneously increasing vulnerability to cyber threats. This paper introduces <em>CRASHED</em>, an innovative cyber risk assessment methodology specifically designed for smart home ecosystems. Compared to existing approaches, <em>CRASHED</em> integrates the MITRE ATT&CK and CAPEC frameworks to systematically identify and analyze threats, vulnerabilities, and potential impacts. By employing device-specific profiling, quantitative metrics, and sophisticated weighting mechanisms, it delivers a multilayered assessment of cyber risks that accounts for asset criticality and threat severity, distinguishing it from conventional methods lacking such granularity. The novelty of <em>CRASHED</em> lies in its comprehensive evaluation of systemic vulnerabilities and domestic repercussions. Case studies on various smart home configurations demonstrate its effectiveness in modeling, analyzing, and mitigating risks compared to existing frameworks. This work represents a significant advancement in safeguarding smart home environments, underscoring the urgent need for specialized cyber risk assessment models in our interconnected era. The proposed methodology not only enhances threat detection and response, but also addresses critical gaps in vulnerability databases and risk calculation processes, offering a transformative solution to the evolving challenges of smart home cybersecurity.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"91 ","pages":"Article 104054"},"PeriodicalIF":3.8000,"publicationDate":"2025-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212625000912","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The rapid proliferation of Internet of Things (IoT) technology has enriched modern households with smart home devices, enhancing convenience, but simultaneously increasing vulnerability to cyber threats. This paper introduces CRASHED, an innovative cyber risk assessment methodology specifically designed for smart home ecosystems. Compared to existing approaches, CRASHED integrates the MITRE ATT&CK and CAPEC frameworks to systematically identify and analyze threats, vulnerabilities, and potential impacts. By employing device-specific profiling, quantitative metrics, and sophisticated weighting mechanisms, it delivers a multilayered assessment of cyber risks that accounts for asset criticality and threat severity, distinguishing it from conventional methods lacking such granularity. The novelty of CRASHED lies in its comprehensive evaluation of systemic vulnerabilities and domestic repercussions. Case studies on various smart home configurations demonstrate its effectiveness in modeling, analyzing, and mitigating risks compared to existing frameworks. This work represents a significant advancement in safeguarding smart home environments, underscoring the urgent need for specialized cyber risk assessment models in our interconnected era. The proposed methodology not only enhances threat detection and response, but also addresses critical gaps in vulnerability databases and risk calculation processes, offering a transformative solution to the evolving challenges of smart home cybersecurity.

查看原文本刊更多论文

crash：智能家居电子设备的网络风险评估

物联网（IoT）技术的快速发展为现代家庭提供了智能家居设备，提高了便利性，但同时也增加了面对网络威胁的脆弱性。本文介绍了crash，一种专门为智能家居生态系统设计的创新网络风险评估方法。与现有方法相比，crash集成了MITRE att&ck和CAPEC框架，以系统地识别和分析威胁、漏洞和潜在影响。通过采用特定于设备的分析、定量指标和复杂的加权机制，它提供了对网络风险的多层评估，考虑了资产的重要性和威胁的严重性，将其与缺乏这种粒度的传统方法区分开来。crash的新颖之处在于它对系统脆弱性和国内影响的全面评估。与现有框架相比，各种智能家居配置的案例研究证明了其在建模、分析和降低风险方面的有效性。这项工作在保护智能家居环境方面取得了重大进展，强调了在我们这个互联时代迫切需要专门的网络风险评估模型。所提出的方法不仅增强了威胁检测和响应，而且还解决了漏洞数据库和风险计算过程中的关键漏洞，为智能家居网络安全不断变化的挑战提供了一种变革性的解决方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.