{"title":"在物联网安全类评估中使用信念和论据建立信心","authors":"Manish Shrestha, Christian Johansen, Josef Noll","doi":"10.1109/FMEC49853.2020.9144957","DOIUrl":null,"url":null,"abstract":"The proliferation of IoT (Internet of Things) though making life easier, comes with security and privacy challenges. We have previously proposed a security classification methodology meant to help in practice build IoT systems focused on security during the development process. This method departs from classical risk analysis and certification methods in two ways: (i) it can be used at design time and (ii) it caters for the needs of system designers by helping them to identify protection mechanisms necessary for the connectivity required by their system under development. However, similarly to many risk analysis methods, this methodology was unable to provide assurance in the evaluation results. In this paper, we add two confidence parameters: belief and uncertainty to the assessment tree of arguments of a class. Thus, the final result is now a tuple , where $C$ is the class to which the system belongs, together with a belief measure $B$ in the evaluation aspects of C, and the uncertainty $U$ in the evaluation details. Looking at the confidence parameters tells how well the security assessment is justified. To exemplify this enhanced security classification methodology, we systematically apply it to control mechanisms for Smart Home Energy Management Systems.","PeriodicalId":110283,"journal":{"name":"2020 Fifth International Conference on Fog and Mobile Edge Computing (FMEC)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Building Confidence using Beliefs and Arguments in Security Class Evaluations for IoT\",\"authors\":\"Manish Shrestha, Christian Johansen, Josef Noll\",\"doi\":\"10.1109/FMEC49853.2020.9144957\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The proliferation of IoT (Internet of Things) though making life easier, comes with security and privacy challenges. We have previously proposed a security classification methodology meant to help in practice build IoT systems focused on security during the development process. This method departs from classical risk analysis and certification methods in two ways: (i) it can be used at design time and (ii) it caters for the needs of system designers by helping them to identify protection mechanisms necessary for the connectivity required by their system under development. However, similarly to many risk analysis methods, this methodology was unable to provide assurance in the evaluation results. In this paper, we add two confidence parameters: belief and uncertainty to the assessment tree of arguments of a class. Thus, the final result is now a tuple , where $C$ is the class to which the system belongs, together with a belief measure $B$ in the evaluation aspects of C, and the uncertainty $U$ in the evaluation details. Looking at the confidence parameters tells how well the security assessment is justified. To exemplify this enhanced security classification methodology, we systematically apply it to control mechanisms for Smart Home Energy Management Systems.\",\"PeriodicalId\":110283,\"journal\":{\"name\":\"2020 Fifth International Conference on Fog and Mobile Edge Computing (FMEC)\",\"volume\":\"36 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-04-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 Fifth International Conference on Fog and Mobile Edge Computing (FMEC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/FMEC49853.2020.9144957\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 Fifth International Conference on Fog and Mobile Edge Computing (FMEC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FMEC49853.2020.9144957","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Building Confidence using Beliefs and Arguments in Security Class Evaluations for IoT
The proliferation of IoT (Internet of Things) though making life easier, comes with security and privacy challenges. We have previously proposed a security classification methodology meant to help in practice build IoT systems focused on security during the development process. This method departs from classical risk analysis and certification methods in two ways: (i) it can be used at design time and (ii) it caters for the needs of system designers by helping them to identify protection mechanisms necessary for the connectivity required by their system under development. However, similarly to many risk analysis methods, this methodology was unable to provide assurance in the evaluation results. In this paper, we add two confidence parameters: belief and uncertainty to the assessment tree of arguments of a class. Thus, the final result is now a tuple , where $C$ is the class to which the system belongs, together with a belief measure $B$ in the evaluation aspects of C, and the uncertainty $U$ in the evaluation details. Looking at the confidence parameters tells how well the security assessment is justified. To exemplify this enhanced security classification methodology, we systematically apply it to control mechanisms for Smart Home Energy Management Systems.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
