Towards practical and formal security risk analysis of IoT (Internet of Things) applications
Khan, Muhammad Taimoor ORCID: https://orcid.org/0000-0002-5752-6420 (2022) Towards practical and formal security risk analysis of IoT (Internet of Things) applications. In: 2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA). IEEE Xplore . Institute of Electrical and Electronics Engineers (IEEE), Piscataway, New Jersey, pp. 1-4. ISBN 978-1665499965; 978-1665499972 (doi:10.1109/ETFA52439.2022.9921511)
PDF (Accepted paper (IEEE))
41631_KHAN_Towards_Practical_and_Formal_Security_Risk_Analysis_of_IoT_Internet_of_Things_Applications.pdf - Accepted Version Restricted to Registered users only Download (960kB) | Request a copy |
Abstract
We present the initial results of developing a security risk analyzer for Internet of Things (IoT) applications that analyses both evitable and inevitable yet known and unknown cyber-attacks and as a result produces the adversarial strategies (multi-stages of attack) that can compromise the application. Our risk analyzer is rigorous and qualitative, performing technical analysis, as well as quantitative yet useful, identifying sub-attacks and their quantitative risks. In contrast, conventional security risk analyzers either provide too specific risk assessment or provide a too generic risk assessment of a given application. Such analyzers are typically not practical against constantly changing attacks of the variable extent and complex modern IoT applications. We demonstrate the usability of our methodology through the detection of an example attack model from a real-world incident in real-time.
Item Type: | Conference Proceedings |
---|---|
Title of Proceedings: | 2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA) |
Additional Information: | 2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA), Stuttgart, Germany. 06-09 September 2022 |
Uncontrolled Keywords: | cyber risk; formal analysis; IoT applications |
Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
Faculty / School / Research Centre / Research Group: | Faculty of Engineering & Science Faculty of Engineering & Science > Internet of Things and Security Research Centre (ISEC) Faculty of Engineering & Science > School of Computing & Mathematical Sciences (CMS) |
Last Modified: | 24 Apr 2023 10:17 |
URI: | http://gala.gre.ac.uk/id/eprint/41631 |
Actions (login required)
View Item |
Downloads
Downloads per month over past year