Skip navigation

Towards practical and formal security risk analysis of IoT (Internet of Things) applications

Towards practical and formal security risk analysis of IoT (Internet of Things) applications

Khan, Muhammad Taimoor ORCID: 0000-0002-5752-6420 (2022) Towards practical and formal security risk analysis of IoT (Internet of Things) applications. In: 2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA). IEEE Xplore . Institute of Electrical and Electronics Engineers (IEEE), Piscataway, New Jersey, pp. 1-4. ISBN 978-1665499965; 978-1665499972 (doi:https://doi.org/10.1109/ETFA52439.2022.9921511)

[img] PDF (Accepted paper (IEEE))
41631_KHAN_Towards_Practical_and_Formal_Security_Risk_Analysis_of_IoT_Internet_of_Things_Applications.pdf - Accepted Version
Restricted to Registered users only

Download (960kB) | Request a copy

Abstract

We present the initial results of developing a security risk analyzer for Internet of Things (IoT) applications that analyses both evitable and inevitable yet known and unknown cyber-attacks and as a result produces the adversarial strategies (multi-stages of attack) that can compromise the application. Our risk analyzer is rigorous and qualitative, performing technical analysis, as well as quantitative yet useful, identifying sub-attacks and their quantitative risks. In contrast, conventional security risk analyzers either provide too specific risk assessment or provide a too generic risk assessment of a given application. Such analyzers are typically not practical against constantly changing attacks of the variable extent and complex modern IoT applications. We demonstrate the usability of our methodology through the detection of an example attack model from a real-world incident in real-time.

Item Type: Conference Proceedings
Title of Proceedings: 2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA)
Additional Information: 2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA), Stuttgart, Germany. 06-09 September 2022
Uncontrolled Keywords: cyber risk; formal analysis; IoT applications
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Faculty / School / Research Centre / Research Group: Faculty of Engineering & Science
Faculty of Engineering & Science > Internet of Things and Security Research Centre (ISEC)
Faculty of Engineering & Science > School of Computing & Mathematical Sciences (CMS)
Last Modified: 24 Apr 2023 10:17
URI: http://gala.gre.ac.uk/id/eprint/41631

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics