A framework for automating security analysis of the internet of things

Mengmeng Ge; Jin B. Hong; Walter Guttmann; Dong Seong Kim

doi:10.1016/j.jnca.2017.01.033

A framework for automating security analysis of the internet of things

Mengmeng Ge, Jin B. Hong, Walter Guttmann, Dong Seong Kim

Research output: Contribution to journal › Article

62 Citations (Scopus)

Abstract

The Internet of Things (IoT) is enabling innovative applications in various domains. Due to its heterogeneous and wide-scale structure, it introduces many new security issues. To address this problem, we propose a framework for modeling and assessing the security of the IoT and provide a formal definition of the framework. Generally, the framework consists of five phases: (1) data processing, (2) security model generation, (3) security visualization, (4) security analysis, and (5) model updates. Using the framework, we can find potential attack scenarios in the IoT, analyze the security of the IoT through well-defined security metrics, and assess the effectiveness of different defense strategies. The framework is evaluated via three scenarios, which are the smart home, wearable healthcare monitoring and environment monitoring scenarios. We use the analysis results to show the capabilities of the proposed framework for finding potential attack paths and mitigating the impact of attacks.

Original language	English
Pages (from-to)	12-27
Number of pages	16
Journal	Journal of Network and Computer Applications
Volume	83
DOIs	https://doi.org/10.1016/j.jnca.2017.01.033
Publication status	Published - 1 Apr 2017
Externally published	Yes

Access to Document

10.1016/j.jnca.2017.01.033

Link to publication in Scopus

Fingerprint Dive into the research topics of 'A framework for automating security analysis of the internet of things'. Together they form a unique fingerprint.

Cite this

Ge, M., Hong, J. B., Guttmann, W., & Kim, D. S. (2017). A framework for automating security analysis of the internet of things. Journal of Network and Computer Applications, 83, 12-27. https://doi.org/10.1016/j.jnca.2017.01.033

@article{e192ddb124a34048962ad6dd82c8ce5b,

title = "A framework for automating security analysis of the internet of things",

abstract = "The Internet of Things (IoT) is enabling innovative applications in various domains. Due to its heterogeneous and wide-scale structure, it introduces many new security issues. To address this problem, we propose a framework for modeling and assessing the security of the IoT and provide a formal definition of the framework. Generally, the framework consists of five phases: (1) data processing, (2) security model generation, (3) security visualization, (4) security analysis, and (5) model updates. Using the framework, we can find potential attack scenarios in the IoT, analyze the security of the IoT through well-defined security metrics, and assess the effectiveness of different defense strategies. The framework is evaluated via three scenarios, which are the smart home, wearable healthcare monitoring and environment monitoring scenarios. We use the analysis results to show the capabilities of the proposed framework for finding potential attack paths and mitigating the impact of attacks.",

keywords = "Attack graphs, Internet of things, Security analysis, Security modeling",

author = "Mengmeng Ge and Hong, {Jin B.} and Walter Guttmann and Kim, {Dong Seong}",

year = "2017",

month = apr,

day = "1",

doi = "10.1016/j.jnca.2017.01.033",

language = "English",

volume = "83",

pages = "12--27",

journal = "Journal of Network and Computer Applications",

issn = "1084-8045",

publisher = "Academic Press",

}

TY - JOUR

T1 - A framework for automating security analysis of the internet of things

AU - Ge, Mengmeng

AU - Hong, Jin B.

AU - Guttmann, Walter

AU - Kim, Dong Seong

PY - 2017/4/1

Y1 - 2017/4/1

N2 - The Internet of Things (IoT) is enabling innovative applications in various domains. Due to its heterogeneous and wide-scale structure, it introduces many new security issues. To address this problem, we propose a framework for modeling and assessing the security of the IoT and provide a formal definition of the framework. Generally, the framework consists of five phases: (1) data processing, (2) security model generation, (3) security visualization, (4) security analysis, and (5) model updates. Using the framework, we can find potential attack scenarios in the IoT, analyze the security of the IoT through well-defined security metrics, and assess the effectiveness of different defense strategies. The framework is evaluated via three scenarios, which are the smart home, wearable healthcare monitoring and environment monitoring scenarios. We use the analysis results to show the capabilities of the proposed framework for finding potential attack paths and mitigating the impact of attacks.

AB - The Internet of Things (IoT) is enabling innovative applications in various domains. Due to its heterogeneous and wide-scale structure, it introduces many new security issues. To address this problem, we propose a framework for modeling and assessing the security of the IoT and provide a formal definition of the framework. Generally, the framework consists of five phases: (1) data processing, (2) security model generation, (3) security visualization, (4) security analysis, and (5) model updates. Using the framework, we can find potential attack scenarios in the IoT, analyze the security of the IoT through well-defined security metrics, and assess the effectiveness of different defense strategies. The framework is evaluated via three scenarios, which are the smart home, wearable healthcare monitoring and environment monitoring scenarios. We use the analysis results to show the capabilities of the proposed framework for finding potential attack paths and mitigating the impact of attacks.

KW - Attack graphs

KW - Internet of things

KW - Security analysis

KW - Security modeling

UR - http://www.scopus.com/inward/record.url?scp=85011298738&partnerID=8YFLogxK

U2 - 10.1016/j.jnca.2017.01.033

DO - 10.1016/j.jnca.2017.01.033

M3 - Article

AN - SCOPUS:85011298738

VL - 83

SP - 12

EP - 27

JO - Journal of Network and Computer Applications

JF - Journal of Network and Computer Applications

SN - 1084-8045

ER -