TY - JOUR
T1 - A framework for automating security analysis of the internet of things
AU - Ge, Mengmeng
AU - Hong, Jin B.
AU - Guttmann, Walter
AU - Kim, Dong Seong
PY - 2017/4/1
Y1 - 2017/4/1
N2 - The Internet of Things (IoT) is enabling innovative applications in various domains. Due to its heterogeneous and wide-scale structure, it introduces many new security issues. To address this problem, we propose a framework for modeling and assessing the security of the IoT and provide a formal definition of the framework. Generally, the framework consists of five phases: (1) data processing, (2) security model generation, (3) security visualization, (4) security analysis, and (5) model updates. Using the framework, we can find potential attack scenarios in the IoT, analyze the security of the IoT through well-defined security metrics, and assess the effectiveness of different defense strategies. The framework is evaluated via three scenarios, which are the smart home, wearable healthcare monitoring and environment monitoring scenarios. We use the analysis results to show the capabilities of the proposed framework for finding potential attack paths and mitigating the impact of attacks.
AB - The Internet of Things (IoT) is enabling innovative applications in various domains. Due to its heterogeneous and wide-scale structure, it introduces many new security issues. To address this problem, we propose a framework for modeling and assessing the security of the IoT and provide a formal definition of the framework. Generally, the framework consists of five phases: (1) data processing, (2) security model generation, (3) security visualization, (4) security analysis, and (5) model updates. Using the framework, we can find potential attack scenarios in the IoT, analyze the security of the IoT through well-defined security metrics, and assess the effectiveness of different defense strategies. The framework is evaluated via three scenarios, which are the smart home, wearable healthcare monitoring and environment monitoring scenarios. We use the analysis results to show the capabilities of the proposed framework for finding potential attack paths and mitigating the impact of attacks.
KW - Attack graphs
KW - Internet of things
KW - Security analysis
KW - Security modeling
UR - http://www.scopus.com/inward/record.url?scp=85011298738&partnerID=8YFLogxK
U2 - 10.1016/j.jnca.2017.01.033
DO - 10.1016/j.jnca.2017.01.033
M3 - Article
AN - SCOPUS:85011298738
VL - 83
SP - 12
EP - 27
JO - Journal of Network and Computer Applications
JF - Journal of Network and Computer Applications
SN - 1084-8045
ER -