Assessing Risks and Modeling Threats in the Internet of Things
2021
Threat modeling and risk assessments are common ways to identify, estimate,
and prioritize risk to national, organizational, and individual operations and
assets. Several threat modeling and risk assessment approaches have been
proposed prior to the advent of the Internet of Things (IoT) that focus on
threats and risks in information technology (IT). Due to shortcomings in these
approaches and the fact that there are significant differences between the IoT
and IT, we synthesize and adapt these approaches to provide a threat modeling
framework that focuses on threats and risks in the IoT. In doing so, we develop
an IoT attack taxonomy that describes the adversarial assets, adversarial
actions, exploitable vulnerabilities, and compromised properties that are
components of any IoT attack. We use this IoT attack taxonomy as the foundation
for designing a joint risk assessment and maturity assessment framework that is
implemented as an interactive online tool. The assessment framework this tool
encodes provides organizations with specific recommendations about where
resources should be devoted to mitigate risk. The usefulness of this IoT
framework is highlighted by case study implementations in the context of
multiple industrial manufacturing companies, and the interactive implementation
of this framework is available at http://iotrisk.andrew.cmu.edu.
Keywords:
- Correction
- Source
- Cite
- Save
- Machine Reading By IdeaReader
23
References
0
Citations
NaN
KQI