More Web Proxy on the site http://driver.im/

research-article

A graph theory based generic risk assessment framework for internet of things (IoT)

Authors:

P. BalamuralidharAuthors Info & Claims

2017 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS)

Pages 1 - 6

https://doi.org/10.1109/ANTS.2017.8384121

Published: 17 December 2017 Publication History

Abstract

Rapid deployment of Internet of Things (IoT) systems around the digital world is posing greater risks in terms of security and privacy. For IoT, risk assessment is complex due to its vast deployment and diversity (in terms of communication protocols, devices, environment, etc.). Thus traditional risk assessment frameworks do not effectively address all the risk assessment needs of IoT and hence there is a need for composing several such risk assessment frameworks. To address these issues, a model-driven risk assessment framework based on graph theory is proposed in this paper. Further, in the existing frameworks, end-to-end attack propagation is not addressed systematically. Hence, using bipartite graph technique, risk assessment through attack propagation is envisaged. The proposed framework is validated through empirical analysis and experiments.

References

[1]

M. Howard and D. LeBlanc, “Writing secure code 2nded,” Microsoft Press, 2003.

[2]

P. Mell, K. Scarfone, and S. Romanosky, “A complete guide to the common vulnerability scoring system version 2.0,” in Published by FIRST-Forum of Incident Response and Security Teams, 2007, pp. 1–23.

[3]

OWASP, “Owasp risk rating methodology,” 2017, [Online; accessed 6-February-2017]. [Online]. Available: https://www.owasp.org/index.php?title=OWASP_Risk_Rating_Methodology&setlang=en.

[4]

M. Alhomidi and M. Reed, “Attack graph-based risk assessment and optimisation approach,” International Journal of Network Security & Its Applications, vol. 6, 2014.

[5]

I. Kotenko and A. Chechulin, “A cyber attack modeling and impact assessment framework,” in Cyber Conflict (CyCon), 2013 5th International Conference on. IEEE, 2013, pp. 1–24.

[6]

R. S. Kim Wuyts and W. Joosen. (2016) Linddun: a privacy threat analysis framework.

[7]

D. Ionita. (2013) Current established risk assessment methodologies and tools. Universiteit Twente.

[8]

Microsoft, “Microsoft: Sdl threat modeling tool,” 2016, online; accessed 7-February-2017. [Online]. Available: https://www.microsoft.com/en-us/sdl/adopt/threatmodeling.aspx.

[9]

P. Saitta, “Trike v.l Methodology Document,” july 2005.

[10]

CORAS, “The coras method,” 2016, online; accessed 7-February-2017. [Online]. Available: http://coras.sourceforge.net/?wb48617274=EEF9FAFA.

[11]

M. Inc., “My app security:secureyourapplication,” 2016, online; accessed 7-February-2017. [Online]. Available: http://myappsecurity.com/?wb48617274=BCD78009.

[12]

J. Bryner, “Seasponge: Quick and easy threat modeling,” 2015, online; accessed 7-February-2017. [Online]. Available: https://blog.mozilla.org/security/2015/04/02/introducing-project-seasponge-quick-and-easy-threat-modeling/.

[13]

P. H. Meland, D. G. Spampinato, E. Hagen, E. T. Baadshaug, K.-M. Krister, and K. S. Velle, “Seamonster: Providing tool support for security modeling,” Norsk informasjonssikkerhetskonferanse, NISK, 2008.

[14]

S. Khaitan and S. Raheja, “Finding optimal attack path using attack graphs: a survey,” International Journal of Soft Computing and Engineering, vol. 1, no. 3, pp. 2231–2307, 2011.

[15]

O. Q. Gao, “Risk assessment for iot: a system evaluation of the smart home and its cybersecurity imperative,” Master's thesis, Massachusetts Institute of Technology. Engineering Systems Division., The address of the publisher, 2016.

[16]

M. Azure, “Internet of things security architecture,” online; accessed 22-May-2017. [Online]. Available: https:/docs.microsoft.com/en-us/azure/iot-suite/iot-security-architecture.

[17]

H. Abie and I. Balasingham, “Risk-based adaptive security for smart iot in ehealth,” in Proceedings of the 7th International Conference on Body Area Networks, ser. BodyNets ‘12. ICST, Brussels, Belgium, Belgium: ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), 2012, pp. 269–275. [Online]. Available: http://dl.acm.org/citation.cfm?id=2442691.2442752.

[18]

C. Liu, Y. Zhang, J. Zeng, L. Peng, and R. Chen, “Research on dynamical security risk assessment for the internet of things inspired by immunology,” in Natural Computation (ICNC), 2012 Eighth International Conference on. IEEE, 2012, pp. 874–878.

[19]

Q. M. Ashraf and M. H. Habaebi, “Autonomic schemes for threat mitigation in internet of things,” Journal of Network and Computer Applications, vol. 49, pp. 112–127, 2015.

Digital Library

[20]

O. Sheyner and J. Wing, “Tools for generating and analyzing attack graphs,” in International Symposium on Formal Methods for Components and Objects. Springer, 2003, pp. 344–371.

[21]

C. Olston, M. Najork et al., “Web crawling,” Foundations and Trends® in Information Retrieval, vol. 4, no. 3, pp. 175–246, 2010.

Digital Library

[22]

O. Henniger, L. Apvrille, A. Fuchs, Y. Roudier, A. Ruddle, and B. Weyl, “Security requirements for automotive on-board networks,” in Intelligent Transport Systems Telecommunications, (ITST), 2009 9th International Conference on. IEEE, 2009, pp. 641–646.

[23]

M. Bastian, S. Heymann, M. Jacomy et al., “Gephi: an open source software for exploring and manipulating networks”. ICWSM, vol. 8, pp. 361–362, 2009.

Cited By

Mbaka W(2023)Towards Unveiling Effects Of Human Factors Within Security Risk AssessmentACM SIGSOFT Software Engineering Notes10.1145/3573074.357309248:1(70-75)Online publication date: 17-Jan-2023
https://dl.acm.org/doi/10.1145/3573074.3573092
Parsons EPanaousis ELoukas G(2020)How Secure is Home: Assessing Human Susceptibility to IoT ThreatsProceedings of the 24th Pan-Hellenic Conference on Informatics10.1145/3437120.3437277(64-71)Online publication date: 20-Nov-2020
https://dl.acm.org/doi/10.1145/3437120.3437277

Index Terms

A graph theory based generic risk assessment framework for internet of things (IoT)

Index terms have been assigned to the content through auto-classification.

Recommendations

A CMMI-Based Automated Risk Assessment Framework
APSEC '14: Proceedings of the 2014 21st Asia-Pacific Software Engineering Conference - Volume 02

Risk assessment is crucial to the increase of software development project success. Current risk assessment approaches provide only a rough guide. Risk assessment experts and domain experts are required in conducting risk assessments in software ...
A Network Security Risk Assessment Framework Based on Game Theory
FGCN '08: Proceedings of the 2008 Second International Conference on Future Generation Communication and Networking - Volume 02

Network security risk assessment depends on the prediction of attacker’s behavioral decision. In computer network attack and defense area, this kind of decision is the optimal judgment for attackers and defenders themselves in consideration of the ...
Risk and the Theory of Security Risk Assessment

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

2017 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS)

Dec 2017

609 pages

Copyright © 2017.

Publisher

IEEE Press

Publication History

Published: 17 December 2017

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Mbaka W(2023)Towards Unveiling Effects Of Human Factors Within Security Risk AssessmentACM SIGSOFT Software Engineering Notes10.1145/3573074.357309248:1(70-75)Online publication date: 17-Jan-2023
https://dl.acm.org/doi/10.1145/3573074.3573092
Parsons EPanaousis ELoukas G(2020)How Secure is Home: Assessing Human Susceptibility to IoT ThreatsProceedings of the 24th Pan-Hellenic Conference on Informatics10.1145/3437120.3437277(64-71)Online publication date: 20-Nov-2020
https://dl.acm.org/doi/10.1145/3437120.3437277

View Options

View options

Figures

Tables

Media

View Table of Conten