The security of the Internet of Things (IoT) is an important yet often overlooked subject. Specifically, the publicly available information sources about vulnerabilities affecting the connected devices are unsatisfactory. Our research shows that, while the information is available on the Internet, there is no single service offering data focused on the IoT in existence. The national vulnerability databases contain some IoT related entries, but they lack mechanisms to distinguish them from the remaining vulnerabilities. Moreover, information about many vulnerabilities affecting the IoT world never reaches these databases but can still be found scattered over the Internet. This review summarizes our effort at identifying and evaluating publicly available sources of information about vulnerabilities, focusing on their usefulness in the scope of IoT. The results of our search show that there is not yet a single satisfactory source covering vulnerabilities affecting IoT devices and software available.
Abstract-This paper presents a new concept of an approach to risk assessment which can be done on the basis of publicly available information about vulnerabilities. The presented approach uses also the notion of trust and implements many concepts used in so called trust and reputation management systems (which are widely used in WSN, MANET or P2P networks, but also in ecommerce platforms). The article shows first outcomes obtained from the presented model. The outcomes demonstrate that the model can be implemented in real system to make software management more quantified and objective process, which can have real and beneficial impact on institutional security. In article, however the emphasis was set not on the model itself (which can be easily changed) but on the possibility of finding useful information about vulnerabilities.
Real-time assessment of IT-related risks, performed at the national level, is very important due to the evolving nature of threats that may originate from individual hackers, organized cyber-criminal groups, as well as state activities. Evaluation of risk that is based on technical information, as well as on mutual relationships between various institutions and services, may result in very valuable situational awareness. The paper describes (in general) cyber risk analysis method which will be implemented in Polish National Cybersecurity Platform.
Abstract. Role-based Trust management (RT) languages are used for representing policies and credentials in decentralized, distributed access control systems. RT languages combine trust management and role-based access control features. A credential provides information about the keys, rights and qualifications from one or more trusted authorities. The paper presents a set-theoretic semantics of Role-based Trust management languages, which maps a role to a set of sets of entity names. The semantics applies not only to the basic language of the family RT0, but also to a much more sophisticated RT T , which provides manifold roles and role-product operators to express threshold and separation-of-duty policies. A manifold role defines sets of entities whose cooperation satisfies the manifold role. It enables to express a such a condition, which need more than one member of a role to effectively fulfill the particular task.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.