An ISO-Compliant Test Procedure for Technical Risk Analyses of IoT Systems Based on STRIDE

Danielis, Peter; Beckmann, Moritz; Skodzik, Jan

doi:10.1109/compsac48688.2020.0-203

Cited by 11 publications

(16 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Modelling approaches as a foundation for threat analyses, specifically also in IIoT contexts, vary, while the most common approach is to model the system as a data flow diagram (DFD) [13][14][15][16][17][18][19]. DFDs are based on the stages of digital data and model datain-use as processes, data-at-rest as data stores and data-in-transit as data flows.…”

Section: System Modellingmentioning

confidence: 99%

“…STRIDE is the most common methodology for threat analyses, but due to its genesis in software security at Microsoft, suffers from shortcomings regarding use cases which increasingly differ from classical OS and software security [22]. However, STRIDE is used as a basis for threat analyses in the IIoT domain [14][15][16][17][18][19]. STRIDE provides six classes of common threats which facilitate the brainstorming process.…”

Section: Threat Analysismentioning

confidence: 99%

See 1 more Smart Citation

Development Process for Information Security Concepts in IIoT-Based Manufacturing

Koch

Eggers

Schüppstuhl

2022

Lecture Notes in Mechanical Engineering

View full text Add to dashboard Cite

Digital technologies are increasingly utilized by manufacturers to make processes more transparent, efficient and networked. Novel utilization elicits the challenge of preventing deployed information technology from compromising processual security. The digital enabling of formerly analog operation technology, the extensive use of information technology connectivity like MQTT, TCP/IP, Wi-Fi, and the deployment of IoT edge computing platforms create an application scenario for the Industrial Internet of Things (IIoT), which also introduces the associated vulnerabilities, which have been extensively exploited in the past. This paper introduces a development process for information security concepts designed for production scenarios based on the IIoT. This concept is then applied using an illustrative use case from aircraft production. The main contents of the development process include: Formulation of reasonable assumptions, system modelling, threat analysis including risk assessment, recommendation of countermeasures, reassessment after incorporating countermeasures. Specifically, a Data Flow Diagram as the model is developed, and a “risk first” variation of the STRIDE methodology is applied to identify threats and prioritize them. The aforementioned state-of-the-art methodologies are adjusted to our cyber-physical use case in the IIoT. The resulting concept aims to enable manufacturing processes to be digitized as sought. The adjustments to the methodologies are independent from our use case and may be suitable to a broad field of scenarios in the IIoT.

show abstract

Section: System Modellingmentioning

confidence: 99%

Section: Threat Analysismentioning

confidence: 99%

Development Process for Information Security Concepts in IIoT-Based Manufacturing

Koch

Eggers

Schüppstuhl

2022

Lecture Notes in Mechanical Engineering

View full text Add to dashboard Cite

show abstract

“…i. ISO/IEC 27005: This standard provides guidelines for information security risk management. It can be applied to assess and manage risks associated with IoT deployments, helping organizations identify and mitigate potential threats ( Danielis et al, 2020 ).…”

Section: Risk Methodologies and Standards For Iotmentioning

confidence: 99%

Exploring security threats and solutions Techniques for Internet of Things (IoT): from vulnerabilities to vigilance

Sahu,

Mazumdar

2024

Front. Artif. Intell.

View full text Add to dashboard Cite

The rapid proliferation of Internet of Things (IoT) devices across various industries has revolutionized the way we interact with technology. However, this widespread adoption has also brought about significant security challenges that must be addressed to ensure the integrity and confidentiality of data transmitted and processed by IoT systems. This survey paper delves into the diverse array of security threats faced by IoT devices and networks, ranging from data breaches and unauthorized access to physical tampering and denial-of-service attacks. By examining the vulnerabilities inherent in IoT ecosystems, we highlight the importance of implementing robust security measures to safeguard sensitive information and ensure the reliable operation of connected devices. Furthermore, we explore cutting-edge technologies such as blockchain, edge computing, and machine learning as potential solutions to enhance the security posture of IoT deployments. Through a comprehensive analysis of existing security frameworks and best practices, this paper aims to provide valuable insights for researchers, practitioners, and policymakers seeking to fortify the resilience of IoT systems in an increasingly interconnected world.

show abstract

“…Seeam et al [70] consider this concept by evaluating various IoT domains and proposing the types of assets that may exist in an environment, as well as the fundamental security goals that threats could circumvent. Meanwhile, Danielis et al [49] use ISO/IEC 2700 to analyse IoT risk, using primary and supporting assets that are inputted within a dedicated worksheet with the various related attributes. In the work of Anisetti et al [45], an asset assessment phase is used to identify all assets for an organisation, with these assets holding value and nonfunctional properties.…”

Section: Identification Of Iot Assetsmentioning

confidence: 99%

“…Insight 1: For RQ1, asset classification needs to be dynamic, fitting various standards and prioritising valuable assets, with the ability to be updated when required. The issue with current methods is that specific critical assets may be overlooked, thus being forgotten in the risk management process, with such classifications like tangible/intangible assets [74], primary/supporting assets [49], functional/nonfunctional asset properties [45] not being IoT specific. This poses the question of how IoT assets should be broken down, for example, a device being of more than one asset due to sensor hardware and how device capabilities can be factored in.…”

Section: Identification Of Iot Assetsmentioning

confidence: 99%

A Survey on Cyber Risk Management for the Internet of Things

et al. 2023

View full text Add to dashboard Cite

The Internet of Things (IoT) continues to grow at a rapid pace, becoming integrated into the daily operations of individuals and organisations. IoT systems automate crucial services within daily life that users may rely on, which makes the assurance of security towards entities such as devices and information even more significant. In this paper, we present a comprehensive survey of papers that model cyber risk management processes within the context of IoT, and provide recommendations for further work. Using 39 collected papers, we studied IoT cyber risk management frameworks against four research questions that delve into cyber risk management concepts and human-orientated vulnerabilities. The importance of this work being human-driven is to better understand how individuals can affect risk and the ways that humans can be impacted by attacks within different IoT domains. Through the analysis, we identified open areas for future research and ideas that researchers should consider.

show abstract

An ISO-Compliant Test Procedure for Technical Risk Analyses of IoT Systems Based on STRIDE

Cited by 11 publications

References 2 publications

Development Process for Information Security Concepts in IIoT-Based Manufacturing

Development Process for Information Security Concepts in IIoT-Based Manufacturing

Exploring security threats and solutions Techniques for Internet of Things (IoT): from vulnerabilities to vigilance

A Survey on Cyber Risk Management for the Internet of Things

Contact Info

Product

Resources

About