Verifying the Application of Security Measures in IoT Software Systems with Model Learning

“…1. Integration of MLCA with some audit stages (in grey) [29] MLCA aims at assisting auditors to verify whether security properties hold on IoT systems with the automatic generation of behavioural models from event logs and with the generation of concrete security properties. Our approach can complement several existing security audit processes, e.g., the NIST or ETSI security audit frameworks.…”

“…This section details the MLCA's steps 2 to 5. More details of the model learning step are available in [30,29]. Before describing these steps, we provide some definitions and notations to be used throughout the remainder of the paper.…”

“…Despite the strong benefits brought by these approaches, the efforts required for understanding how an IoT system under audit (SUA) is structured and behaves or for generating security tests is yet tremendous. These observations motivated us to present in [29] an approach called MLCA combining model learning and model checking to assist auditors in the understanding of SUA by means of models, and in the verification of security properties on these models:…”

“…Contributions: this paper presents an extension of the MLCA algorithms given in [29], which mainly aims at improving both effectiveness and performance. We indeed showed that MLCA requires a manual inspection of the generated models to detect inconsistencies.…”

“…This paper also provides an empirical evaluation, which investigates the sensitivity (ratio of true positives) and specificity (ratio of true negatives) of MLCA and its performance in terms of execution times. We also compare the MLCA of [29] with this new version. This empirical evaluation was carried out on event logs collected from 5 IoT systems.…”

MLCA: A Model-Learning-Checking Approach for IoT Systems

“…1. Integration of MLCA with some audit stages (in grey) [29] MLCA aims at assisting auditors to verify whether security properties hold on IoT systems with the automatic generation of behavioural models from event logs and with the generation of concrete security properties. Our approach can complement several existing security audit processes, e.g., the NIST or ETSI security audit frameworks.…”

“…This section details the MLCA's steps 2 to 5. More details of the model learning step are available in [30,29]. Before describing these steps, we provide some definitions and notations to be used throughout the remainder of the paper.…”

“…Despite the strong benefits brought by these approaches, the efforts required for understanding how an IoT system under audit (SUA) is structured and behaves or for generating security tests is yet tremendous. These observations motivated us to present in [29] an approach called MLCA combining model learning and model checking to assist auditors in the understanding of SUA by means of models, and in the verification of security properties on these models:…”

“…Contributions: this paper presents an extension of the MLCA algorithms given in [29], which mainly aims at improving both effectiveness and performance. We indeed showed that MLCA requires a manual inspection of the generated models to detect inconsistencies.…”

“…This paper also provides an empirical evaluation, which investigates the sensitivity (ratio of true positives) and specificity (ratio of true negatives) of MLCA and its performance in terms of execution times. We also compare the MLCA of [29] with this new version. This empirical evaluation was carried out on event logs collected from 5 IoT systems.…”

MLCA: A Model-Learning-Checking Approach for IoT Systems

Learning of behavioural models and dependency graphs for communicating systems with CkTailv2

A Systematic Review of Cybersecurity Audit Frameworks for the Internet of Things