Skip to Main content Skip to Navigation
Book sections

IoT Security threats and risk analysis

Abstract : The increasing use of Industrial IOT (IIOT) solutions has led to an equal increase in the security risks associated with the connecteddevices. Security requirements engineering (SRE) aims at reducing these risks by implementing security-by-design principles. To mitigate thesecurity risks in the industrial communication networks, the standard ISA/IEC 62443-1-1 recommends the defense-in-depth design strategy for asecure segmentation of industrial assets into security zones and conduits. Security zones associated with different trust levels signal the criticalityof the assets within. However, the current SRE methodologies lack any support to security zoning, thus they are incapable to reduce the securityrisks, especially in relation to IIOT.To fill this gap, we develop a layered SRE methodology in line with the SABSA framework. Starting with the business view, each successivelayer brings a new level of abstraction to the design and implementation of a secure network. We use STS (Socio Technical Systems) SREmethodology for the, first two layers, the business view and the architect’s view. As STS is less suitable for risk analysis, we propose Anti-STS,a new multi anti-agent threat model, which characterizes the social dependency between the attacking agents in a network environment. For thethird layer the designer’s view, we propose an Answer Set Programming (ASP) tool to obtain zoning solutions underpinned by dataflow and mediaintegrity.Our use case scenario includes an aircraft domain comprising of the system agents (applications), and an airport domain comprising of theenvironment agents (staff). Our layered methodology aims to group agents in security zones controlled within domains and to derive the relevantnetwork security requirements. It also brings in the perspectives of different stakeholders, who are vital in driving business objectives forward.
Document type :
Book sections
Complete list of metadata

https://hal.archives-ouvertes.fr/hal-03417339
Contributor : Afonso Ferreira Connect in order to contact the contributor
Submitted on : Friday, November 5, 2021 - 4:56:51 PM
Last modification on : Monday, July 4, 2022 - 8:49:50 AM

Identifiers

  • HAL Id : hal-03417339, version 1

Citation

Abdelmalek Benzekri, Romain Laborde, Arnaud Oglaza, François Barrère, Sravani Teja Bulusu, et al.. IoT Security threats and risk analysis. Handbook of Internet of Things, Springer, In press. ⟨hal-03417339⟩

Share

Metrics

Record views

63