Options
STRIPED: A Threat Analysis Method for IoT Systems
Publikationstyp
Conference Paper
Publikationsdatum
2022-08
Sprache
English
Institut
Article Number
96
Citation
17th International Conference on Availability, Reliability and Security (ARES 2022)
Contribution to Conference
Publisher DOI
Scopus ID
Currently, IoT systems display a poor level of security, as 50% of IoT devices are vulnerable to severe attacks, according to research. In an attempt to ameliorate the situation, we propose STRIPED, a threat analysis technique that focuses particularly on threat scenarios involving IoT devices that can be physically accessed by attackers. We evaluate STRIPED in a two-pronged way. First, we assess its performance compared to STRIDE (from which STRIPED is derived) in the context of a case study from the manufacturing industry. Second, we gather the feedback of 8 security experts working in a large, multinational company that specializes in secure IoT products for the domains of automotive, industrial, mobile and smart-home applications. These initial evaluation attempts provide encouraging evidence and suggest our method is a step in the right direction of facilitating security-by-design in IoT systems, especially industrial ones.
Schlagworte
IIoT
IoT
physical threats
security
STRIDE
threat analysis