Srikumar, KamakshiKamakshiSrikumarKashish, KomalKomalKashishEggers, KoljaKoljaEggersDíaz Ferreyra, NicolásNicolásDíaz FerreyraKoch, JulianJulianKochSchüppstuhl, ThorstenThorstenSchüppstuhlScandariato, RiccardoRiccardoScandariato2022-09-092022-09-092022-0817th International Conference on Availability, Reliability and Security (ARES 2022)http://hdl.handle.net/11420/13577Currently, IoT systems display a poor level of security, as 50% of IoT devices are vulnerable to severe attacks, according to research. In an attempt to ameliorate the situation, we propose STRIPED, a threat analysis technique that focuses particularly on threat scenarios involving IoT devices that can be physically accessed by attackers. We evaluate STRIPED in a two-pronged way. First, we assess its performance compared to STRIDE (from which STRIPED is derived) in the context of a case study from the manufacturing industry. Second, we gather the feedback of 8 security experts working in a large, multinational company that specializes in secure IoT products for the domains of automotive, industrial, mobile and smart-home applications. These initial evaluation attempts provide encouraging evidence and suggest our method is a step in the right direction of facilitating security-by-design in IoT systems, especially industrial ones.enIIoTIoTphysical threatssecuritySTRIDEthreat analysisConference Paper10.1145/3538969.3538970Conference Paper