Related papers: Towards Threat Modelling of IoT Context-Sharing Platforms

Towards Threat Modelling of IoT Context-Sharing Platforms

URL: http://arxiv.org/abs/2408.12081v1
Date: Thu, 22 Aug 2024 02:41:06 GMT
Title: Towards Threat Modelling of IoT Context-Sharing Platforms
Authors: Mohammad Goudarzi, Arash Shaghaghi, Simon Finn, Burkhard Stiller, Sanjay Jha,
Abstract summary: We propose a framework for threat modelling and security analysis of a generic IoT context-sharing solution. We identify significant security challenges in the design of IoT context-sharing platforms. Our threat modelling provides an in-depth analysis of the techniques and sub-techniques adversaries may use to exploit these systems.
Score: 4.098759138493994
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: The Internet of Things (IoT) involves complex, interconnected systems and devices that depend on context-sharing platforms for interoperability and information exchange. These platforms are, therefore, critical components of real-world IoT deployments, making their security essential to ensure the resilience and reliability of these 'systems of systems'. In this paper, we take the first steps toward systematically and comprehensively addressing the security of IoT context-sharing platforms. We propose a framework for threat modelling and security analysis of a generic IoT context-sharing solution, employing the MITRE ATT&CK framework. Through an evaluation of various industry-funded projects and academic research, we identify significant security challenges in the design of IoT context-sharing platforms. Our threat modelling provides an in-depth analysis of the techniques and sub-techniques adversaries may use to exploit these systems, offering valuable insights for future research aimed at developing resilient solutions. Additionally, we have developed an open-source threat analysis tool that incorporates our detailed threat modelling, which can be used to evaluate and enhance the security of existing context-sharing platforms.

Related papers

Lack of Systematic Approach to Security of IoT Context Sharing Platforms [4.13734678653472]
We report on a lack of systematic approach to the security of IoT context-sharing platforms. We propose the need for a methodological and systematic alternative to evaluate the existing solutions and develop secure-by-design' solutions.
arXiv Detail & Related papers (2024-07-07T07:11:15Z)
Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
We investigate the security implications of and software-based Open Radio Access Network (RAN) systems. We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
arXiv Detail & Related papers (2024-05-03T07:18:45Z)
Socialized Learning: A Survey of the Paradigm Shift for Edge Intelligence in Networked Systems [62.252355444948904]
This paper presents the findings of a literature review on the integration of edge intelligence (EI) and socialized learning (SL) SL is a learning paradigm predicated on social principles and behaviors, aimed at amplifying the collaborative capacity and collective intelligence of agents. We elaborate on three integrated components: socialized architecture, socialized training, and socialized inference, analyzing their strengths and weaknesses.
arXiv Detail & Related papers (2024-04-20T11:07:29Z)
IoT in the Cloud: Exploring Security Challenges and Mitigations for a Connected World [18.36339203254509]
The Internet of Things (IoT) has seen remarkable advancements in recent years, leading to a paradigm shift in the digital landscape. IoT devices, inherently connected to the internet, are susceptible to various forms of attacks. IoT services often handle sensitive user data, which could be exploited by malicious actors or unauthorized service providers.
arXiv Detail & Related papers (2024-02-01T05:55:43Z)
Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS) FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
arXiv Detail & Related papers (2024-01-22T14:16:37Z)
The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge. This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI) We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
arXiv Detail & Related papers (2024-01-03T07:47:22Z)
Trust-based Approaches Towards Enhancing IoT Security: A Systematic Literature Review [3.0969632359049473]
This research paper presents a systematic literature review on the Trust-based cybersecurity security approaches for IoT. We highlighted the common trust-based mitigation techniques in existence for dealing with these threats. Several open issues were highlighted, and future research directions presented.
arXiv Detail & Related papers (2023-11-20T12:21:35Z)
A Survey of the Security Challenges and Requirements for IoT Operating Systems [0.0]
The Internet of Things (IoT) is becoming an integral part of our modern lives as we converge towards a world surrounded by ubiquitous connectivity. The inherent complexity presented by the vast IoT ecosystem ends up in an insufficient understanding of individual system components and their interactions. There is a need for a unifying operating system (OS) that can act as a cornerstone regulating the development of stable and secure solutions.
arXiv Detail & Related papers (2023-10-27T19:19:07Z)
Leveraging Traceability to Integrate Safety Analysis Artifacts into the Software Development Process [51.42800587382228]
Safety assurance cases (SACs) can be challenging to maintain during system evolution. We propose a solution that leverages software traceability to connect relevant system artifacts to safety analysis models. We elicit design rationales for system changes to help safety stakeholders analyze the impact of system changes on safety.
arXiv Detail & Related papers (2023-07-14T16:03:27Z)
Realistic simulation of users for IT systems in cyber ranges [63.20765930558542]
We instrument each machine by means of an external agent to generate user activity. This agent combines both deterministic and deep learning based methods to adapt to different environment. We also propose conditional text generation models to facilitate the creation of conversations and documents.
arXiv Detail & Related papers (2021-11-23T10:53:29Z)
Assessing Risks and Modeling Threats in the Internet of Things [0.0]
We develop an IoT attack taxonomy that describes the adversarial assets, adversarial actions, exploitable vulnerabilities, and compromised properties that are components of any IoT attack. We use this IoT attack taxonomy as the foundation for designing a joint risk assessment and maturity assessment framework. The usefulness of this IoT framework is highlighted by case study implementations in the context of multiple industrial manufacturing companies.
arXiv Detail & Related papers (2021-10-14T23:36:00Z)

This list is automatically generated from the titles and abstracts of the papers in this site.