The Internet of Things (IoT) is deeply changing our society. Daily we use smart devices that automatically collect, aggregate and exchange data about our lives. These data are often pivotal when they are AQ1 used e.g. to train learning algorithms, to control cyber-physical systems, and to guide administrators to take crucial decisions. As a consequence, security attacks on devices can cause severe damages on IoT systems that take care of essential services, such as delivering power, water, transport, and so on. The difficulty of preventing intrusions or attacks is magnified by the big amount of devices and components IoT systems are composed of. Therefore, it is crucial to identify the most critical components in a network of devices and to understand their level of vulnerability, so as to detect where it is better to intervene for improving security. In this paper, we start from the modelling language IoT-LySa and from the results of Control Flow Analysis that statically predict the manipulation of data and their possible trajectories. On this basis, we aim at deriving possible graphs of how data move and which are their dependencies. These graphs can be analysed, by exploiting some security metrics - among which those introduced by Barrere, Hankin et al. - offering system administrators different estimates of the security level of their systems.

Security Metrics at Work on the Things in IoT Systems

Chiara Bodei;Pierpaolo Degano;Gian-Luigi Ferrari;
2020-01-01

Abstract

The Internet of Things (IoT) is deeply changing our society. Daily we use smart devices that automatically collect, aggregate and exchange data about our lives. These data are often pivotal when they are AQ1 used e.g. to train learning algorithms, to control cyber-physical systems, and to guide administrators to take crucial decisions. As a consequence, security attacks on devices can cause severe damages on IoT systems that take care of essential services, such as delivering power, water, transport, and so on. The difficulty of preventing intrusions or attacks is magnified by the big amount of devices and components IoT systems are composed of. Therefore, it is crucial to identify the most critical components in a network of devices and to understand their level of vulnerability, so as to detect where it is better to intervene for improving security. In this paper, we start from the modelling language IoT-LySa and from the results of Control Flow Analysis that statically predict the manipulation of data and their possible trajectories. On this basis, we aim at deriving possible graphs of how data move and which are their dependencies. These graphs can be analysed, by exploiting some security metrics - among which those introduced by Barrere, Hankin et al. - offering system administrators different estimates of the security level of their systems.
2020
978-3-030-41102-2
File in questo prodotto:
File Dimensione Formato  
ChrisMain.pdf

Open Access dal 16/02/2021

Tipologia: Documento in Pre-print
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 745.46 kB
Formato Adobe PDF
745.46 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11568/1031653
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 4
  • ???jsp.display-item.citation.isi??? ND
social impact