Abstract
We propose a security-based modeling language for IoT systems with two important features: (i) vulnerabilities are explicitly represented and (ii) interactions are allowed or denied based on the information stored on the IoT devices. An IoT system is transformed in BIP, a component-based modeling language, in which can execute the system and perform security analysis. As proof-of-concept for our approach we model an attack on the Amazon Smart-Key system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Amazon key. https://www.amazon.com/key. Accessed 22 June 2018
Antonakakis, M., et al.: Understanding the Mirai botnet. In: 26th USENIX Security Symposium (2017)
Basu, A., Bozga, M., Sifakis, J.: Modeling heterogeneous real-time components in BIP. In: 4th SEFM Conference (2006)
Beaulaton, D., et al.: A language for analyzing security of IoT systems. In: 13th SOSE Conference (2018)
Bensalem, S., Bozga, M., Delahaye, B., Jegourel, C., Legay, A., Nouri, A.: Statistical model checking QoS properties of systems with SBIP. In: Margaria, T., Steffen, B. (eds.) ISoLA 2012. LNCS, vol. 7609, pp. 327–341. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34026-0_25
Boyer, B., Corre, K., Legay, A., Sedwards, S.: PLASMA-lab: a flexible, distributable statistical model checking library. In: Joshi, K., Siegle, M., Stoelinga, M., D’Argenio, P.R. (eds.) QEST 2013. LNCS, vol. 8054, pp. 160–164. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40196-1_12
Van Glabbeek, R., Smolka, S., Steffen, B.: Reactive, generative, and stratified models of probabilistic processes. Inf. Comput. 121(1), 59–80 (1995)
Graf, S.: Distributed implementation of constrained systems based on knowledge. In: 13th ISPDC Conference (2014)
Graf, S., Quinton, S.: Knowledge for the distributed implementation of constrained systems. Softw. Syst. Model. 15, 1163–1180 (2013)
Ben Hafaiedh, I., Graf, S., Quinton, S.: Building distributed controllers for systems with priorities. J. Log. Algebr. Program. 80(3), 194–218 (2011)
Milner, R. (ed.): A Calculus of Communicating Systems. LNCS, vol. 92. Springer, Heidelberg (1980). https://doi.org/10.1007/3-540-10235-3
Sifakis, J.: A framework for component-based construction extended abstract. In: 3rd SEFM Conference (2005)
TrapX Security Inc., TrapX LAbs: Anatomy of an attack, medjack (medical device attack). Technical report, May 2015
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Beaulaton, D., Cristescu, I., Legay, A., Quilbeuf, J. (2018). A Modeling Language for Security Threats of IoT Systems. In: Howar, F., Barnat, J. (eds) Formal Methods for Industrial Critical Systems. FMICS 2018. Lecture Notes in Computer Science(), vol 11119. Springer, Cham. https://doi.org/10.1007/978-3-030-00244-2_17
Download citation
DOI: https://doi.org/10.1007/978-3-030-00244-2_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-00243-5
Online ISBN: 978-3-030-00244-2
eBook Packages: Computer ScienceComputer Science (R0)