A Modeling Language for Security Threats of IoT Systems

  • Delphine Beaulaton
  • Ioana CristescuEmail author
  • Axel Legay
  • Jean Quilbeuf
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11119)


We propose a security-based modeling language for IoT systems with two important features: (i) vulnerabilities are explicitly represented and (ii) interactions are allowed or denied based on the information stored on the IoT devices. An IoT system is transformed in BIP, a component-based modeling language, in which can execute the system and perform security analysis. As proof-of-concept for our approach we model an attack on the Amazon Smart-Key system.


IoT systems Component-based specifications Security 


  1. 1.
    Amazon key. Accessed 22 June 2018
  2. 2.
    Antonakakis, M., et al.: Understanding the Mirai botnet. In: 26th USENIX Security Symposium (2017)Google Scholar
  3. 3.
    Basu, A., Bozga, M., Sifakis, J.: Modeling heterogeneous real-time components in BIP. In: 4th SEFM Conference (2006)Google Scholar
  4. 4.
    Beaulaton, D., et al.: A language for analyzing security of IoT systems. In: 13th SOSE Conference (2018)Google Scholar
  5. 5.
    Bensalem, S., Bozga, M., Delahaye, B., Jegourel, C., Legay, A., Nouri, A.: Statistical model checking QoS properties of systems with SBIP. In: Margaria, T., Steffen, B. (eds.) ISoLA 2012. LNCS, vol. 7609, pp. 327–341. Springer, Heidelberg (2012). Scholar
  6. 6.
    Boyer, B., Corre, K., Legay, A., Sedwards, S.: PLASMA-lab: a flexible, distributable statistical model checking library. In: Joshi, K., Siegle, M., Stoelinga, M., D’Argenio, P.R. (eds.) QEST 2013. LNCS, vol. 8054, pp. 160–164. Springer, Heidelberg (2013). Scholar
  7. 7.
    Van Glabbeek, R., Smolka, S., Steffen, B.: Reactive, generative, and stratified models of probabilistic processes. Inf. Comput. 121(1), 59–80 (1995)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Graf, S.: Distributed implementation of constrained systems based on knowledge. In: 13th ISPDC Conference (2014)Google Scholar
  9. 9.
    Graf, S., Quinton, S.: Knowledge for the distributed implementation of constrained systems. Softw. Syst. Model. 15, 1163–1180 (2013)CrossRefGoogle Scholar
  10. 10.
    Ben Hafaiedh, I., Graf, S., Quinton, S.: Building distributed controllers for systems with priorities. J. Log. Algebr. Program. 80(3), 194–218 (2011)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Milner, R. (ed.): A Calculus of Communicating Systems. LNCS, vol. 92. Springer, Heidelberg (1980). Scholar
  12. 12.
    Sifakis, J.: A framework for component-based construction extended abstract. In: 3rd SEFM Conference (2005)Google Scholar
  13. 13.
    TrapX Security Inc., TrapX LAbs: Anatomy of an attack, medjack (medical device attack). Technical report, May 2015Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Delphine Beaulaton
    • 1
  • Ioana Cristescu
    • 2
    Email author
  • Axel Legay
    • 2
  • Jean Quilbeuf
    • 2
  1. 1.Univ. South Brittany, IrisaVannesFrance
  2. 2.Inria RennesRennesFrance

Personalised recommendations