Abstract
We propose a security-based modeling language for IoT systems with two important features: (i) vulnerabilities are explicitly represented and (ii) interactions are allowed or denied based on the information stored on the IoT devices. An IoT system is transformed in BIP, a component-based modeling language, in which can execute the system and perform security analysis. As proof-of-concept for our approach we model an attack on the Amazon Smart-Key system.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Amazon key. https://www.amazon.com/key. Accessed 22 June 2018
Antonakakis, M., et al.: Understanding the Mirai botnet. In: 26th USENIX Security Symposium (2017)
Basu, A., Bozga, M., Sifakis, J.: Modeling heterogeneous real-time components in BIP. In: 4th SEFM Conference (2006)
Beaulaton, D., et al.: A language for analyzing security of IoT systems. In: 13th SOSE Conference (2018)
Bensalem, S., Bozga, M., Delahaye, B., Jegourel, C., Legay, A., Nouri, A.: Statistical model checking QoS properties of systems with SBIP. In: Margaria, T., Steffen, B. (eds.) ISoLA 2012. LNCS, vol. 7609, pp. 327–341. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34026-0_25
Boyer, B., Corre, K., Legay, A., Sedwards, S.: PLASMA-lab: a flexible, distributable statistical model checking library. In: Joshi, K., Siegle, M., Stoelinga, M., D’Argenio, P.R. (eds.) QEST 2013. LNCS, vol. 8054, pp. 160–164. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40196-1_12
Van Glabbeek, R., Smolka, S., Steffen, B.: Reactive, generative, and stratified models of probabilistic processes. Inf. Comput. 121(1), 59–80 (1995)
Graf, S.: Distributed implementation of constrained systems based on knowledge. In: 13th ISPDC Conference (2014)
Graf, S., Quinton, S.: Knowledge for the distributed implementation of constrained systems. Softw. Syst. Model. 15, 1163–1180 (2013)
Ben Hafaiedh, I., Graf, S., Quinton, S.: Building distributed controllers for systems with priorities. J. Log. Algebr. Program. 80(3), 194–218 (2011)
Milner, R. (ed.): A Calculus of Communicating Systems. LNCS, vol. 92. Springer, Heidelberg (1980). https://doi.org/10.1007/3-540-10235-3
Sifakis, J.: A framework for component-based construction extended abstract. In: 3rd SEFM Conference (2005)
TrapX Security Inc., TrapX LAbs: Anatomy of an attack, medjack (medical device attack). Technical report, May 2015
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Beaulaton, D., Cristescu, I., Legay, A., Quilbeuf, J. (2018). A Modeling Language for Security Threats of IoT Systems. In: Howar, F., Barnat, J. (eds) Formal Methods for Industrial Critical Systems. FMICS 2018. Lecture Notes in Computer Science(), vol 11119. Springer, Cham. https://doi.org/10.1007/978-3-030-00244-2_17
Download citation
DOI: https://doi.org/10.1007/978-3-030-00244-2_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-00243-5
Online ISBN: 978-3-030-00244-2
eBook Packages: Computer ScienceComputer Science (R0)