Abstract
Security in the Internet of Things (IoT) systems is an important topic. In this paper we propose an initial comprehensive reference model to management security risks to the information and data assets managed and controlled in the IoT systems. Based on the domain model for the information systems security risk management, we explore how the vulnerabilities and their countermeasures defined in the open Web application security project could be considered in the IoT context. To illustrate applicability of the reference model we analyse how reported IoT security risks could be considered.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
“Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks. Typically, fuzzers are used to test programs that take structured inputs.” https://en.wikipedia.org/wiki/Fuzzing.
- 2.
“Secure Boot is a technology where the system firmware checks that the system boot loader is signed with a cryptographic key authorised by a database contained in the firmware” https://docs-old.fedoraproject.org/.
References
Abomhara, M., Koien.: Security and privacy in the Internet of Things: current status and open issues. In: International Conference on Privacy and Security in Mobile Systems (PRISMS). IEEE (2014)
Alabaa, F.A., Othma, M., Abaker, I., Hashem, I.A.T., Alotaibib, F.: Internet of Things security: a survey. J. Network Comput. Appl. 88(15), 10–28 (2017)
Ammar, M., Russello, G., Crispo, B.: Internet of Things: a survey on the security of IoT frameworks. J. Inf. Secur. Appl. 38, 8–27 (2018)
Banerjee, M., Lee, J., Choo, K.-K.R.: A blockchain future to Internet of Things security: a position paper. Digit. Commun. Networks (2018). https://doi.org/10.1016/j.dcan.2017.10.006
Bauer, M., Bui, N., De Loof, J., Magerkurth, C., Nettstrater, A., Stefa, J., Walewski, J.W.: Enabling Things to Talk. Springer, Heidelberg (2013)
Dubois, É., Heymans, P., Mayer, N., Matulevičius, R.: A systematic approach to define the domain of information system security risk management. In: Nurcan, S., Salinesi, C., Souveyet, C., Ralyté, J. (eds.) Intentional Perspectives on Information Systems Engineering, pp. 289–306. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12544-7_16
Greenberg, A.: Hackers Remotely Kill a Jeep on the Highway - with me in it (2015). https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
GSMA Connected Living. Understanding the Internet of Things (IoT) (2014)
Hellaoui, H., Koudil, M., Bouabdallah, A.: Energy-efficient mechanisms in security of the internet of things: a survey. Comput. Netw. 127, 173–189 (2017)
Khandelwal, S.: Two Romanians Charged with Hacking Police CCTV Cameras Before Trump Inauguration (2017). https://thehackernews.com/2017/12/police-camera-hacking.html
Li, H., Zhou, X.: Study on security architecture for Internet of Things. In: Zeng, D. (ed.) ICAIC 2011. CCIS, vol. 224, pp. 404–411. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23214-5_53
Mathews, L.: Hackers Use DDoS Attack To Cut Heat To Apartments (2016). https://www.forbes.com/sites/leemathews/2016/11/07/ddos-attack-leaves-finnish-apartments-without-heat/
Matulevicius, R.: Fundamentals of Secure System Modelling. Springer International Publishing, Switzerland (2017). https://doi.org/10.1007/978-3-319-61717-6
OWASP. Welcome to OWASP. https://www.owasp.org/index.php/
Carolina. Goodbye Spy Toy: Germany Bans My Friend Cayla Doll (2017). https://www.hackread.com/good-bye-spying-toy-germany-bans-my-friend-cayla-doll/
The Guardian. DDoS attack that disrupted internet was largest of its kind in history, experts say (2016). https://www.theguardian.com/technology/2016/oct/26/ddos-attack-dyn-mirai-botnet
Weagle, S.: IoT-Driven Botnet Attacks US University. https://www.corero.com/blog/798-iot-driven-botnet-attacks-us-university.html
Yang, X., Li, Z., Geng, Z., Zhang, H.: A multi-layer security model for internet of things. In: Wang, Y., Zhang, X. (eds.) IOT 2012. CCIS, vol. 312, pp. 388–393. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32427-7_54
Acknowledgement
This research has been supported by the Estonian Research Council (grant IUT20-55).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Shapaval, R., Matulevičius, R. (2018). Towards the Reference Model for Security Risk Management in Internet of Things. In: Lupeikiene, A., Vasilecas, O., Dzemyda, G. (eds) Databases and Information Systems. DB&IS 2018. Communications in Computer and Information Science, vol 838. Springer, Cham. https://doi.org/10.1007/978-3-319-97571-9_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-97571-9_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-97570-2
Online ISBN: 978-3-319-97571-9
eBook Packages: Computer ScienceComputer Science (R0)