The IoT security gap: a look down into the valley between threat models and their implementation

被引:0
作者
Peter Aufner
机构
[1] IAIK - Institute for Applied Information Processing and Communications,
来源
International Journal of Information Security | 2020年 / 19卷
关键词
Internet of Things; Threat modeling; STRIDE; CORAS; Privacy; Security; Vulnerabilities;
D O I
暂无
中图分类号
学科分类号
摘要
We claim to have identified gaps between threat modeling frameworks, threat model use in IoT security research and attacks that may be missed by current research. While security research includes sections known as ‘threat models’, these models are not supported by the categorization and standardization that threat modeling frameworks would have to offer. Then again, if existing threat modeling frameworks were used, they would still allow many vulnerabilities to pass through undetected, since they are meant for software-only projects. This work will explain the origins of IoT research, enumerate common threat modeling frameworks and give an insight into the state of IoT security research. In the course of this, it will become clear how these gaps came to be and what research directions would help to close them.
引用
收藏
页码:3 / 14
页数:11
相关论文
共 51 条
  • [1] Hussain S(2014)Threat modelling methodologies: a survey Sci. Int. 26 1607-61
  • [2] Kamal A(2011)A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements Requir. Eng. 16 3-114
  • [3] Ahmad S(2007)Model-based security analysis in seven steps—a guided tour to the CORAS method BT Technol. J. 25 101-26
  • [4] Rasool G(2007)Threat modeling using fuzzy logic paradigm Informing Sci. Int. J. Emerg. Transdiscipl. 4 53-undefined
  • [5] Iqbal S(2016)A comprehensive study of security of Internet-of-Things IEEE Trans. Emerg. Top. Comput. 5 1-undefined
  • [6] Deng M(2009)That ‘internet of things’ thing RFID J. 22 97-undefined
  • [7] Wuyts K(2013)Internet of Things (IoT): a vision, architectural elements, and future directions Future Gener. Comput. Syst. 29 1645-undefined
  • [8] Scandariato R(2009)A survey on Wireless Sensor Network security Comput. Netw. 1 55-undefined
  • [9] Preneel B(2014)A Survey on Internet of Things: Security and Privacy Issues International Journal of Computer Applications 90 20-undefined
  • [10] Joosen W(2016)Secure routing for internet of things: a survey J. Netw. Comput. Appl. 66 198-undefined