Use this URL to cite or link to this record in EThOS: https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.817949
Title: Apparatus : a design and analysis security framework for IoT systems
Author: Mavropoulos, Orestis
ISNI:       0000 0004 9358 8316
Awarding Body: University of Brighton
Current Institution: University of Brighton
Date of Award: 2019
Availability of Full Text:
Access from EThOS:
Access from Institution:
Abstract:
Internet of Things (IoT) systems are ubiquitous, highly complex and dynamic eventbased systems. These characteristics make their security analysis challenging. One of the most significant concerns about IoT is that it is not secure. Prominent attacks, such as WannaCry and the Mirai botnets, have only stoked these fears and raised questions about the security of IoT. This thesis aims to develop a framework to facilitate design and security analysis in IoT systems. The proposed framework is composed of the following components: (1) a modeling language to represent IoT systems; (2) a modeling methodology to create models; (3) processes to assess the security of the models and (4) propose countermeasures to increase the security of the models. The modeling language provides components to create IoT system models that capture the information needed by a security engineer to design and perform security analysis on an IoT system. The modeling methodology provides instructions as well as restrictions on how models are created using the modeling language. It provides a structured approach to transition models between the engineering phases. Then, automated and semi-automated processes are used to identify existing vulnerabilities and configurations that increase the attack surface in the models. Finally, a report of the countermeasures is generated based on the attributes of the models to mitigate the identified threats and vulnerabilities. To evaluate the framework, it was applied to case studies. Each case study assessed specific aspects of the framework. One case study was performed to assess the processes of eliciting security requirements from the existing hardware architecture of a system. The feedback from the case study was used to refine the modeling language. A case study was performed to evaluate the automated and semi-automated analysis processes that are part of the framework. The processes were measured regarding resources, error rate, and additional information when compared to the same task undertaken by a human engineer. This case study was performed on a real-life infrastructure of a security organization. The organization’s infrastructure was modeled and analyzed using the framework to measure the attack surface of their system and improve its security mechanisms with the use of the analysis processes of the framework. Another case study was performed to model the infrastructure of a smart city. This was made to assess the scalability of the framework when designing and analyzing large-scale systems.
Supervisor: Mouratidis, Haralambos ; Fish, Andrew Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.817949  DOI: Not available
Share: