Modeling and Assessment of IoT Supply Chain Security Risks: The Role of Structural and Parametric Uncertainties
This work addresses supply chain security threats for IoT systems, providing incremental improvements to existing risk modeling techniques.
The paper tackles the problem of modeling supply chain security risks in IoT systems by developing a graph-based framework that accounts for structural and parametric uncertainties, finding through case studies that structural uncertainties pose a greater challenge to model utility.
Supply chain security threats pose new challenges to security risk modeling techniques for complex ICT systems such as the IoT. With established techniques drawn from attack trees and reliability analysis providing needed points of reference, graph-based analysis can provide a framework for considering the role of suppliers in such systems. We present such a framework here while highlighting the need for a component-centered model. Given resource limitations when applying this model to existing systems, we study various classes of uncertainties in model development, including structural uncertainties and uncertainties in the magnitude of estimated event probabilities. Using case studies, we find that structural uncertainties constitute a greater challenge to model utility and as such should receive particular attention. Best practices in the face of these uncertainties are proposed.