Assessing Risks and Modeling Threats in the Internet of Things
This work addresses the need for tailored threat modeling in the IoT domain, which is crucial for organizations to manage risks effectively, though it is incremental as it builds on prior IT methods.
The authors tackled the problem of threat modeling and risk assessment for the Internet of Things (IoT) by synthesizing and adapting existing IT approaches to develop a new IoT-specific framework, resulting in an interactive online tool that provides organizations with specific recommendations for resource allocation to mitigate risks, as demonstrated through case studies in industrial manufacturing.
Threat modeling and risk assessments are common ways to identify, estimate, and prioritize risk to national, organizational, and individual operations and assets. Several threat modeling and risk assessment approaches have been proposed prior to the advent of the Internet of Things (IoT) that focus on threats and risks in information technology (IT). Due to shortcomings in these approaches and the fact that there are significant differences between the IoT and IT, we synthesize and adapt these approaches to provide a threat modeling framework that focuses on threats and risks in the IoT. In doing so, we develop an IoT attack taxonomy that describes the adversarial assets, adversarial actions, exploitable vulnerabilities, and compromised properties that are components of any IoT attack. We use this IoT attack taxonomy as the foundation for designing a joint risk assessment and maturity assessment framework that is implemented as an interactive online tool. The assessment framework this tool encodes provides organizations with specific recommendations about where resources should be devoted to mitigate risk. The usefulness of this IoT framework is highlighted by case study implementations in the context of multiple industrial manufacturing companies, and the interactive implementation of this framework is available at http://iotrisk.andrew.cmu.edu.