SUCCESS CHIST-ERA: SECURE ACCESSIBILITY FOR THE INTERNET OF THINGS
The Internet of Things (IoT) enables using smart devices, like
smart-watches, smart wristbands, and smartphones, to provide
cost-effective services for humans, for example, for low-cost
monitoring schemes in the health-care sector to provide early diagnosis
of diseases. From a security and privacy perspective, the IoT could be
described as a hopeless case since all prevention aspects of security
(confidentiality, integrity, and availability) are inherently weak and
unwanted tracking and monitoring throws the doors wide open to privacy
attacks. To provide secure IoT solutions, modelling and analysis needs
to be integrated in the planning and validation of application
scenarios and smart-device architectures to address burning security
issues like unintentional or intentional insider attacks. The more so,
we need to look at how to represent humans and the ways they interact
with systems and make security risks understandable for humans and
secure IoT solutions accessible.
SUCCESS: Goals
- To provide logical specification and analysis methods for
organisational security [4]and integrate them with risk and fault tree
analysis [1],
- To extend quantitative attack tree analysis and decentralized
access control for IoT component systems by generalizing security
models to include smart devices [1],
- To design and prototypically implement certification methodology for IoT component frameworks [2],
- To build and test user-aware security of an IoT pilot scenario
from the healthcare sector of a sensor based monitoring architecture
[4] for dementia patients with security critical data and actions.
References
- [1] F. Arnold, H. Hermanns, R. Pulungan, M.I.A. Stoelinga:
Time-Dependent Analysis of Attacks. Principles of Security and Trust
(POST’14), LNCS, pages 285-305, 2014.
- [2] A. Basu, S. Bensalem, M. Bozga, J. Combaz, M. Jaber, T.-H.
Nguyen, and J. Sifakis. Rigorous Component-Based System Design Using
the BIP Framework. IEEE Software, volume 28, No. 3, 2011.
- [3] C. Evans, L. Brodie, J.C. Augusto. Requirements Engineering
for Intelligent Environments. In Proceedings The 10th International
Conference on Intelligent Environments (IE’14), pp. 154-161. Shanghai,
29th of June to 4th of July, 2014. IEEE Press.
- [4] F. Kammueller and C.W. Probst. Modeling and Verification of
Insider Threats Using Logical Analysis. IEEE Systems Journal, 2016.
- [5] SUCCESS: SecUre aCCESSibility for the internet of things. http://www.chistera.eu/projects/success. CHIST-ERA 2016.