<italic>IoTRiskAnalyzer</italic>: A Probabilistic Model Checking Based Framework for Formal Risk Analytics of the Internet of Things
The Internet of Things (IoT) is being deployed for a plethora of use-case scenarios. In any deployment, a number of configuration choices are available that achieve the mission goal. However, IoT security incidents have demonstrated that different configurations are vulnerable to varied risk levels....
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2017-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/7906503/ |
| _version_ | 1818331675750301696 |
|---|---|
| author | Mujahid Mohsin Muhammad Usama Sardar Osman Hasan Zahid Anwar |
| author_facet | Mujahid Mohsin Muhammad Usama Sardar Osman Hasan Zahid Anwar |
| author_sort | Mujahid Mohsin |
| collection | DOAJ |
| description | The Internet of Things (IoT) is being deployed for a plethora of use-case scenarios. In any deployment, a number of configuration choices are available that achieve the mission goal. However, IoT security incidents have demonstrated that different configurations are vulnerable to varied risk levels. We propose the IoTRiskAnalyzer framework to formally and quantitatively analyze these risks using probabilistic model checking. IoTRiskAnalyzer takes vulnerability scores, candidate IoT configurations, and attacker's capabilities as inputs. It then generates the system and threat models to compute attack likelihood and attacker cost for each configuration. Evaluation indicates that IoTRiskAnalyzer is efficient and automatically prioritizes the input configurations on the basis of risk exposure. |
| first_indexed | 2024-12-13T13:23:37Z |
| format | Article |
| id | doaj.art-14fdd56ba870438981b839115d37c722 |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-12-13T13:23:37Z |
| publishDate | 2017-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-14fdd56ba870438981b839115d37c7222022-12-21T23:44:21ZengIEEEIEEE Access2169-35362017-01-0155494550510.1109/ACCESS.2017.26960317906503<italic>IoTRiskAnalyzer</italic>: A Probabilistic Model Checking Based Framework for Formal Risk Analytics of the Internet of ThingsMujahid Mohsin0https://orcid.org/0000-0002-6717-385XMuhammad Usama Sardar1Osman Hasan2https://orcid.org/0000-0003-2562-2669Zahid Anwar3School of Electrical Engineering and Computer Science, National University of Sciences and Technology, Islamabad, PakistanSchool of Electrical Engineering and Computer Science, National University of Sciences and Technology, Islamabad, PakistanSchool of Electrical Engineering and Computer Science, National University of Sciences and Technology, Islamabad, PakistanSchool of Electrical Engineering and Computer Science, National University of Sciences and Technology, Islamabad, PakistanThe Internet of Things (IoT) is being deployed for a plethora of use-case scenarios. In any deployment, a number of configuration choices are available that achieve the mission goal. However, IoT security incidents have demonstrated that different configurations are vulnerable to varied risk levels. We propose the IoTRiskAnalyzer framework to formally and quantitatively analyze these risks using probabilistic model checking. IoTRiskAnalyzer takes vulnerability scores, candidate IoT configurations, and attacker's capabilities as inputs. It then generates the system and threat models to compute attack likelihood and attacker cost for each configuration. Evaluation indicates that IoTRiskAnalyzer is efficient and automatically prioritizes the input configurations on the basis of risk exposure.https://ieeexplore.ieee.org/document/7906503/IoT risk analyticformal risk modelingprobabilistic model checkingMarkov decision processthreat assessmentsecure configuration planning |
| spellingShingle | Mujahid Mohsin Muhammad Usama Sardar Osman Hasan Zahid Anwar <italic>IoTRiskAnalyzer</italic>: A Probabilistic Model Checking Based Framework for Formal Risk Analytics of the Internet of Things IEEE Access IoT risk analytic formal risk modeling probabilistic model checking Markov decision process threat assessment secure configuration planning |
| title | <italic>IoTRiskAnalyzer</italic>: A Probabilistic Model Checking Based Framework for Formal Risk Analytics of the Internet of Things |
| title_full | <italic>IoTRiskAnalyzer</italic>: A Probabilistic Model Checking Based Framework for Formal Risk Analytics of the Internet of Things |
| title_fullStr | <italic>IoTRiskAnalyzer</italic>: A Probabilistic Model Checking Based Framework for Formal Risk Analytics of the Internet of Things |
| title_full_unstemmed | <italic>IoTRiskAnalyzer</italic>: A Probabilistic Model Checking Based Framework for Formal Risk Analytics of the Internet of Things |
| title_short | <italic>IoTRiskAnalyzer</italic>: A Probabilistic Model Checking Based Framework for Formal Risk Analytics of the Internet of Things |
| title_sort | italic iotriskanalyzer italic a probabilistic model checking based framework for formal risk analytics of the internet of things |
| topic | IoT risk analytic formal risk modeling probabilistic model checking Markov decision process threat assessment secure configuration planning |
| url | https://ieeexplore.ieee.org/document/7906503/ |
| work_keys_str_mv | AT mujahidmohsin italiciotriskanalyzeritalicaprobabilisticmodelcheckingbasedframeworkforformalriskanalyticsoftheinternetofthings AT muhammadusamasardar italiciotriskanalyzeritalicaprobabilisticmodelcheckingbasedframeworkforformalriskanalyticsoftheinternetofthings AT osmanhasan italiciotriskanalyzeritalicaprobabilisticmodelcheckingbasedframeworkforformalriskanalyticsoftheinternetofthings AT zahidanwar italiciotriskanalyzeritalicaprobabilisticmodelcheckingbasedframeworkforformalriskanalyticsoftheinternetofthings |