An Approach to Attack Modeling for the IoT: Creating Attack Trees from System Descriptions
Sequeiros, J.
;
Chimuco, F.
;
Simões, Tiago M. C.
;
Freire, M.
;
Inácio , P. R. M. I.
An Approach to Attack Modeling for the IoT: Creating Attack Trees from System Descriptions, Proc International Conf. on Advanced Information Networking and Applications - AINA, Kitakyushu, Japan, Vol. , pp. - , April, 2024.
Digital Object Identifier:
Download Full text PDF ( 720 KBs)
Abstract
This paper presents an Internet of Things (IoT) architecture and associated attack taxonomy, along with a tool named Attack Trees in IoT (ATIoT), which was designed to generate attack trees from a description of a system.
The tool obtains the description via a series of questions about the IoT system. The proposed IoT architecture was developed with security into consideration, allowing to define security requirements that each component may need to fulfill with more granularity. The associated attack taxonomy provides a comprehensive overview of the different types of attacks that an IoT system may face, categorized from the components of the proposed architecture.
The ATIoT tool leverages this IoT architecture and attack taxonomy to generate attack trees that can be used to identify potential attack vectors and prioritize security controls for an IoT system. The tool asks a series of questions about the IoT system, including its functionalities and characteristics, and generates an attack tree based on the responses.
The tool is designed to be accessible to developers with little to no security expertise, providing a user-friendly interface and automated attack tree generation. Using the tool, developers can gain a better understanding of the security risks associated with their IoT systems and implement appropriate security controls to mitigate those risks.