TY - GEN
T1 - Detecting dynamic security threats in multi-component IoT systems
AU - Shrestha, Isaac
AU - Hale, Matthew L.
N1 - Publisher Copyright:
© 2019 IEEE Computer Society. All rights reserved.
PY - 2019
Y1 - 2019
N2 - The rising ubiquity of the Internet of Things (IoT) has heralded a new era of increasingly prolific and damaging IoT-centric security threat vectors. Fast-paced market demand for multi-featured IoT products urge companies, and their software engineers, to bring products to market quickly, often at the cost of security. Lack of proper security threat analysis tooling during development, testing, and release cycles exacerbate security concerns. In this paper, we augment a security threat analysis tool to use audit hooks, open-source information capture components, and machine learning techniques to profile dynamic wearable and IoT operations spanning multiple components during execution. Our tool encourages data-drive threat identification and analysis approaches that can help software engineers perform dynamic testing and threat analysis to mitigate code-level vulnerabilities that lead to attacks in IoT applications. Our approach is evaluated by means of a case study involving a system evaluation across several common attack vectors.
AB - The rising ubiquity of the Internet of Things (IoT) has heralded a new era of increasingly prolific and damaging IoT-centric security threat vectors. Fast-paced market demand for multi-featured IoT products urge companies, and their software engineers, to bring products to market quickly, often at the cost of security. Lack of proper security threat analysis tooling during development, testing, and release cycles exacerbate security concerns. In this paper, we augment a security threat analysis tool to use audit hooks, open-source information capture components, and machine learning techniques to profile dynamic wearable and IoT operations spanning multiple components during execution. Our tool encourages data-drive threat identification and analysis approaches that can help software engineers perform dynamic testing and threat analysis to mitigate code-level vulnerabilities that lead to attacks in IoT applications. Our approach is evaluated by means of a case study involving a system evaluation across several common attack vectors.
UR - http://www.scopus.com/inward/record.url?scp=85108279578&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85108279578&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85108279578
T3 - Proceedings of the Annual Hawaii International Conference on System Sciences
SP - 7146
EP - 7155
BT - Proceedings of the 52nd Annual Hawaii International Conference on System Sciences, HICSS 2019
A2 - Bui, Tung X.
PB - IEEE Computer Society
T2 - 52nd Annual Hawaii International Conference on System Sciences, HICSS 2019
Y2 - 8 January 2019 through 11 January 2019
ER -