Letting both data producers and data consumers be aware of the levels of security and privacy guaranteed within an IoT-based system represents an important goal to be pursued. In fact, the presence of multiple and heterogeneous data sources, as well as wireless communication standards, increases the risk of violation in IoT scenarios. Besides controlling the behavior of data sources and regulating the access to resources by the interested parties, it is also fundamental to investigate how trustworthy is the platform that manages the provided information and services. To this end, risk assessment techniques can be adopted, with the aim of evaluating the reliability and the robustness towards malicious attacks of the components belonging to the IoT platform. In this paper, a general-purpose methodology for assessing the risk is proposed to be applied to end-to-end systems. More in detail, the proposed approach takes into account both static and dynamic features/components of an IoT system in an objective manner, following the whole data life cycle. Such an aspect represents the main advantage of the presented solution, which is concretely demonstrated within the real prototype implementation of an existing IoT middleware, in order to prove its feasibility.

A risk assessment methodology for the Internet of Things

Sabrina Sicari
;
Alessandra Rizzardi;Alberto Coen-Porisini
2018-01-01

Abstract

Letting both data producers and data consumers be aware of the levels of security and privacy guaranteed within an IoT-based system represents an important goal to be pursued. In fact, the presence of multiple and heterogeneous data sources, as well as wireless communication standards, increases the risk of violation in IoT scenarios. Besides controlling the behavior of data sources and regulating the access to resources by the interested parties, it is also fundamental to investigate how trustworthy is the platform that manages the provided information and services. To this end, risk assessment techniques can be adopted, with the aim of evaluating the reliability and the robustness towards malicious attacks of the components belonging to the IoT platform. In this paper, a general-purpose methodology for assessing the risk is proposed to be applied to end-to-end systems. More in detail, the proposed approach takes into account both static and dynamic features/components of an IoT system in an objective manner, following the whole data life cycle. Such an aspect represents the main advantage of the presented solution, which is concretely demonstrated within the real prototype implementation of an existing IoT middleware, in order to prove its feasibility.
2018
http://www.journals.elsevier.com/computer-communications/
Internet of Things; Risk Assessment; Security; Middleware; Prototype
Sicari, SABRINA SOPHY; Rizzardi, Alessandra; Miorandi, Daniele; COEN PORISINI, Alberto
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11383/2073189
 Attenzione

L'Ateneo sottopone a validazione solo i file PDF allegati

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 36
  • ???jsp.display-item.citation.isi??? 25
social impact