Towards an Automated Exploration of Secure IoT/CPS Design-Variants

Lukas Alexander Gressl; Michael Krisper; Christian Steger; Ulrich Neffe

doi:10.1007/978-3-030-54549-9_25

Towards an Automated Exploration of Secure IoT/CPS Design-Variants

Lukas Alexander Gressl, Michael Krisper, Christian Steger, Ulrich Neffe

Institute of Technical Informatics (4480)

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

The advent of the Internet of Things (IoT) and Cyber-Physical Systems (CPS) enabled a new class of connected, smart, and interactive devices. With their continuous connectivity and their access to valuable information in both the digital and physical world, they are highly attractive targets for security attackers. Integrating them into the industry and our daily used devices adds new attack surfaces. These potential threats call for special care of security vulnerabilities during the design of IoT devices and CPS. Due to their resource-constrained nature, designing secure IoT devices and CPS poses a complex task, considering the selectable hardware components and task implementation alternatives. Researchers proposed a range of automatic design tools to support system designers in their task of finding the optimal hardware selection and task implementations. Said tools offer a limited way of modeling attack scenarios for a system under design. The framework proposed in this paper aims at closing this gap, offering system designers a way to consider security attacks and security risks during the early phase of system design. It offers designers the possibility to model security constraints from the view of potential attackers, assessing the probability of successful security attacks and the resulting security risk, alike. We demonstrate the framework’s feasibility and performance by revisiting an industry partner’s potential system design of a future IoT device.

Original language	English
Title of host publication	Computer Safety, Reliability, and Security
Subtitle of host publication	39th International Conference, SAFECOMP 2020, Proceedings
Editors	António Casimiro, Pedro Ferreira, Frank Ortmeier, Friedemann Bitsch
Publisher	Springer
Pages	372-386
Number of pages	15
ISBN (Print)	9783030545482
DOIs	https://doi.org/10.1007/978-3-030-54549-9_25
Publication status	Published - 31 Jul 2020
Event	39th International Conference on Computer Safety, Reliability and Security: SAFECOMP 2020 - Lisbon, Virtual, Portugal Duration: 15 Sept 2020 → 18 Sept 2020

Publication series

Name	Lecture Notes in Computer Science
Volume	12234
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	39th International Conference on Computer Safety, Reliability and Security
Abbreviated title	SAFECOMP 2020
Country/Territory	Portugal
City	Lisbon, Virtual
Period	15/09/20 → 18/09/20
Other	15th Workshop on Dependable Smart Embedded and Cyber-Physical Systems and Systems-of-Systems, DECSoS 2020, 1st International Workshop on Dependable Development-Operation Continuum Methods for Dependable Cyber-Physical Systems, DepDevOps 2020, 1st International Workshop on Underpinnings for Safe Distributed AI, USDAI 2020, and 3rd International Workshop on Artificial Intelligence Safety Engineering, WAISE 2020, held in conjunction with the 39th International Conference on Computer Safety, Reliability and Security, SAFECOMP 2020

Keywords

Cyber security
Embedded system design
Secure CPS
Secure embedded consumer devices
Secure IoT systems

ASJC Scopus subject areas

Computer Science(all)
Hardware and Architecture

Fields of Expertise

Information, Communication & Computing

Treatment code (Nähere Zuordnung)

Application

Access to Document

10.1007/978-3-030-54549-9_25

Cite this

Gressl, L. A., Krisper, M., Steger, C., & Neffe, U. (2020). Towards an Automated Exploration of Secure IoT/CPS Design-Variants. In A. Casimiro, P. Ferreira, F. Ortmeier, & F. Bitsch (Eds.), Computer Safety, Reliability, and Security : 39th International Conference, SAFECOMP 2020, Proceedings (pp. 372-386). (Lecture Notes in Computer Science; Vol. 12234). Springer. https://doi.org/10.1007/978-3-030-54549-9_25

Towards an Automated Exploration of Secure IoT/CPS Design-Variants. / Gressl, Lukas Alexander; Krisper, Michael ; Steger, Christian et al.

Computer Safety, Reliability, and Security : 39th International Conference, SAFECOMP 2020, Proceedings. ed. / António Casimiro; Pedro Ferreira; Frank Ortmeier; Friedemann Bitsch. Springer, 2020. p. 372-386 (Lecture Notes in Computer Science; Vol. 12234).

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Gressl, LA, Krisper, M , Steger, C & Neffe, U 2020, Towards an Automated Exploration of Secure IoT/CPS Design-Variants. in A Casimiro, P Ferreira, F Ortmeier & F Bitsch (eds), Computer Safety, Reliability, and Security : 39th International Conference, SAFECOMP 2020, Proceedings. Lecture Notes in Computer Science, vol. 12234, Springer, pp. 372-386, 39th International Conference on Computer Safety, Reliability and Security, Lisbon, Virtual, Portugal, 15/09/20. https://doi.org/10.1007/978-3-030-54549-9_25

Gressl, Lukas Alexander ; Krisper, Michael ; Steger, Christian et al. / Towards an Automated Exploration of Secure IoT/CPS Design-Variants. Computer Safety, Reliability, and Security : 39th International Conference, SAFECOMP 2020, Proceedings. editor / António Casimiro ; Pedro Ferreira ; Frank Ortmeier ; Friedemann Bitsch. Springer, 2020. pp. 372-386 (Lecture Notes in Computer Science).

@inproceedings{152ef357e32546909fda3d792cea119d,

title = "Towards an Automated Exploration of Secure IoT/CPS Design-Variants",

abstract = "The advent of the Internet of Things (IoT) and Cyber-Physical Systems (CPS) enabled a new class of connected, smart, and interactive devices. With their continuous connectivity and their access to valuable information in both the digital and physical world, they are highly attractive targets for security attackers. Integrating them into the industry and our daily used devices adds new attack surfaces. These potential threats call for special care of security vulnerabilities during the design of IoT devices and CPS. Due to their resource-constrained nature, designing secure IoT devices and CPS poses a complex task, considering the selectable hardware components and task implementation alternatives. Researchers proposed a range of automatic design tools to support system designers in their task of finding the optimal hardware selection and task implementations. Said tools offer a limited way of modeling attack scenarios for a system under design. The framework proposed in this paper aims at closing this gap, offering system designers a way to consider security attacks and security risks during the early phase of system design. It offers designers the possibility to model security constraints from the view of potential attackers, assessing the probability of successful security attacks and the resulting security risk, alike. We demonstrate the framework{\textquoteright}s feasibility and performance by revisiting an industry partner{\textquoteright}s potential system design of a future IoT device.",

keywords = "Cyber security, Embedded system design, Secure CPS, Secure embedded consumer devices, Secure IoT systems",

author = "Gressl, {Lukas Alexander} and Michael Krisper and Christian Steger and Ulrich Neffe",

year = "2020",

month = jul,

day = "31",

doi = "10.1007/978-3-030-54549-9_25",

language = "English",

isbn = "9783030545482",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "372--386",

editor = "Ant{\'o}nio Casimiro and Pedro Ferreira and Frank Ortmeier and Friedemann Bitsch",

booktitle = "Computer Safety, Reliability, and Security",

note = "39th International Conference on Computer Safety, Reliability and Security : SAFECOMP 2020, SAFECOMP 2020 ; Conference date: 15-09-2020 Through 18-09-2020",

}

TY - GEN

T1 - Towards an Automated Exploration of Secure IoT/CPS Design-Variants

AU - Gressl, Lukas Alexander

AU - Krisper, Michael

AU - Steger, Christian

AU - Neffe, Ulrich

PY - 2020/7/31

Y1 - 2020/7/31

N2 - The advent of the Internet of Things (IoT) and Cyber-Physical Systems (CPS) enabled a new class of connected, smart, and interactive devices. With their continuous connectivity and their access to valuable information in both the digital and physical world, they are highly attractive targets for security attackers. Integrating them into the industry and our daily used devices adds new attack surfaces. These potential threats call for special care of security vulnerabilities during the design of IoT devices and CPS. Due to their resource-constrained nature, designing secure IoT devices and CPS poses a complex task, considering the selectable hardware components and task implementation alternatives. Researchers proposed a range of automatic design tools to support system designers in their task of finding the optimal hardware selection and task implementations. Said tools offer a limited way of modeling attack scenarios for a system under design. The framework proposed in this paper aims at closing this gap, offering system designers a way to consider security attacks and security risks during the early phase of system design. It offers designers the possibility to model security constraints from the view of potential attackers, assessing the probability of successful security attacks and the resulting security risk, alike. We demonstrate the framework’s feasibility and performance by revisiting an industry partner’s potential system design of a future IoT device.

AB - The advent of the Internet of Things (IoT) and Cyber-Physical Systems (CPS) enabled a new class of connected, smart, and interactive devices. With their continuous connectivity and their access to valuable information in both the digital and physical world, they are highly attractive targets for security attackers. Integrating them into the industry and our daily used devices adds new attack surfaces. These potential threats call for special care of security vulnerabilities during the design of IoT devices and CPS. Due to their resource-constrained nature, designing secure IoT devices and CPS poses a complex task, considering the selectable hardware components and task implementation alternatives. Researchers proposed a range of automatic design tools to support system designers in their task of finding the optimal hardware selection and task implementations. Said tools offer a limited way of modeling attack scenarios for a system under design. The framework proposed in this paper aims at closing this gap, offering system designers a way to consider security attacks and security risks during the early phase of system design. It offers designers the possibility to model security constraints from the view of potential attackers, assessing the probability of successful security attacks and the resulting security risk, alike. We demonstrate the framework’s feasibility and performance by revisiting an industry partner’s potential system design of a future IoT device.

KW - Cyber security

KW - Embedded system design

KW - Secure CPS

KW - Secure embedded consumer devices

KW - Secure IoT systems

UR - http://www.scopus.com/inward/record.url?scp=85090095990&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-54549-9_25

DO - 10.1007/978-3-030-54549-9_25

M3 - Conference paper

SN - 9783030545482

T3 - Lecture Notes in Computer Science

SP - 372

EP - 386

BT - Computer Safety, Reliability, and Security

A2 - Casimiro, António

A2 - Ferreira, Pedro

A2 - Ortmeier, Frank

A2 - Bitsch, Friedemann

PB - Springer

T2 - 39th International Conference on Computer Safety, Reliability and Security

Y2 - 15 September 2020 through 18 September 2020

ER -

Towards an Automated Exploration of Secure IoT/CPS Design-Variants

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Fields of Expertise

Treatment code (Nähere Zuordnung)

Access to Document

Other files and links

Fingerprint

UB Smart - UWB based Smart Access Platform