Sigrid Marita Kvamme, Espen Gudmundsen, Tosin Daniel Oyetoyan, D. Cruzes
{"title":"Data Protection Fortification: An Agile Approach for Threat Analysis of IoT Data","authors":"Sigrid Marita Kvamme, Espen Gudmundsen, Tosin Daniel Oyetoyan, D. Cruzes","doi":"10.1145/3567445.3569164","DOIUrl":null,"url":null,"abstract":"Data from Internet of Things (IoT) devices has become a critical asset for decision-making. However, IoT devices have security challenges due to their low-resource constraints, heterogeneity, and deployment in hostile environments. Systems consuming IoT data must thus be designed with security measures to detect and prevent data tampering attacks. We develop a data-centric threat modeling method named Data Protection Fortification (DPF) that practitioners can use during planning to assess and mitigate the security risk of using IoT data sources. We use design science to develop and validate DPF on 5 development teams from 3 organizations. Results show that DPF can be used to identify and improve security practices of data sources. Practitioners have a positive attitude towards using DPF and because it is easily understood, it has the potential to become a communication tool for security between developers and stakeholders.","PeriodicalId":152960,"journal":{"name":"Proceedings of the 12th International Conference on the Internet of Things","volume":"94 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 12th International Conference on the Internet of Things","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3567445.3569164","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Data from Internet of Things (IoT) devices has become a critical asset for decision-making. However, IoT devices have security challenges due to their low-resource constraints, heterogeneity, and deployment in hostile environments. Systems consuming IoT data must thus be designed with security measures to detect and prevent data tampering attacks. We develop a data-centric threat modeling method named Data Protection Fortification (DPF) that practitioners can use during planning to assess and mitigate the security risk of using IoT data sources. We use design science to develop and validate DPF on 5 development teams from 3 organizations. Results show that DPF can be used to identify and improve security practices of data sources. Practitioners have a positive attitude towards using DPF and because it is easily understood, it has the potential to become a communication tool for security between developers and stakeholders.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
