Combining secure system design with risk assessment for IoT healthcare systems

Kammueller, Florian ORCID: https://orcid.org/0000-0001-5839-5488 (2019) Combining secure system design with risk assessment for IoT healthcare systems. Proceedings 2019 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops). In: SPT-IoT'19 - The Third Workshop on Security, Privacy and Trust in the Internet of Things, colocated with IEEE PerCom 2019, 11-15 Mar 2019, Kyoto, Japan. e-ISBN 9781538691519. [Conference or Workshop Item] (doi:10.1109/PERCOMW.2019.8730776)

Preview

PDF - Final accepted version (with author's formatting) Download (545kB) | Preview

Abstract

In this paper, we show how to derive formal spec- ifications of secure IoT systems by a process that uses the risk assessment strategy of attack trees on infrastructure models. The models of the infrastructure are logical models in the Isabelle Infrastructure framework. It comprises actors, policies and a state transition of the dynamic evolution of the system. This logical framework also provides attack trees. The process we propose in this paper incrementally uses those two features to refine a system specification until expected security and privacy properties can be proved. Infrastructures allow modeling logical as well as physical elements which makes them well suited for IoT applications. We illustrate the stepwise application of the proposed process in the Isabelle Insider framework on the case study of an IoT healthcare system.

Actions (login required)

View Item

Statistics

DownloadsShow export options

Export as CSVXMLJSON

Activity Overview

6 month trend

167Downloads

6 month trend

44Hits

Additional statistics are available via IRStats2.