DefinePK

Abstract

The Internet of Things (IoT) has spurred the interaction of a multitude of smart physical objects with the existing cyber world. These connected “things” leverage heterogeneous protocols, diverse capabilities and complex environmental interdependencies, which have reshaped their risk profiles through introduction of novel threat vectors.  In this paper, we present a formal framework to model and analyze the security risks linked with generic IoT systems. The approach uses existing and widely-accepted Web Ontology Language (OWL) based ontologies, by extending them with IoT-specific concepts and populating them with IoT instances. Risk assessment, quantification and selection of viable mitigation techniques is carried out automatically with the help of rule-based constraints and queries applied over OWL knowledgebase. The practicality and effectiveness of the approach is verified through implementation and evaluation over realistic IoT systems.