IoTRiskAnalyzer : A Probabilistic Model Checking Based Framework for Formal Risk Analytics of the Internet of Things
The Internet of Things (IoT) is being deployed for a plethora of use-case scenarios. In any deployment, a number of conguration choices are available that achieve the mission goal. However, IoT security incidents have demonstrated that different congurations are vulnerable to varied risk levels. We propose the IoTRiskAnalyzer framework to formally and quantitatively analyze these risks using probabilistic model checking. IoTRiskAnalyzer takes vulnerability scores, candidate IoT congurations, and attacker's capabilities as inputs. It then generates the system and threat models to compute attack likelihood and attacker cost for each conguration. Evaluation indicates that IoTRiskAnalyzer is efcient and automatically prioritizes the input congurations on the basis of risk exposure
IoT risk analytic, formal risk modeling, probabilistic model checking, Markov decision process, threat assessment, secure conguration planning, PRISM model checker.