IoT Risk Analyzer: A Probabilistic Model Checking Based Framework for Formal Risk Analytics of the Internet of Things
The Internet of Things (IoT) is being deployed for a plethora of use-case scenarios. In any deployment, a number of configuration choices are available that achieve the mission goal. However, IoT security incidents have demonstrated that different configurations are vulnerable to varied risk levels. We propose the IoTRiskAnalyzer framework to formally and quantitatively analyze these risks using probabilistic model checking. IoTRiskAnalyzer takes vulnerability scores, candidate IoT configurations, and attackerā??s capabilities as inputs. It then generates the system and threat models to compute attack likelihood and attacker cost for each configuration. Evaluation indicates that IoTRiskAnalyzer is efficient and automatically prioritizes the input configurations on the basis of risk exposure.
IoT risk analytic, formal risk modeling, probabilistic model checking, Markov decision process, threat assessment, secure configuration planning, PRISM model checker.