Requirements and Recommendations for IoT/IIoT Models to automate Security Assurance through Threat Modelling, Security Analysis and Penetration Testing
Ralph Ankele, Stefan Marksteiner, Kai Nahrgang, Heribert Vallant

TL;DR
This paper proposes a method to automate security assurance in IoT/IIoT systems by extracting metadata from development models to facilitate threat modeling, security analysis, and penetration testing, addressing scalability challenges.
Contribution
It introduces requirements and recommendations for metadata in IoT/IIoT models to enable automated security processes without extensive prior security expertise.
Findings
Metadata extraction from diagrams supports automated threat modeling.
Automated security analysis reduces manual effort and improves scalability.
Guidelines enhance security assurance in large IoT/IIoT networks.
Abstract
The factories of the future require efficient interconnection of their physical machines into the cyber space to cope with the emerging need of an increased uptime of machines, higher performance rates, an improved level of productivity and a collective collaboration along the supply chain. With the rapid growth of the Internet of Things (IoT), and its application in industrial areas, the so called Industrial Internet of Things (IIoT)/Industry 4.0 emerged. However, further to the rapid growth of IoT/IIoT systems, cyber attacks are an emerging threat and simple manual security testing can often not cope with the scale of large IoT/IIoT networks. In this paper, we suggest to extract metadata from commonly used diagrams and models in a typical software development process, to automate the process of threat modelling, security analysis and penetration testing, without detailed prior…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
