Threat Modelling in Internet of Things (IoT) Environment Using Dynamic Attack Graphs

TL;DR

This paper introduces a dynamic threat modelling approach for IoT environments that adapts attack graphs to system changes, enabling rapid identification of attack paths in evolving networks.

Contribution

It develops a method for maintaining dynamic attack graphs in IoT environments, addressing the limitations of static models and supporting real-time threat analysis.

Findings

Dynamic attack graphs effectively model IoT threats.

Neo4j enables rapid threat updates in changing environments.

The approach is demonstrated with a healthcare IoT scenario.

Abstract

This work presents a threat modelling approach to represent changes to the attack paths through an Internet of Things (IoT) environment when the environment changes dynamically, i.e., when new devices are added or removed from the system or when whole sub-systems join or leave. The proposed approach investigates the propagation of threats using attack graphs. However, traditional attack graph approaches have been applied in static environments that do not continuously change such as the Enterprise networks, leading to static and usually very large attack graphs. In contrast, IoT environments are often characterised by dynamic change and interconnections; different topologies for different systems may interconnect with each other dynamically and outside the operator control. Such new interconnections lead to changes in the reachability amongst devices according to which their corresponding attack graphs change. This requires dynamic topology and attack graphs for threat and risk analysis. In this paper, a threat modelling approach is developed that copes with dynamic system changes that may occur in IoT environments and enables identifying attack paths whilst allowing for system dynamics. Dynamic topology and attack graphs were developed that are able to cope with the changes in the IoT environment rapidly by maintaining their associated graphs. To motivate the work and illustrate the proposed approach, an example scenario based on healthcare systems is introduced. The proposed approach is implemented using a Graph Database Management Tool (GDBM)- Neo4j- which is a popular tool for mapping, visualising and querying the graphs of highly connected data, and is efficient in providing a rapid threat modelling mechanism, which makes it suitable for capturing security changes in the dynamic IoT environment.