Discover Internet of Things (Dec 2022)

A framework for evaluating security risk in system design

  • Paul A. Wortman,
  • John A. Chandy

DOI
https://doi.org/10.1007/s43926-022-00027-w
Journal volume & issue
Vol. 2, no. 1
pp. 1 – 30

Abstract

Read online

Abstract Design and development of ubiquitous computer network systems has become increasingly difficult as technology continues to grow. From the introduction of new technologies to the discovery of existing threats, weaknesses, and vulnerabilities there is a constantly changing landscape of potential risks and rewards. The cyber security community, and industry at large, is learning to account for these increasing threats by including protections and mitigations from the beginning of the design V process. However, issues still come from limitations in time for thoroughly exploring a potential design space and the knowledge base required to easily account for potential vulnerabilities in each. To address this problem we propose the G-T-S framework, which is an automated tool that allows a user to provide a set of inputs relating to the desired design space and returns a monetary security risk evaluation of each. This methodology first generates a series of potential designs, then dissects their contents to associate possible vulnerabilities to device elements, and finally evaluates the security risk poised to a central asset of importance. We exemplify the tools, provide methodologies for required background research, and discuss the results in evaluating a series of IoT Home models using the GTS framework. Through implementation of our framework we simplify the information an individual will require to begin the design process, lower the bar for entry to perform evaluating security risk, and present the risk as an easily understood monetary metric.

Keywords