Building Confidence using Beliefs and Arguments in Security Class Evaluations for IoT
Chapter
Accepted version
Åpne
Permanent lenke
https://hdl.handle.net/11250/2978651Utgivelsesdato
2020Metadata
Vis full innførselSamlinger
Originalversjon
10.1109/FMEC49853.2020.9144957Sammendrag
The proliferation of IoT (Internet of Things) though making life easier, comes with security and privacy challenges. We have previously proposed a security classification methodology meant to help in practice build IoT systems focused on security during the development process. This method departs from classical risk analysis and certification methods in two ways: (i) it can be used at design time and (ii) it caters for the needs of system designers by helping them to identify protection mechanisms necessary for the connectivity required by their system under development. However, similarly to many risk analysis methods, this methodology was unable to provide assurance in the evaluation results. In this paper, we add two confidence parameters: belief and uncertainty to the assessment tree of arguments of a class. Thus, the final result is now a tuple <; C, B, U>, where C is the class to which the system belongs, together with a belief measure B in the evaluation aspects of C, and the uncertainty U in the evaluation details. Looking at the confidence parameters tells how well the security assessment is justified. To exemplify this enhanced security classification methodology, we systematically apply it to control mechanisms for Smart Home Energy Management Systems.