查看文章

The Internet of Things (IoT) is being deployed for a plethora of use-case scenarios. In any deployment, a number of configuration choices are available that achieve the mission goal. However, IoT security incidents have demonstrated that different configurations are vulnerable to varied risk levels. We propose the IoTRiskAnalyzer framework to formally and quantitatively analyze these risks using probabilistic model checking. IoTRiskAnalyzer takes vulnerability scores, candidate IoT configurations, and attacker's capabilities as inputs. It then generates the system and threat models to compute attack likelihood and attacker cost for each configuration. Evaluation indicates that IoTRiskAnalyzer is efficient and automatically prioritizes the input configurations on the basis of risk exposure.