Threat Modeling IoT Devices


It is almost impossible to talk about modern Computer Science without mentioning the Internet of Things (IoT). The IoT is completely reorganizing traditional Information and Communication Technology (ICT) by introducing new features, infrastructures, and architectures. This enables implementation of new and complex cyber-physical systems which can improve the quality of our everyday lives. With the birth of IPv6 and the omnipresence of Wi-Fi networks, IoT is spreading like wildfire, and researchers estimate that by 2020, the number of IoT devices will reach 40 billion.

While IoT is enriching almost every aspect of our lives, there is a downside: it is becoming an increasingly attractive target for cyberattackers.

Why

More IoT devices mean more attack vectors and more opportunities for cyber attackers. Unless companies start addressing this rising security threat soon, they will face inevitable disaster. When thinking about cybersecurity, most companies focus on protecting themselves and meeting compliance requirements, or they treat security simply as a technology function instead of integrating it into their business operations.

Structured thinking about what might go wrong is an essential part of engineering more secure products. Perhaps many organisations don’t know where to start, and a sample threat model could be useful. Perhaps there are common failure modes, and those modes could be addressed with analyses and solutions, in the same way that “salted hashes” are the accepted and worked-through way to store passwords.

What

  • Sample threat model for a thing
  • Engineering tradeoff discussion documents for common suggestions (For example, “change password on deploy” vs “cloud management”)

Outcomes

  • Sample threat model
  • Discussion documents

Who

  • Security professionals
  • CISOs
  • Agile practitioners
  • DevSecOps
  • SecDevOps

References


Working materials

Here are the current ‘work in progress’ materials for this session

(please add as much information as possible before the sessions)

Content

…add content…



Back to list of all Working Sessions and Tracks

Edit this page here