Security Risk Management for the IoT systems

Raman Shapaval
Since 2012 the number of units in global infrastructure for the information society (The Internet of Things) has grown twice. With this number also has grown the number of possible threats and risks, which influence security on all levels of the system. As a result, a huge amount of users' data was stolen or damaged. According to Third Quarter, 2016 State of the Internet / Security Report based on data gathered from the Akamai Intelligent Platform the total number of DDoS attacks in Q3 2016 increased in 71\\% compared to Q3 2015. With 623 Gbps data transfer attack it was largest DDoS ever and this fact will only increase the number of future attack events. All these facts reveal a problem that a lot of IoT systems are still unsecured and users' data or personal information stay vulnerable to threats. The thesis combines knowledge of Security Risk Management with existing practice in securing in IoT into a framework, which aim is to cover vulnerabilities in IoT systems in order to protect users' data. We propose an initial comprehensive reference model to management security risks to the information and data assets managed and controlled in the IoT systems. Based on the domain model for the information systems security risk management, we explore how the vulnerabilities and their countermeasures defined in the open Web application security project could be considered in the IoT context. To illustrate the applicability of the reference model we test the framework on self-developed IoT system represented by Raspberry Pi 3 interconnected with sensors and remote data storage.
Graduation Thesis language
Graduation Thesis type
Master - Computer Science
Raimundas Matulevicius
Defence year