Can I Sleep Safely in My Smarthome? A Novel Framework on Automating Dynamic Risk Assessment in IoT Environments

Collen, Anastasija; Nijdam, Niels Alexander

doi:10.3390/electronics11071123

Cited by 4 publications

(6 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The most notable works providing the taxonomy of smart home-specific attacks and threats were provided by Bugeja et al [26] and Heartfield et al [36]. With cross-correlation performed in the scope of risk identification under the GHOST project [5], we further reduced the initial listing by applying criteria on the attack simulation feasibility. The sections hereafter outline each category of attacks included in our analysis along with the scenario definition, implemented demonstration and validation methodology.…”

Section: Threat Vector Landscapementioning

confidence: 99%

“…These advances are fused together within the implementation of DRA [5], which relies on probabilistic traffic profiling, the intelligence on the threat and vulnerability likelihood and the associated risk's severity, which permits identifying network anomalies and coordinating the selection of the appropriate mitigation action.…”

Section: Decision Automation In Risk Assessmentmentioning

confidence: 99%

“…Consequently, an eager need for tools providing visibility of cyber risks and threats has been raised in parallel with the deployment of cutting-edge smart homes [4]. For that matter, dynamic risk assessment (DRA)-based tools are foreseen to allow smart home users to take control and make appropriate decisions regarding the existing cybersecurity and privacy risks [5]. Such technology intends to automate threat identification and provide control and monitoring features for mitigation any detected risks.…”

Section: Introductionmentioning

confidence: 99%

“…The work presented in this paper is part of the last sequence in the execution chain, namely automating mitigation decisions and informing the end user. It therefore directly follows up the research on risk assessment (RA) [5], which serves as an input to this work.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Integrating Human Factors in the Visualisation of Usable Transparency for Dynamic Risk Assessment

Collen

Szanto²,

Benyahya

et al. 2022

Information

Self Cite

View full text Add to dashboard Cite

Modern technology and the digitisation era accelerated the pace of data generation and collection for various purposes. The orchestration of such data is a daily challenge faced by even experienced professional users in the context of Internet of Things (IoT)-enabled environments, especially when it comes to cybersecurity and privacy risks. This article presents the application of a user-centric process for the visualisation of automated decision making security interventions. The user interface (UI) development was guided by iterative feedback collection from user studies on the visualisation of a dynamic risk assessment (DRA)-based security solution for regular lay users. The methodology we applied starts with the definition of the methodological process to map possible technical actions to related usable actions. The definition and refinement of the user interface (UI) was controlled by the survey feedback loop from end user studies on their general technological knowledge, experience with smart homes, cybersecurity awareness and privacy preservation needs. We continuously improved the visualisation interfaces for configuring a cybersecurity solution and adjusting usable transparency of the control and monitoring of the dynamic risk assessment (DRA). For this purpose, we have designed, developed and validated a decision tree workflow and showed the evolution of the interfaces through various stages of the real-life trials executed under European H2020 project GHOST.

show abstract

Section: Threat Vector Landscapementioning

confidence: 99%

Section: Decision Automation In Risk Assessmentmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Integrating Human Factors in the Visualisation of Usable Transparency for Dynamic Risk Assessment

Collen

Szanto²,

Benyahya

et al. 2022

Information

Self Cite

View full text Add to dashboard Cite

show abstract

“…This RA variant called dynamic risk assessment (DRA) targets continuous, near real-time, on-the-fly reassessments. Applying DRA in IoT is not new, as it has been addressed in many discussions [22,23] and case studies for threat-based RA in smart homes [24][25][26][27]. These studies highlight that DRA provides better observability (this term comes from control theory and distributed systems [28]; it is used nowadays as a means to understand a system's states by inspecting the data it generates in event logs, metrics, etc.…”

Section: Introductionmentioning

confidence: 99%

Challenges and Opportunities for Conducting Dynamic Risk Assessments in Medical IoT

et al. 2023

View full text Add to dashboard Cite

Modern medical devices connected to public and private networks require additional layers of communication and management to effectively and securely treat remote patients. Wearable medical devices, for example, can detect position, movement, and vital signs; such data help improve the quality of care for patients, even when they are not close to a medical doctor or caregiver. In healthcare environments, these devices are called Medical Internet-of-Things (MIoT), which have security as a critical requirement. To protect users, traditional risk assessment (RA) methods can be periodically carried out to identify potential security risks. However, such methods are not suitable to manage sophisticated cyber-attacks happening in near real-time. That is the reason why dynamic RA (DRA) approaches are emerging to tackle the inherent risks to patients employing MIoT as wearable devices. This paper presents a systematic literature review of RA in MIoT that analyses the current trends and existing approaches in this field. From our review, we first observe the significant ways to mitigate the impact of unauthorised intrusions and protect end-users from the leakage of personal data and ensure uninterrupted device usage. Second, we identify the important research directions for DRA that must address the challenges posed by dynamic infrastructures and uncertain attack surfaces in order to better protect users and thwart cyber-attacks before they harm personal (e.g., patients’ home) and institutional (e.g., hospital or health clinic) networks.

show abstract

A Review on Information Security Risk Assessment of Smart Systems: Risk Landscape, Challenges, and Prospective Methods

Fauzi,

Sembiring

2023

2023 10th International Conference on ICT for Smart Society (ICISS)

View full text Add to dashboard Cite

Can I Sleep Safely in My Smarthome? A Novel Framework on Automating Dynamic Risk Assessment in IoT Environments

Cited by 4 publications

References 29 publications

Integrating Human Factors in the Visualisation of Usable Transparency for Dynamic Risk Assessment

Integrating Human Factors in the Visualisation of Usable Transparency for Dynamic Risk Assessment

Challenges and Opportunities for Conducting Dynamic Risk Assessments in Medical IoT

A Review on Information Security Risk Assessment of Smart Systems: Risk Landscape, Challenges, and Prospective Methods

Contact Info

Product

Resources

About