Model-based security engineering for the internet of things

We propose in this chapter a Model-based Security Toolkit (SecKit) and methodology to address the control and protection of user data in the deployment of the Internet of Things (IoT). This toolkit takes a more general approach for security engineering including risk analysis, establishment of aspectspecific trust relationships, and enforceable security policies. We describe the integrated metamodels used in the toolkit and the accompanying security engineering methodology for IoT systems using these metamodels. We validate our approach through a case study of a real world supply chain scenario where sensors are used to monitor the temperature and control environmental conditions of the transported goods. The toolkit is applied in the design of this case study, analysis of risks, and specification of security policy rules following the steps of our methodology. Finally, we also show how the specified security policies are enforced using technology specific policy enforcement points. URI: http://digital-library.theiet.org/content/books/10.1049/pbse002e_ch5 [1] Authors: NEISSE Ricardo STERI Gary NAI FOVINO Igor BALDINI Gianmarco VAN HOESEL Lodewijk Publication Year: 2016 Science Areas: Information Society [2] Safety and security [3]