The PASTA threat model implementation in the IoT development life cycle
| dc.contributor.author | Wolf, Andreas | |
| dc.contributor.author | Simopoulos, Dimitrios | |
| dc.contributor.author | D'Avino, Luca | |
| dc.contributor.author | Schwaiger, Patrick | |
| dc.contributor.editor | Reussner, Ralf H. | |
| dc.contributor.editor | Koziolek, Anne | |
| dc.contributor.editor | Heinrich, Robert | |
| dc.date.accessioned | 2021-01-27T13:33:14Z | |
| dc.date.available | 2021-01-27T13:33:14Z | |
| dc.date.issued | 2021 | |
| dc.description.abstract | Recently, IoT usage has grown rapidly. Security risks are rising analogously, though. Our paper introduces an approach to identify and address security threats by applying the PASTA (Process for Attack Simulation and Threat Analysis) threat model to the IoT domain. By adapting PASTA, we optimize the threat analysis based on domain knowledge and specific needs of IoT. With integration of the PASTA results into the development process and the IoT software development life cycle, we reduce security risks. A prototype demonstrates the feasibility of the concept for security vulnerability reduction via an integrated DevSecOps toolchain. | en |
| dc.identifier.doi | 10.18420/inf2020_111 | |
| dc.identifier.isbn | 978-3-88579-701-2 | |
| dc.identifier.pissn | 1617-5468 | |
| dc.identifier.uri | https://dl.gi.de/handle/20.500.12116/34700 | |
| dc.language.iso | en | |
| dc.publisher | Gesellschaft für Informatik, Bonn | |
| dc.relation.ispartof | INFORMATIK 2020 | |
| dc.relation.ispartofseries | Lecture Notes in Informatics (LNI) - Proceedings, Volume P-307 | |
| dc.subject | Internet of Things | |
| dc.subject | Threat Model | |
| dc.subject | DevSecOps | |
| dc.subject | Cyber-Security | |
| dc.subject | Security Testing | |
| dc.title | The PASTA threat model implementation in the IoT development life cycle | en |
| gi.citation.endPage | 1204 | |
| gi.citation.startPage | 1195 | |
| gi.conference.date | 28. September - 2. Oktober 2020 | |
| gi.conference.location | Karlsruhe | |
| gi.conference.sessiontitle | Workshop on Tools and Concepts for Communication and Networked Systems |
Dateien
Originalbündel
1 - 1 von 1