Towards a Generic Model for Risk Analysis of the Internet of Things (IoT)
AbstractThe Internet of Things (IoT) has spurred the interaction of a multitude of smart physical objects with the existing cyber world. These connected “things” leverage heterogeneous protocols, diverse capabilities and complex environmental interdependencies, which have reshaped their risk profiles through introduction of novel threat vectors. In this paper, we present a formal framework to model and analyze the security risks linked with generic IoT systems. The approach uses existing and widely-accepted Web Ontology Language (OWL) based ontologies, by extending them with IoT-specific concepts and populating them with IoT instances. Risk assessment, quantification and selection of viable mitigation techniques is carried out automatically with the help of rule-based constraints and queries applied over OWL knowledgebase. The practicality and effectiveness of the approach is verified through implementation and evaluation over realistic IoT systems.
H. Sundmaeker, P. Guillemin, P. Friess, and S. Woelffl´e, Eds., Vision and Challenges for Realising the Internet of Things. Luxembourg: Publications Office of the European Union, 2010.
P. Guillemin, P. Friess et al., “Internet of things strategic research roadmap,” The Cluster of European Research Projects, Tech. Rep., September, 2009.
D. L. McGuinness, F. Van Harmelen et al., “OWL web ontology language overview,” W3C recommendation, vol. 10, no. 10, 2004.
I. Horrocks, P. F. Patel-Schneider, H. Boley, S. Tabet, B. Grosof, M. Dean et al., “SWRL: A semantic web rule language combining OWL and RuleML,” W3C Member submission, vol. 21, p. 79, 2004.
M. J. O’Connor and A. K. Das, “SQWRL: A Query Language for OWL,” in OWLED, vol. 529, 2009.
M. Compton, H. Neuhaus, K. Taylor, and K.-N. Tran, “Reasoning about sensors and compositions.” in SSN. Citeseer, pp. 33–48, 2009.
M. Calder, R. A. Morris, and F. Peri, “Machine reasoning about anomalous sensor data,” Ecological Informatics, vol. 5, no. 1, pp. 9–18, 2010. [Online]. Available: http://linkinghub. elsevier.com/retrieve/pii/1574954109000715.
L. Lefort, C. Henson, K. Taylor, P. Barnaghi, M. Compton, O. Corcho, R. Garcia-Castro, J. Graybeal, A. Herzog, K. Janowicz et al., “Semantic Sensor Network XG-final report,” W3C Incubator Group Report, vol. 28, 2011.
M. Bermudez-Edo, T. Elsaleh, P. Barnaghi, and K. Taylor, “IoT-Lite Ontology,” https://www.w3.org/Submission/2015/SUBM-iot-lite-20151126/, accessed: 01-08 -2016.
S. De, P. Barnaghi, M. Bauer, and S. Meissner, “Service modelling for the internet of things,” in Federated Conference on Computer Science and Information Systems (FedCSIS). IEEE, pp. 949–955, 2011.
M. B. Alaya, S. Medjiah, T. Monteil, and K. Drira, “Toward semantic interoperability in oneM2M architecture,” IEEE Communications Magazine, vol. 53, no. 12, pp. 35–41, 2015.
A. Gyrard, C. Bonnet, and K. Boudaoud, “An ontology based approach for helping to secure the ETSI machine-to-machine architecture,” in ITHINGS, September 1-3, 2014, Taipei, Taiwan, China, 09 2014. [Online] http://www.eurecom.fr/publication/4322.
C. Liu, Y. Zhang, J. Zeng, L. Peng, and R. Chen, “Research on dynamical security risk assessment for the internet of things inspired by immunology,” in Eighth International Conference on Natural Computation (ICNC). IEEE, pp. 874–878, 2012.
R. Roman, P. Najera, and J. Lopez, “Securing the internet of things,” Computer, vol. 44, no. 9, pp. 51–58, 2011.
S.-I. Chang, A. Huang, L.-M. Chang, and J.-C. Liao, “Risk factors of enterprise internal control: Governance refers to internet of things (iot) environment”, RISK, 2016.
A. Jacobsson, M. Boldt, and B. Carlsson, “A risk analysis of a smart home automation system,” Future Generation Computer Systems, vol. 56, pp. 719–733, 2016.
A. Gangemi, “DOLCE Ultralight Ontology,” http://www.loa.istc.cnr.it/ontologies/DUL.owl, 2007, accessed: 2016-11-09.
A. Kim, J. Luo, and M. Kang, Security ontology for annotating resources. Springer, 2005.
D. Martin, M. Burstein, J. Hobbs, O. Lassila, D. McDermott, S. McIlraith, S. Narayanan, M. Paolucci, B. Parsia, T. Payne et al., “OWL-S: Semantic markup for web services,” W3C submission, vol. 22, pp. 2007–04, 2004.
H. Knublauch, R. W. Fergerson, N. F. Noy, and M. A. Musen, “The Protégé OWL plugin: An open development environment for semantic web applications,” in The Semantic Web–ISWC, Springer, pp. 229–243, 2004.
KRDB Research Group, “ontopPro: The OBDA Plugin for Protégé,” http://ontop.inf.unibz.it/,accessed: 2016-11-09.
A. Jena, “A free and open source java framework for building semantic web and linked data applications,” URL: http://jena.apache. org, 2011.