ACM Digital Library Logo
ACM Logo
Advanced Search
research-article
Free Access

Attack and System Modeling Applied to IoT, Cloud, and Mobile Ecosystems: Embedding Security by Design

Publication: ACM Computing SurveysMarch 2020 Article No.: 25 https://doi.org/10.1145/3376123
  • 0citation
  • 753
    • Downloads
Metrics
Total Citations0
Total Downloads753
Last 12 Months753
Last 6 weeks358
ACM Computing Surveys
Volume 53, Issue 2
May 2020
PreviousArticleNextArticle

Abstract

Over the years, pervasive computing and communication technologies have enabled the emergence of new computing paradigms that have gained importance across a wide spectrum of domains. The three most notable that have witnessed significant advancements and have a solid track record of exponential growth in diverse applications are the Internet of Things (IoT), Cloud, and Mobile Computing. The ubiquity of these paradigms, their expandability, and applicability in different problem spaces have made them invaluable in modern computing solutions. Security becomes a real concern, especially when it comes to the development of applications in these environments, as numerous security issues may arise from potential design flaws. Secure application development across these three technologies can only be achieved when applications and systems are designed and developed with security in mind. This will improve the quality of the solutions and ensure that vulnerabilities are identified. It will also help in defining countermeasures against cyberattacks or mitigate the effects of potential threats to the systems. This article surveys existing approaches, tools, and techniques for attack and system modeling applicable to IoT, Cloud computing, and Mobile Computing. It also evaluates the strengths and limitations of the reviewed approaches and tools, from which it highlights the main existing challenges and open issues in the area.

References

  1. Mohammad Aazam, Imran Khan, Aymen Abdullah Alsaffar, and Eui-Nam Huh. 2014. Cloud of Things: Integrating Internet of Things and cloud computing and the issues involved. In 11th International Bhurban Conference on Applied Sciences and Technology (IBCAST’14). IEEE, 414--419.Google ScholarGoogle ScholarCross RefCross Ref
  2. U.S. Food 8 Drug Administration. 2017. Firmware Update to Address Cybersecurity Vulnerabilities Identified in Abbott’s (formerly St. Jude Medical’s) Implantable Cardiac Pacemakers: FDA Safety Communication. https://www.fda.gov/medical-devices/safety-communications/firmware-update-address-cybersecurity-vulnerabilities-identified-abbotts-formerly-st-jude-medicals.Google ScholarGoogle Scholar
  3. Ioannis Agadakos, Chien-Ying Chen, Matteo Campanelli, Prashant Anantharaman, Monowar Hasan, Bogdan Copos, Tancrède Lepoint, Michael Locasto, Gabriela Felicia Ciocarlie, and Ulf Lindqvist. 2017. Jumping the air gap: Modeling cyber-physical attack paths in the Internet-of-Things. In Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and PrivaCy. ACM, 37--48.Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Milad Taleby Ahvanooey, Qianmu Li, Mahdi Rabbani, and Ahmed Raza Rajput. 2017. A survey on smartphones security: Software vulnerabilities, malware, and attacks. Int. J. Adv. Comput. Sci. Appl 8, 10 (2017), 30--45.Google ScholarGoogle Scholar
  5. Ala Al-Fuqaha, Mohsen Guizani, Mehdi Mohammadi, Mohammed Aledhari, and Moussa Ayyash. 2015. Internet of Things: A survey on enabling technologies, protocols, and applications. IEEE Communications Surveys 8 Tutorials 17, 4 (2015), 2347--2376.Google ScholarGoogle Scholar
  6. Hamad Al-Mohannadi, Qublai Mirza, Anitta Namanya, Irfan Awan, Andrea Cullen, and Jules Disso. 2016. Cyber-Attack Modeling Analysis Techniques: An Overview. http://hdl.handle.net/10454/10703 Accessed: 2018-07-15.Google ScholarGoogle Scholar
  7. Naseer Amara, Huang Zhiqui, and Awais Ali. 2017. Cloud computing security threats and attacks with their mitigation techniques. In 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC). 244--251. DOI:https://doi.org/10.1109/CyberC.2017.37Google ScholarGoogle ScholarCross RefCross Ref
  8. A. Amini, N. Jamil, A. R. Ahmad, and M. R. Z'aba. 2015. Threat modeling approaches for securing cloud computing. Journal of Applied Sciences 15, 7 (2015), 953.Google ScholarGoogle ScholarCross RefCross Ref
  9. Ioannis Andrea, Chrysostomos Chrysostomou, and George Hadjichristofi. 2015. Internet of Things: Security vulnerabilities and challenges. In IEEE Symposium on Computers and Communication (ISCC’15). IEEE, 180--187.Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, et al. 2017. Understanding the Mirai Botnet. In 26th {USENIX} Security Symposium ({USENIX} Security 17). 1093--1110.Google ScholarGoogle Scholar
  11. Danilo Ardagna, Elisabetta Di Nitto, Giuliano Casale, Dana Petcu, Parastoo Mohagheghi, Sébastien Mosser, Peter Matthews, Anke Gericke, Cyril Ballagny, Francesco D’Andria, et al. 2012. Modaclouds: A model-driven approach for the design and execution of applications on multiple clouds. In 4th International Workshop on Modeling in Software Engineering. IEEE Press, 50--56.Google ScholarGoogle ScholarCross RefCross Ref
  12. Michael Armbrust, Armando Fox, Rean Griffith, Anthony D. Joseph, Randy Katz, Andy Konwinski, Gunho Lee, David Patterson, Ariel Rabkin, Ion Stoica, et al. 2010. A view of cloud computing. Commun. ACM 53, 4 (2010), 50--58.Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Qazi Mamoon Ashraf and Mohamed Hadi Habaebi. 2015. Autonomic schemes for threat mitigation in Internet of Things. Journal of Network and Computer Applications 49 (2015), 112--127.Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Sachin Babar, Parikshit Mahalle, Antonietta Stango, Neeli Prasad, and Ramjee Prasad. 2010. Proposed security model and threat taxonomy for the Internet of Things (IoT). In International Conference on Network Security and Applications. Springer, 420--429.Google ScholarGoogle ScholarCross RefCross Ref
  15. Jason Bau and John C. Mitchell. 2011. Security modeling and analysis. IEEE Security and Privacy 9, 3 (2011), 18.Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Alexander Bergmayr, Uwe Breitenbücher, Nicolas Ferry, Alessandro Rossini, Arnor Solberg, Manuel Wimmer, Gerti Kappel, and Frank Leymann. 2018. A systematic review of cloud modeling languages. ACM Comput. Surv. 51, 1, Article 22 (Feb. 2018), 38 pages. DOI:https://doi.org/10.1145/3150227Google ScholarGoogle Scholar
  17. Elisa Bertino and Nayeem Islam. 2017. Botnets and internet of things security. Computer 2 (2017), 76--79.Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. S. Bojjagani and V. Sastry. 2017. VAPTAi: A threat model for vulnerability assessment and penetration testing of Android and iOS mobile banking apps. In 2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC). 77--86. DOI:https://doi.org/10.1109/CIC.2017.00022Google ScholarGoogle ScholarCross RefCross Ref
  19. Spencer Breiner, Eswaran Subrahmanian, and Ram D. Sriram. 2016. Modeling the Internet of Things: A foundational approach. In 7th International Workshop on the Web of Things. ACM, 38--41.Google ScholarGoogle Scholar
  20. Ismail Butun, Patrik Österberg, and Houbing Song. 2019. Security of the Internet of Things: Vulnerabilities, attacks and countermeasures. IEEE Communications Surveys 8 Tutorials (2019).Google ScholarGoogle Scholar
  21. Ismail Butun, Alparslan Sari, and Patrik Österberg. 2019. Security implications of fog computing on the Internet of Things. In 2019 IEEE International Conference on Consumer Electronics (ICCE). IEEE, 1--6.Google ScholarGoogle ScholarCross RefCross Ref
  22. S. A. Camtepe and B. Yener. 2007. Modeling and detection of complex attacks. In 2007 3rd International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007. 234--243. DOI:https://doi.org/10.1109/SECCOM.2007.4550338Google ScholarGoogle ScholarCross RefCross Ref
  23. Paul E. Ceruzzi. 2003. A History of Modern Computing. MIT press.Google ScholarGoogle Scholar
  24. Ching-Han Chen, Ming-Yi Lin, and Xing-Chen Guo. 2017. High-level modeling and synthesis of smart sensor networks for Industrial Internet of Things. Computers 8 Electrical Engineering 61 (2017), 48--66.Google ScholarGoogle Scholar
  25. Mung Chiang and Tao Zhang. 2016. Fog and IoT: An overview of research opportunities. IEEE Internet of Things Journal 3, 6 (2016), 854--864.Google ScholarGoogle ScholarCross RefCross Ref
  26. Farida Chowdhury and Md Sadek Ferdous. [n.d.]. MODELLING CYBER ATTACKS. ([n.d.]).Google ScholarGoogle Scholar
  27. Cisco. 2014. Cisco IoT Reference Model. http://cdn.iotwf.com/resources/72/IoT_Reference_Model_04_June_2014.pdf. Accessed: 2018-06-24.Google ScholarGoogle Scholar
  28. Miguel Pupo Correia and Paulo Jorge Sousa. 2017. Segurança no Software (2nd ed.). FCA - Editora da Informática, Lda.Google ScholarGoogle Scholar
  29. Cloud Standards Customer Council. 2015. Cloud Customer Architecture for Mobile. https://www.omg.org/cloud/deliverables/cloud-customer-architecture-for-mobile.htm. Accessed: 2019-02-15.Google ScholarGoogle Scholar
  30. E. Curry and P. Grace. 2008. Flexible self-management using the model-view-controller pattern. IEEE Software 25, 3 (May 2008), 84--90. DOI:https://doi.org/10.1109/MS.2008.60Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Li Da Xu, Wu He, and Shancang Li. 2014. Internet of Things in industries: A survey. IEEE Transactions on Industrial Informatics 10, 4 (2014), 2233--2243.Google ScholarGoogle ScholarCross RefCross Ref
  32. G. Delac, M. Silic, and J. Krolo. 2011. Emerging security threats for mobile platforms. In 2011 Proceedings of the 34th International Convention MIPRO. 1468--1473.Google ScholarGoogle Scholar
  33. Premkumar T. Devanbu and Stuart Stubblebine. 2000. Software engineering for security: A roadmap. In Proceedings of the Conference on the Future of Software Engineering (ICSE’00). ACM, New York, NY, USA, 227--239. DOI:https://doi.org/10.1145/336512.336559Google ScholarGoogle Scholar
  34. Mark Dowd, John McDonald, and Justin Schuh. 2006. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. Pearson Education.Google ScholarGoogle Scholar
  35. Hanan Elazhary. 2018. Internet of Things (IoT), mobile cloud, cloudlet, mobile IoT, IoT cloud, fog, mobile edge, and edge emerging computing paradigms: Disambiguation and research directions. Journal of Network and Computer Applications (2018).Google ScholarGoogle Scholar
  36. Nadia Elouali, José Rouillard, Xavier Le Pallec, and Jean-Claude Tarby. 2013. Multimodal interaction: A survey from model driven engineering and mobile perspectives. Journal on Multimodal User Interfaces 7, 4 (01 Dec 2013), 351--370. DOI:https://doi.org/10.1007/s12193-013-0126-zGoogle ScholarGoogle ScholarCross RefCross Ref
  37. F-Secure. 2019. 2019 Attack Landscape Report. https://blog.f-secure.com/attack-landscape-h1-2019-iot-smb-traffic-aboundGoogle ScholarGoogle Scholar
  38. Diogo A. B. Fernandes, Liliana F. B. Soares, João V. Gomes, Mário M. Freire, and Pedro R. M. Inácio. 2014. Security issues in cloud environments: A survey. International Journal of Information Security 13, 2 (2014), 113--170.Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Eduardo Fernandez, Juan Pelaez, and Maria Larrondo-Petrie. 2007. Attack patterns: A new forensic and design tool. In IFIP International Conference on Digital Forensics. Springer, 345--357.Google ScholarGoogle ScholarCross RefCross Ref
  40. Giancarlo Fortino, Raffaele Gravina, Wilma Russo, and Claudio Savaglio. 2017. Modeling and simulating internet-of-things systems: A hybrid agent-oriented approach. Computing in Science 8 Engineering 19, 5 (2017), 68--76.Google ScholarGoogle Scholar
  41. Mengmeng Ge and Dong Seong Kim. 2015. A framework for modeling and assessing security of the internet of things. In IEEE 21st International Conference on Parallel and Distributed Systems (ICPADS’15). IEEE, 776--781.Google ScholarGoogle Scholar
  42. Google. 2019. PHA Family Highlights: Triada. https://security.googleblog.com/2019/06/pha-family-highlights-triada.html.Google ScholarGoogle Scholar
  43. Brij Gupta, Dharma P. Agrawal, and Shingo Yamaguchi. 2016. Handbook of Research on Modern Cryptographic Solutions for Computer and Cyber Security. IGI global.Google ScholarGoogle Scholar
  44. B. B. Gupta and Omkar P. Badve. 2017. Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a cloud computing environment. Neural Computing and Applications 28, 12 (2017), 3655--3682.Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Brij B. Gupta. 2018. Computer and Cyber Security: Principles, Algorithm, Applications, and Perspectives. CRC Press.Google ScholarGoogle Scholar
  46. Mohammad Hamdaqa, Tassos Livogiannis, and Ladan Tahvildari. 2011. A reference model for developing cloud applications. In CLOSER. 98--103.Google ScholarGoogle Scholar
  47. Tobias Heer, Oscar Garcia-Morchon, René Hummen, Sye Loong Keoh, Sandeep S. Kumar, and Klaus Wehrle. 2011. Security challenges in the IP-based Internet of Things. Wireless Personal Communications 61, 3 (2011), 527--542.Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Henning Heitkötter, Tim A. Majchrzak, and Herbert Kuchen. 2013. Cross-platform model-driven development of mobile applications with MD 2. In Proceedings of the 28th Annual ACM Symposium on Applied Computing. ACM, 526--533.Google ScholarGoogle Scholar
  49. Guy Helmer, Johnny Wong, Mark Slagell, Vasant Honavar, Les Miller, and Robyn Lutz. 2002. A software fault tree approach to requirements analysis of an intrusion detection system. Requirements Engineering 7, 4 (1 Dec 2002), 207--220. DOI:https://doi.org/10.1007/s007660200016Google ScholarGoogle Scholar
  50. M. Shamim Hossain, Ghulam Muhammad, Wadood Abdul, Biao Song, and B. B. Gupta. 2018. Cloud-assisted secure video transmission and sharing framework for smart cities. Future Generation Computer Systems 83 (2018), 596--606.Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. Upguard Inc. 2019. System Shock: How a Cloud Leak Exposed Accenture’s Business. https://www.upguard.com/breaches/cloud-leak-accenture.Google ScholarGoogle Scholar
  52. Jeffrey A. Ingalsbe, Dan Shoemaker, and Nancy R. Mead. 2011. Threat modeling the cloud computing, mobile device toting, consumerized enterprise-an overview of considerations. In AMCIS.Google ScholarGoogle Scholar
  53. IoT-A. 2013. Introduction to the Architectural Reference Model for the Internet of Things. http://iotforum.org/wp-content/uploads/2014/09/120613-IoT-A-ARM-Book-Introduction-v7.pdf. Accessed: 2018-07-03.Google ScholarGoogle Scholar
  54. S. M. Riazul Islam, Daehan Kwak, M. D. Humaun Kabir, Mahmud Hossain, and Kyung-Sup Kwak. 2015. The Internet of Things for health care: A comprehensive survey. IEEE Access 3 (2015), 678--708.Google ScholarGoogle ScholarCross RefCross Ref
  55. Ajit Jha and M. C. Sunil. 2014. Security considerations for Internet of Things. L8T Technology Services (2014).Google ScholarGoogle Scholar
  56. Feng Jiang, Yunsheng Fu, Brij B. Gupta, Fang Lou, Seungmin Rho, Fanzhi Meng, and Zhihong Tian. 2018. Deep learning based multi-channel intelligent attack detection for data security. IEEE Transactions on Sustainable Computing (2018).Google ScholarGoogle Scholar
  57. Georgios Kambourakis, Constantinos Kolias, and Angelos Stavrou. 2017. The Mirai Botnet and the IoT zombie armies. In MILCOM 2017-2017 IEEE Military Communications Conference (MILCOM). IEEE, 267--272.Google ScholarGoogle ScholarCross RefCross Ref
  58. M. Kazim and D. Evans. 2016. Threat modeling for services in cloud. In 2016 IEEE Symposium on Service-Oriented System Engineering (SOSE). 66--72. DOI:https://doi.org/10.1109/SOSE.2016.55Google ScholarGoogle ScholarCross RefCross Ref
  59. Jintae Kim, Minseong Kim, and Sooyong Park. 2006. Goal and scenario based domain requirements analysis environment. Journal of Systems and Software 79, 7 (2006), 926--938. DOI:https://doi.org/10.1016/j.jss.2005.06.046 Selected papers from the 11th Asia Pacific Software Engineering Conference (APSEC2004).Google ScholarGoogle ScholarDigital LibraryDigital Library
  60. Ruslan Kirichek, Andrei Vladyko, Maxim Zakharov, and Andrey Koucheryavy. 2016. Model networks for Internet of Things and SDN. In 18th International Conference on Advanced Communication Technology (ICACT’16). IEEE, 76--79.Google ScholarGoogle Scholar
  61. Anneke G. Kleppe, Jos Warmer, Jos B. Warmer, and Wim Bast. 2003. MDA Explained: The Model Driven Architecture: Practice and Promise. Addison-Wesley Professional.Google ScholarGoogle Scholar
  62. Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2018. Spectre attacks: Exploiting speculative execution. arXiv preprint arXiv:1801.01203 (2018).Google ScholarGoogle Scholar
  63. Igor Kotenko and Andrey Chechulin. 2013. A cyber attack modeling and impact assessment framework. In 5th International Conference on Cyber Conflict (CyCon’13). IEEE, 1--24.Google ScholarGoogle Scholar
  64. AO Kaspersky Lab. 2016. Kaspersky Threats - Triada. https://threats.kaspersky.com/en/threat/Trojan.AndroidOS.Triada/.Google ScholarGoogle Scholar
  65. Mihai T. Lazarescu. 2013. Design of a WSN platform for long-term environmental monitoring for IoT applications. IEEE Journal on Emerging and Selected Topics in Circuits and Systems 3, 1 (2013), 45--54.Google ScholarGoogle ScholarCross RefCross Ref
  66. Wei Li, Igor Santos, Flavia C. Delicato, Paulo F. Pires, Luci Pirmez, Wei Wei, Houbing Song, Albert Zomaya, and Samee Khan. 2017. System modelling and performance evaluation of a three-tier Cloud of Things. Future Generation Computer Systems 70 (2017), 104--125.Google ScholarGoogle ScholarCross RefCross Ref
  67. Zhang Li and Tong Xin. 2013. Threat modeling and countermeasures study for the Internet of Things. Journal of Convergence Information Technology 8, 5 (2013).Google ScholarGoogle Scholar
  68. Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown. arXiv preprint arXiv:1801.01207 (2018).Google ScholarGoogle Scholar
  69. Torsten Lodderstedt, David Basin, and Jürgen Doser. 2002. SecureUML: A UML-based modeling language for model-driven security. In International Conference on the Unified Modeling Language. Springer, 426--441.Google ScholarGoogle ScholarCross RefCross Ref
  70. Junyan Ma, Xingshe Zhou, Shining Li, and Zhigang Li. 2011. Connecting agriculture to the Internet of Things through sensor networks. In 2011 IEEE International Conferences on Internet of Things, and Cyber, Physical and Social Computing. IEEE, 184--187.Google ScholarGoogle ScholarDigital LibraryDigital Library
  71. Ashwin Manjunatha, Ajith Ranabahu, Amit Sheth, and Krishnaprasad Thirunarayan. 2010. A domain specific language based method to develop cloud-mobile hybrid applications. Kno. e. sis Center Wright State University (2010), 50--60.Google ScholarGoogle Scholar
  72. S. Manzoor, H. Zhang, and N. Suri. 2018. Threat modeling and analysis for the cloud ecosystem. In 2018 IEEE International Conference on Cloud Engineering (IC2E). 278--281. DOI:https://doi.org/10.1109/IC2E.2018.00056Google ScholarGoogle ScholarCross RefCross Ref
  73. J. P. McDermott. 2000. Attack net penetration testing. In 2000 Workshop on New Security Paradigms (NSPW’00). ACM, New York, 15--21. DOI:https://doi.org/10.1145/366173.366183Google ScholarGoogle ScholarDigital LibraryDigital Library
  74. Nenad Medvidovic and Richard N. Taylor. 2010. Software architecture: Foundations, theory, and practice. In 32nd ACM/IEEE International Conference on Software Engineering, Volume 2. ACM, 471--472.Google ScholarGoogle Scholar
  75. Daniel Mellado, Carlos Blanco, Luis E.Sánchez, and Eduardo Fernández-Medina. 2010. A systematic review of security requirements engineering. Computer Standards 8 Interfaces 32, 4 (2010), 153--165. DOI:https://doi.org/10.1016/j.csi.2010.01.006Google ScholarGoogle Scholar
  76. Microsoft. 2019. Microsoft Threat Modeling Tool 2016. https://www.microsoft.com/en-us/download/details.aspx?id=49168. Accessed: 2019-02-04.Google ScholarGoogle Scholar
  77. Mujahid Mohsin, Zahid Anwar, Ghaith Husari, Ehab Al-Shaer, and Mohammad Ashiqur Rahman. 2016. IoTSAT: A formal framework for security analysis of the Internet of Things (IoT). In IEEE Conference on Communications and Network Security (CNS’16). IEEE, 180--188.Google ScholarGoogle ScholarCross RefCross Ref
  78. Brice Morin, Nicolas Harrand, and Franck Fleurey. 2017. Model-based software engineering to tame the IoT jungle. IEEE Software 34, 1 (2017), 30--36.Google ScholarGoogle ScholarDigital LibraryDigital Library
  79. Francesco Moscato, Beniamino Di Martino, and Rocco Aversa. 2012. Enabling model driven engineering of cloud services by using mosaic ontology. Scalable Computing: Practice and Experience 13, 1 (2012), 29--44.Google ScholarGoogle Scholar
  80. Suvda Myagmar, Adam J. Lee, and William Yurcik. 2005. Threat modeling as a basis for security requirements. In Symposium on Requirements Engineering for Information Security (SREIS). Citeseer, 1--8.Google ScholarGoogle Scholar
  81. Xuan Thang Nguyen, Huu Tam Tran, Harun Baraki, and Kurt Geihs. 2015. FRASAD: A framework for model-driven IoT application development. In IEEE 2nd World Forum on Internet of Things (WF-IoT’15). IEEE, 387--392.Google ScholarGoogle Scholar
  82. Huansheng Ning, Hong Liu, and Laurence Yang. 2013. Cyber-entity security in the Internet of Things. Computer (2013), 1.Google ScholarGoogle Scholar
  83. Francisco José Barreto Nunes, Arnaldo Dias Belchior, and Adriano Bessa Albuquerque. 2010. Security engineering approach to support software security. In 2010 6th World Congress on Services. 48--55. DOI:https://doi.org/10.1109/SERVICES.2010.37Google ScholarGoogle ScholarDigital LibraryDigital Library
  84. Jon Oberheide and Farnam Jahanian. 2010. When mobile is harder than fixed (and vice versa): Demystifying security challenges in mobile environments. In 11th Workshop on Mobile Computing Systems 8 Applications. ACM, 43--48.Google ScholarGoogle ScholarDigital LibraryDigital Library
  85. Hersent Olivier, Boswarthick David, and Omar Elloumi. 2011. The ETSI M2M Architecture. Wiley-Blackwell, Chapter 14, 237--267. DOI:https://doi.org/10.1002/9781119958352.ch14 arXiv:https://onlinelibrary.wiley.com/doi/pdf/10.1002/9781119958352.ch14Google ScholarGoogle Scholar
  86. Andreas L. Opdahl and Guttorm Sindre. 2009. Experimental comparison of attack trees and misuse cases for security threat identification. Information and Software Technology 51, 5 (2009), 916--932.Google ScholarGoogle ScholarDigital LibraryDigital Library
  87. Open Web Application Security Project OWASP. 2017. Application Threat Modeling. https://www.owasp.org/index.php/Application_Threat_Modeling.Google ScholarGoogle Scholar
  88. Abilio G. Parada and Lisane B. De Brisolara. 2012. A model driven approach for android applications development. In Brazilian Symposium on Computing System Engineering (SBESC’12). IEEE, 192--197.Google ScholarGoogle Scholar
  89. Phoronix. 2019. The Performance Impact of MDS / Zombieload Plus the Overall Cost Now of Spectre/Meltdown/L1TF/MDS. https://www.phoronix.com/scan.php?page=article8item=mds-zombieload-mit8num=1.Google ScholarGoogle Scholar
  90. L. Piètre-Cambacédès and M. Bouissou. 2010. Beyond attack trees: Dynamic security modeling with Boolean Logic Driven Markov Processes (BDMP). In 2010 European Dependable Computing Conference. 199--208. DOI:https://doi.org/10.1109/EDCC.2010.32Google ScholarGoogle ScholarDigital LibraryDigital Library
  91. Ajith H. Ranabahu, Eugene Michael Maximilien, Amit P. Sheth, and Krishnaprasad Thirunarayan. 2011. A domain specific language for enterprise grade cloud-mobile hybrid applications. In Compilation of the Co-located Workshops on DSM’11, TMC’11, AGERE! 2011, AOOPES’11, NEAT’11, 8 VMIL’11 (SPLASH’11 Workshops). ACM, New York, 77--84. DOI:https://doi.org/10.1145/2095050.2095064Google ScholarGoogle ScholarDigital LibraryDigital Library
  92. Check Point Research. 2019. Securing the Cloud, Mobile and Internet of Things. http://snt.hr/news/pressroom/pressreleases/CP2019SecurityReportVolume03.pdf.Google ScholarGoogle Scholar
  93. Youssef Ridene and Franck Barbier. 2011. A model-driven approach for automating mobile applications testing. In 5th European Conference on Software Architecture: Companion Volume. ACM, 9.Google ScholarGoogle ScholarDigital LibraryDigital Library
  94. David Alejandro Robles-Ramirez, Ponciano Jorge Escamilla-Ambrosio, and Theo Tryfonas. 2017. IoTsec: UML extension for Internet of Things systems security modelling. In International Conference on Mechatronics, Electronics and Automotive Engineering (ICMEAE’17). IEEE, 151--156.Google ScholarGoogle ScholarCross RefCross Ref
  95. James Rumbaugh, Ivar Jacobson, and Grady Booch. 2010. Unified Modeling Language Reference Manual (2nd ed.). Addison-Wesley Professional.Google ScholarGoogle Scholar
  96. Panagiotis Sarigiannidis, Eirini Karapistoli, and Anastasios A. Economides. 2017. Modeling the Internet of Things under attack: A G-network approach. IEEE Internet of Things Journal 4, 6 (2017), 1964--1977.Google ScholarGoogle ScholarCross RefCross Ref
  97. Mahadev Satyanarayanan. 1996. Fundamental challenges in mobile computing. In 15th Annual ACM Symposium on Principles of Distributed Computing. ACM, 1--7.Google ScholarGoogle ScholarCross RefCross Ref
  98. Riccardo Scandariato, Kim Wuyts, and Wouter Joosen. 2015. A descriptive study of Microsoft’s threat modeling technique. Requirements Engineering 20, 2 (2015), 163--180.Google ScholarGoogle ScholarDigital LibraryDigital Library
  99. Bruce Schneier. 1999. Attack trees. Dr. Dobb’s Journal 24, 12 (1999), 21--29.Google ScholarGoogle Scholar
  100. Continuum Security. 2019. IriusRisk - threat modeling tool. https://continuumsecurity.net/threat-modeling-tool/. Accessed: 2019-01-22.Google ScholarGoogle Scholar
  101. Zhengguo Sheng, Shusen Yang, Yifan Yu, Athanasios Vasilakos, Julie Mccann, and Kin Leung. 2013. A survey on the IETF protocol suite for the Internet of Things: Standards, challenges, and opportunities. IEEE Wireless Communications 20, 6 (2013), 91--98.Google ScholarGoogle ScholarCross RefCross Ref
  102. Sabrina Sicari, Alessandra Rizzardi, Luigi Alfredo Grieco, and Alberto Coen-Porisini. 2015. Security, privacy and trust in Internet of Things: The road ahead. Computer Networks 76 (2015), 146--164.Google ScholarGoogle ScholarDigital LibraryDigital Library
  103. Guttorm Sindre and Andreas L. Opdahl. 2005. Eliciting security requirements with misuse cases. Requirements Engineering 10, 1 (2005), 34--44.Google ScholarGoogle ScholarDigital LibraryDigital Library
  104. Claudia M. Sosa-Reyna, Edgar Tello-Leal, and David Lara-Alabazares. 2018. Methodology for the model-driven development of service oriented IoT applications. Journal of Systems Architecture 90 (2018), 15--22.Google ScholarGoogle ScholarCross RefCross Ref
  105. Jan Steffan and Markus Schumacher. 2002. Collaborative attack modeling. In 2002 ACM Symposium on Applied Computing (SAC’02). ACM, New York, 253--259. DOI:https://doi.org/10.1145/508791.508843Google ScholarGoogle ScholarDigital LibraryDigital Library
  106. Tatiana Stepanova and D. Zegzhda. 2014. Applying large-scale adaptive graphs to modeling Internet of Things security. In 7th International Conference on Security of Information and Networks. ACM, 479.Google ScholarGoogle Scholar
  107. Christos Stergiou, Kostas E. Psannis, Byung-Gyu Kim, and Brij Gupta. 2018. Secure integration of IoT and cloud computing. Future Generation Computer Systems 78 (2018), 964--975.Google ScholarGoogle ScholarCross RefCross Ref
  108. Frank Swiderski and Window Snyder. 2004. Threat Modeling. Microsoft Press.Google ScholarGoogle Scholar
  109. Guillermo Suarez-Tangil, Juan E. Tapiador, Pedro Peris-Lopez, and Arturo Ribagorda. 2014. Evolution, detection and analysis of malware for smart devices. IEEE Communications Surveys Tutorials 16, 2 (2014), 961--987. DOI:https://doi.org/10.1109/SURV.2013.101613.00077Google ScholarGoogle ScholarCross RefCross Ref
  110. Symantec. 2019. 2019 Internet Security Threat Report. https://www.symantec.com/en/uk/security-center/threat-report.Google ScholarGoogle Scholar
  111. Hassan Takabi, James B.D. Joshi, and Gail-Joon Ahn. 2010. Security and privacy challenges in cloud computing environments. IEEE Security 8 Privacy6 (2010), 24--31.Google ScholarGoogle Scholar
  112. T. Tidwell, R. Larson, K. Fitch, and J. Hale. 2001. Modeling internet attacks. In 2001 IEEE Workshop on Information Assurance and Security, Vol. 59. United States Military Academy West Point, NY.Google ScholarGoogle Scholar
  113. Ikram Ullah, Munam Ali Shah, Abdul Wahid, Amjad Mehmood, and Houbing Song. 2018. ESOT: A new privacy model for preserving location privacy in Internet of Things. Telecommunication Systems 67, 4 (2018), 553--575.Google ScholarGoogle ScholarDigital LibraryDigital Library
  114. Muhammad Usman, Muhammad Zohaib Iqbal, and Muhammad Uzair Khan. 2014. A model-driven approach to generate mobile applications for multiple platforms. In Software Engineering Conference (APSEC), 2014 21st Asia-Pacific, Vol. 1. IEEE, 111--118.Google ScholarGoogle ScholarDigital LibraryDigital Library
  115. Jeisson Vergara-Vargas and Henry Umaña-Acosta. 2017. A model-driven deployment approach for scaling distributed software architectures on a cloud computing platform. In 8th IEEE International Conference on Software Engineering and Service Science (ICSESS’17). IEEE, 99--103.Google ScholarGoogle ScholarCross RefCross Ref
  116. Mališa Vučinić, Bernard Tourancheau, Franck Rousseau, Andrzej Duda, Laurent Damon, and Roberto Guizzetti. 2015. OSCAR: Object security architecture for the Internet of Things. Ad Hoc Networks 32 (2015), 3--16.Google ScholarGoogle ScholarDigital LibraryDigital Library
  117. Andrew Whitmore, Anurag Agarwal, and Li Da Xu. 2015. The Internet of Things - A survey of topics and trends. Information Systems Frontiers 17, 2 (2015), 261--274.Google ScholarGoogle ScholarDigital LibraryDigital Library
  118. Qian Xu, Pinyi Ren, Houbing Song, and Qinghe Du. 2016. Security enhancement for IoT communications exposed to eavesdroppers with uncertain locations. IEEE Access 4 (2016), 2840--2853.Google ScholarGoogle ScholarCross RefCross Ref
  119. Zheng Yan, Peng Zhang, and Athanasios V. Vasilakos. 2014. A survey on trust management for Internet of Things. Journal of Network and Computer Applications 42 (2014), 120--134.Google ScholarGoogle ScholarCross RefCross Ref
  120. F. Ye and Y. Qian. 2017. A security architecture for networked Internet of Things devices. In GLOBECOM 2017-2017 IEEE Global Communications Conference. 1--6. DOI:https://doi.org/10.1109/GLOCOM.2017.8254021Google ScholarGoogle ScholarCross RefCross Ref
  121. Andrea Zanella, Nicola Bui, Angelo Castellani, Lorenzo Vangelista, and Michele Zorzi. 2014. Internet of Things for smart cities. IEEE Internet of Things Journal 1, 1 (2014), 22--32.Google ScholarGoogle ScholarCross RefCross Ref
  122. Ting Zhao, Gang Zhang, and Lei Zhang. 2014. An overview of mobile devices security issues and countermeasures. In International Conference on Wireless Communication and Sensor Network (WCSN’14). IEEE, 439--443.Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Attack and System Modeling Applied to IoT, Cloud, and Mobile Ecosystems

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          Get this Article

          • Article Metrics

            • Downloads (Last 12 months)753
            • Downloads (Last 6 weeks)358

            Other Metrics

            View Author Metrics

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader

          HTML Format

          View this article in HTML Format .

          View HTML Format
          View Issue’s Table of Contents
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!

          To help support our community working remotely during COVID-19, we are making all work published by ACM in our Digital Library freely accessible through June 30, 2020. Learn more