In English

Security Analysis of Machine Monitoring Sensor Communication A threat modeling process implementation and evaluation

Martin Ljungdahl ; Michael Nordström
Göteborg : Chalmers tekniska högskola, 2016. 84 s.
[Examensarbete på avancerad nivå]

The number of small devices that are connected to the Internet is increasing rapidly and the system that controls them are becoming more and more complex. Using these devices in products and system has the potential to lower costs, increase performance and provide new functionality. A substantial amount of these devices are used in "smart homes" or to monitor and control critical electro-mechanical systems. When developing such system often functionally and performance is prioritized in comparison to security and many systems have computer security and network security concerns. To help the developers create secure systems it exist a practice named Threat Modeling in which you work with the system through different stages to find its vulnerabilities. There exist several threat models that are aimed for specific systems of a certain type. It exists limited research about threat models aimed for system consisting of small devices connected to the Internet. In this project a threat modeling process will be conducted and applied on a smartphone/IoT system developed by one of Cybercom’s customer. In addition, the threat modeling process will be evaluated for correctness and applicability when applying it to a smartphone/IoT system and how the process might be improved. Platform specific threat libraries created by accredited sources will be used to for both validation and improvements. Penetration testing will be carried out with a subset of the threats generated by the threat modeling process and from the threat libraries in order to validate the applicability of the threats.

Nyckelord: Threat model process, OWASP Mobile, IoT, STRIDE, DFD

Publikationen registrerades 2016-06-27. Den ändrades senast 2016-06-27

CPL ID: 238297

Detta är en tjänst från Chalmers bibliotek