TY - GEN
T1 - Modeling and assessment of IoT supply chain security risks
T2 - 2020 IEEE Symposium on Security and Privacy Workshops, SPW 2020
AU - Kieras, Timothy
AU - Farooq, Muhammad Junaid
AU - Zhu, Quanyan
N1 - Funding Information:
This research is partially supported by award 2015-ST-061-CIRC01, U. S. Department of Homeland Security, awards ECCS-1847056 and SES-1541164 from National Science of Foundation (NSF).
Publisher Copyright:
© 2020 IEEE.
PY - 2020/5
Y1 - 2020/5
N2 - Supply chain security threats pose new challenges to security risk modeling techniques for complex ICT systems such as the IoT. With established techniques drawn from attack trees and reliability analysis providing needed points of reference, graph-based analysis can provide a framework for considering the role of suppliers in such systems. We present such a framework here while highlighting the need for a component-centered model. Given resource limitations when applying this model to existing systems, we study various classes of uncertainties in model development, including structural uncertainties and uncertainties in the magnitude of estimated event probabilities. Using case studies, we find that structural uncertainties constitute a greater challenge to model utility and as such should receive particular attention. Best practices in the face of these uncertainties are proposed.
AB - Supply chain security threats pose new challenges to security risk modeling techniques for complex ICT systems such as the IoT. With established techniques drawn from attack trees and reliability analysis providing needed points of reference, graph-based analysis can provide a framework for considering the role of suppliers in such systems. We present such a framework here while highlighting the need for a component-centered model. Given resource limitations when applying this model to existing systems, we study various classes of uncertainties in model development, including structural uncertainties and uncertainties in the magnitude of estimated event probabilities. Using case studies, we find that structural uncertainties constitute a greater challenge to model utility and as such should receive particular attention. Best practices in the face of these uncertainties are proposed.
KW - Information technology
KW - Internet of things
KW - Operational technology
KW - Risk assessment
KW - Security
KW - Supply chain
UR - http://www.scopus.com/inward/record.url?scp=85099725342&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85099725342&partnerID=8YFLogxK
U2 - 10.1109/SPW50608.2020.00043
DO - 10.1109/SPW50608.2020.00043
M3 - Conference contribution
AN - SCOPUS:85099725342
T3 - Proceedings - 2020 IEEE Symposium on Security and Privacy Workshops, SPW 2020
SP - 163
EP - 170
BT - Proceedings - 2020 IEEE Symposium on Security and Privacy Workshops, SPW 2020
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 21 May 2020
ER -