Msc. Candidate: Mutlu Erhan
Program: Information Systems
Date: 04.09.2019 16:15 p.m
Abstract: Security and privacy issues in the Internet of Things (IoT) have received much attention in recent years because of the attacks, which have increased both in quantity and diversity. Many studies have been done to make the IoT ecosystem more secure, and these have managed to ease some risks partially by presenting security frameworks or basic standards. However; presented frameworks or standards have not been accepted by all the stakeholders in the IoT ecosystem and have not been able to provide solutions for design and evaluation. One way to decrease the risks posed by the vulnerabilities is to increase awareness of the stakeholders for security and privacy issues in the IoT system via providing simple, usable and enough protection skills, methods, standards and framework models in a design and evaluation environment.
Previous studies have analyzed reference framework models, presented security threats as a layered structure and managed to demonstrate the visibility of risks with a model of building blocks. However, besides the demonstration of the general security problems in the IoT stack, little attention was given to the generation of an evaluation environment and its usability. This study aims to present an environment, named as the Secure IoT Design and Evaluation Environment (SIDE), for IoT system developers to evaluate their products security risks against related vulnerabilities and to correct their deficits in the ecosystem, especially at the design phase. It was shown that the SIDE is practical and highly usable in identifying threats related to a design decision and evaluating the security of alternative solutions based on their known vulnerabilities.