The Industrial Internet of Things (IIoT) provide an opportunity for industries to build large interconnected systems that utilise various technologies such as personal computers, wireless devices, and sensor devices and bring together the cyber and the physical world. Such systems provide us with huge advantages but they also introduce major security challenges at both the design and runtime stages. The literature argues for the need to introduce security-by-design methods, which enable security analysis and mitigation of security threats. This paper proposes a novel security-by-design method for IIoT environments across two different levels (design/modelling and runtime/simulation). Our method supports analysis of security requirements and identification of attack paths and their integration for the mitigation of potential vulnerabilities. We demonstrate the applicability through a real case study on a critical environment from the maritime sector which demonstrates that our method helps to identify security mechanisms to mitigate attacks on critical assets.
Bibliographical note© 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must beobtained for all other uses, in any current or future media, including
reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
- Attack Path Discovery
- Industrial Internet of Things
- Security Requirements Engineering