Attack Surface Modeling and Assessment for Penetration Testing of IoT System Designs

• Published in: 2018 21st Euromicro Conference on Digital System Design (DSD) pp. 177 - 181
• Main Authors: Mahmoodi, Yasamin, Reiter, Sebastian, Viehl, Alexander, Bringmann, Oliver, Rosenstiel, Wolfgang
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.08.2018
• Subjects: Analytical models; Bluetooth; Penetration testing; Probes; Security analysis; Software; SystemC; Unified modeling language; Virtual Prototyping
• DOI: 10.1109/DSD.2018.00043

Security by Design becomes a significant aspect for establishing the Internet-of-Things (IoT) paradigm. In this paper, we present an approach to utilize virtual prototypes (VP) at system level to enable security evaluation along the design process. The proposed VP-based penetration testing framework provides an approach for attack surface and attack behavior modeling. By utilizing a modular, reconfigurable system simulation, an attack scenario can be assessed with different system alternatives. As the VP simulates both hardware (HW) and software (SW) of a single IoT-device as well as the interconnections of different devices a comprehensive system analysis can be executed. Our framework is based on a model-driven approach, which underlines the achieved degree of automation and its potential for industrial application. A comprehensive system analysis tool is the enabler to apply penetration testing, for identifying weak points in the system design and implementation, from early stages in the design flow. The overall approach is demonstrated by an automotive use case derived from real-world security flaws.