Security Analysis of Machine Monitoring Sensor Communication A threat modeling process implementation and evaluation

Examensarbete för masterexamen

Please use this identifier to cite or link to this item:
Download file(s):
File Description SizeFormat 
238297.pdfFulltext5.32 MBAdobe PDFView/Open
Type: Examensarbete för masterexamen
Master Thesis
Title: Security Analysis of Machine Monitoring Sensor Communication A threat modeling process implementation and evaluation
Authors: Ljungdahl, Martin
Nordström, Michael
Abstract: The number of small devices that are connected to the Internet is increasing rapidly and the system that controls them are becoming more and more complex. Using these devices in products and system has the potential to lower costs, increase performance and provide new functionality. A substantial amount of these devices are used in "smart homes" or to monitor and control critical electro-mechanical systems. When developing such system often functionally and performance is prioritized in comparison to security and many systems have computer security and network security concerns. To help the developers create secure systems it exist a practice named Threat Modeling in which you work with the system through different stages to find its vulnerabilities. There exist several threat models that are aimed for specific systems of a certain type. It exists limited research about threat models aimed for system consisting of small devices connected to the Internet. In this project a threat modeling process will be conducted and applied on a smartphone/IoT system developed by one of Cybercom’s customer. In addition, the threat modeling process will be evaluated for correctness and applicability when applying it to a smartphone/IoT system and how the process might be improved. Platform specific threat libraries created by accredited sources will be used to for both validation and improvements. Penetration testing will be carried out with a subset of the threats generated by the threat modeling process and from the threat libraries in order to validate the applicability of the threats.
Keywords: Data- och informationsvetenskap;Computer and Information Science
Issue Date: 2016
Publisher: Chalmers tekniska högskola / Institutionen för data- och informationsteknik (Chalmers)
Chalmers University of Technology / Department of Computer Science and Engineering (Chalmers)
Collection:Examensarbeten för masterexamen // Master Theses

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.