Introducing the Cyber-Physical Data Flow Diagram to Improve Threat Modelling of Internet of Things Devices
Simon Liebl, Ian Ferguson, Andreas Aßmuth, Natalie Coull, George R. S. Weir
TLDR
This paper introduces Cyber-Physical Data Flow Diagrams (CPDFD) to improve threat modeling for IoT devices by incorporating hardware interactions.
Key contributions
- Proposes Cyber-Physical Data Flow Diagram (CPDFD) specifically for IoT threat modeling.
- CPDFD allows modeling of hardware, addressing a gap in traditional IT-focused methods.
- Helps manufacturers identify a greater number of attack scenarios and develop countermeasures.
- Validated through experimental studies and a survey with expert interviews.
Why it matters
IoT devices present unique security, privacy, and safety challenges due to their interaction with the physical world. Traditional threat modeling methods often overlook hardware-specific vulnerabilities. This paper provides a crucial, tailored approach to better secure these increasingly prevalent and critical systems.
Original Abstract
A growing number of Internet of Things (IoT) devices are used across consumer, medical, and industrial domains. They interact with their environment through sensors and actuators and connect to networks such as the Internet. Because sensors may collect sensitive data and actuators can trigger physical actions, security, privacy, and safety are major challenges. Threat modelling can help identify risks, but established IT-focused methods transfer to the IoT only to a limited extent. In this paper, a new modelling technique specifically for IoT devices called Cyber-Physical Data Flow Diagram (CPDFD) is proposed that also allows modelling of hardware with the aim to support manufacturers in identifying threats and developing countermeasures. The technique was examined through an experimental study and a survey with interviews. The results suggest that numerous other attack scenarios can be found through the modelling technique, improving the identification of threats to IoT devices.
📬 Weekly AI Paper Digest
Get the top 10 AI/ML arXiv papers from the week — summarized, scored, and delivered to your inbox every Monday.