Tool Support for Risk-driven Planning of Trustworthy Smart IoT Systems within DevOps

Andreas Thompson, Gencer Erdogan

Abstract

There is a serious lack of support for trustworthy smart IoT systems within DevOps. Security and privacy are often overlooked in DevOps cultures and almost absent in the context of IoT. In this paper, we focus on the planning stage of DevOps and propose a tool-supported method for risk-driven planning considering security and privacy risks. Our method consists of five steps: establish context, analyse dataflow, model privacy and security risk, develop risk assessment algorithm based on risk model, and execute risk assessment algorithm. Our tool supports this method in the first and the last step and facilitates dynamic risk assessment based on input provided by the user or collected from the monitoring stage into predefined risk models. The output of the tool is a risk assessment which the end users, e.g. developers, can use as decision support to prioritize certain parts of the target under analysis in the next cycle of DevOps. The tool and the method are evaluated in a real-world smart home case. Our initial evaluation indicates that the approach is comprehensible for our intended users, supports the planning stage in terms of security and privacy risk assessment, and feasible for use in the DevOps practice.

Download


Paper Citation


in Harvard Style

Thompson A. and Erdogan G. (2020). Tool Support for Risk-driven Planning of Trustworthy Smart IoT Systems within DevOps.In Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-399-5, pages 742-753. DOI: 10.5220/0009189307420753


in Bibtex Style

@conference{icissp20,
author={Andreas Thompson and Gencer Erdogan},
title={Tool Support for Risk-driven Planning of Trustworthy Smart IoT Systems within DevOps},
booktitle={Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2020},
pages={742-753},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0009189307420753},
isbn={978-989-758-399-5},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Tool Support for Risk-driven Planning of Trustworthy Smart IoT Systems within DevOps
SN - 978-989-758-399-5
AU - Thompson A.
AU - Erdogan G.
PY - 2020
SP - 742
EP - 753
DO - 10.5220/0009189307420753