28. September - 2. Oktober 2020

Andreas Wolf, Dimitrios Simopoulos, Luca D'Avino, Patrick Schwaiger
Recently, IoT usage has grown rapidly. Security risks are rising analogously, though. Our paper introduces an approach to identify and address security threats by applying the PASTA (Process for Attack Simulation and Threat Analysis) threat model to the IoT domain. By adapting PASTA, we optimize the threat analysis based on domain knowledge and specific needs of IoT. With integration of the PASTA results into the development process and the IoT software development life cycle, we reduce
more » ... risks. A prototype demonstrates the feasibility of the concept for security vulnerability reduction via an integrated DevSecOps toolchain.
doi:10.18420/inf2020_111 fatcat:nrhg5w6w4vbvrpbmxcnbnji5ay