Abstract
An Internet of Things (IoT)-based service includes several devices and applications. A service’s security depends on the vulnerabilities of its individual components. Thus, because a security assessment is of high importance, it starts to be conducted in the design phase of the service’s model. The Stochastic Petri net (SPN) modelling method can sufficiently depict the complexity and the unpredictability in terms of the time and the sequence of the events in an IoT service. Therefore, the SPN model can form the appropriate basis of a security assessment method. In this chapter, we propose an ADOxx-based modelling tool, the SAPnet, which includes the ontology toolkit for SPN modelling enriched with the tools that enable the necessary security assessment. SAPnet provides a modeler-friendly interface for the composition and updating of the security vulnerabilities list that affects the model, as well as fast and accurate results regarding the security metrics of the model, at any point of the design phase. The functionalities of SAPnet are tested in the security assessment of iBuC, an IoT-based novel transportation service. More specifically, we evaluate the security of iBuC’s fleet management in two customised real-life scenarios. We observed that SAPnet provides fast and accurate results and visual aids to the modeler during the design and security assessment process.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Garofalaki, Z., Kallergis, D., Katsikogiannis, G., Ellinas, I., Douligeris, C.: Transport services within the IoT ecosystem using localisation parameters. In: IEEE International Symposium on Signal Processing and Information Technology (ISSPIT), pp. 87–92. IEEE (2016)
Yu, Z., Zhou, L., Ma, Z., El-Meligy, M.A.: Trustworthiness modeling and analysis of cyber-physical manufacturing systems. IEEE Access 5, 26076–26085 (2017)
Karagiannis, D., Buchmann, R.A., Burzynski, P., Reimer, U., Walch, M.: Fundamental Conceptual Modeling Languages in OMiLAB, pp. 3–30. Springer (2016)
Karagiannis, D., Burzynski, P., Miron, E.-T.: The Imker Case Study - Practice with the Bee-Up Tool (2017). https://doi.org/10.5281/zenodo.345846
Garofalaki, Z., Kallergis, D.: On the security of an IoT-based intelligent transportation service. In: 4th South-East Europe Design Automation, Computer Engineering, Computer Networks and Social Media Conference (SEEDA-CECNSM), pp. 1–5. IEEE (2019)
Aazam, M., Fernando, X.: Fog assisted driver behavior monitoring for intelligent transportation system. In: IEEE 86th Vehicular Technology Conference (VTC-Fall), pp. 1–5. IEEE (2017)
Tilocca, P., Farris, S., Angius, S., Argiolas, R., Obino, A., Secchi, S., Mozzoni, S., Barabino, B.: Managing data and rethinking applications in an innovative mid-sized bus fleet. Transp. Res. Procedia 25, 1899–1919 (2017)
Kenyon, T.: Transportation Cyber-Physical Systems Security and Privacy. In: Transportation Cyber-Physical Systems, pp. 115–151. Elsevier (2018)
Höller, J., Tsiatsis, V., Mulligan, C., Karnouskos, S., Avesand, S., Boyle, D.: From Machine-to-Machine to the Internet of Things - Introduction to a New Age of Intelligence. Academic Press (2014)
MITRE Corporation: Common Vulnerabilities and Exposures: The Standard for Information Security Vulnerability Names (2007). https://cve.mitre.org
National Institute of Standards and Technology (NIST): National Vulnerability Database (NVD) (2019). https://nvd.nist.gov/
Khamparia, A., Pandey, B.: Threat driven modeling framework using petri nets for e-learning system. SpringerPlus 5(446), 1–16 (2016)
Rémy, G., Mehar, S., Sophy, T., Senouci, S.-M., Jan, F., Gourhant, Y.: Green fleet management architecture: Application to economic itinerary planning. In: IEEE Globecom Workshops, pp. 369–373. IEEE (2012)
Stellios, I., Kotzanikolaou, P., Psarakis, M., Alcaraz, C., Lopez, J.: A survey of IoT-enabled cyberattacks: Assessing attack paths to critical infrastructures and services. IEEE Commun. Surv. Tutorials 20(4), 3453–3495 (2018)
Mavropoulos, O., Mouratidis, H., Fish, A., Panaousis, E.: Apparatus: A framework for security analysis in internet of things systems. Ad Hoc Networks 92, 101743 (2019)
Mavropoulos, O., Mouratidis, H., Fish, A., Panaousis, E.: ASTo: A tool for security analysis of IoT systems. In: IEEE 15th International Conference on Software Engineering Research, Management and Applications (SERA), pp. 395–400. IEEE (2017)
Harrand, N., Fleurey, F., Morin, B., Husa, K.E.: ThingML: A language and code generation framework for heterogeneous targets. In: Proceedings of the ACM/IEEE 19th International Conference on Model Driven Engineering Languages and Systems, MODELS ’16, (New York, NY, USA), pp. 125–135. Association for Computing Machinery (2016)
Samandari, A., Ge, M., Hong, J.B., Kim, D.S.: Evaluating the security of IoT networks with mobile devices. In: IEEE 23rd Pacific Rim International Symposium on Dependable Computing (PRDC), pp. 171–180. IEEE (2018)
Enoch, S.Y., Hong, J.B., Ge, M., Kim, D.S.: Composite metrics for network security analysis. CoRR (2020)
Ahmadon, M.A.B., Yamaguchi, S., Saon, S., et al.: On service security analysis for event log of IoT system based on data Petri Net. In: IEEE International Symposium on Consumer Electronics (ISCE), pp. 4–8. IEEE (2017)
Yamaguchi, S., Tanaka, H.: Modeling of infection phenomenon and evaluation of mitigation methods for IoT malware mirai by agent-oriented Petri Net PN2. In: IEEE International Conference on Consumer Electronics-Taiwan (ICCE-TW), pp. 1–2. IEEE (2018)
Ahmadon, M.A.B., Yamaguchi, S.: On service orchestration of cyber physical system and its verification based on Petri Net. In: IEEE 5th Global Conference on Consumer Electronics, pp. 1–4. IEEE (2016)
Fortino, G., Russo, W., Savaglio, C., Viroli, M., Zhou, M.: Opportunistic cyberphysical services: A novel paradigm for the future Internet of Things. In: IEEE 4th World Forum on Internet of Things (WF-IoT), pp. 488–492. IEEE (2018)
Ping, P., Xuan, Z., Xinyue, M.: Research on security test for application software based on SPN. Procedia Engineering 174, 1140–1147 (2017)
Daszczuk, W.B., Mieścicki, J., Grabski, W.: Distributed algorithm for empty vehicles management in personal rapid transit (PRT) network. J. Adv. Transp. 50(4), 608–629 (2016)
Garofalaki, Z., Kallergis, D., Katsikogiannis, G., Ellinas, I., Douligeris, C.: A DSS model for IoT-based intelligent transportation systems. In IEEE International Symposium on Signal Processing and Information Technology (ISSPIT), pp. 276–281. IEEE (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Garofalaki, Z., Kallergis, D., Douligeris, C. (2022). A Security Assessment Platform for Stochastic Petri Net (SPN) Modelling in the Internet of Things (IoT) Ecosystem. In: Karagiannis, D., Lee, M., Hinkelmann, K., Utz, W. (eds) Domain-Specific Conceptual Modeling. Springer, Cham. https://doi.org/10.1007/978-3-030-93547-4_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-93547-4_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-93546-7
Online ISBN: 978-3-030-93547-4
eBook Packages: Computer ScienceComputer Science (R0)