A risk assessment methodology for the Internet of Things

Letting both data producers and data consumers be aware of the levels of security and privacy guaranteed within an IoT-based system represents an important goal to be pursued. In fact, the presence of multiple and heterogeneous data sources, as well as wireless communication standards, increases the risk of violation in IoT scenarios. Besides controlling the behavior of data sources and regulating the access to resources by the interested parties, it is also fundamental to investigate how trustworthy is the platform that manages the provided information and services. To this end, risk assessment techniques can be adopted, with the aim of evaluating the reliability and the robustness towards malicious attacks of the components belonging to the IoT platform. In this paper, a general-purpose methodology for assessing the risk is proposed to be applied to end-to-end systems. More in detail, the proposed approach takes into account both static and dynamic features/components of an IoT system in an objective manner, following the whole data life cycle. Such an aspect represents the main advantage of the presented solution, which is concretely demonstrated within the real prototype implementation of an existing IoT middleware, in order to prove its feasibility.