TY - GEN
T1 - Computing Security Scores for IoT Device Vulnerabilities
AU - Rizvi, Syed
AU - McIntyre, Nicholas
AU - Ryoo, Jungwoo
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/7
Y1 - 2019/7
N2 - In today's computing edge, security and data privacy is considered as one of the most critical aspects that hinders the wide spread adoption of large-scale Internet of Things (IoT) devices. Therefore, being able to understand the device-level vulnerabilities and determine the security level of a certain device is crucial for their acceptance. Motivated with this, we compute the security score for each common vulnerability of IoT devices within three primary IoT domains (i.e., healthcare, commerce, and home-automation) using the National Institute of Standards and Technology (NIST) Common Vulnerability Scoring System (CVSS) method. Specifically, IoT devices within these primary domains are isolated and analyzed for common vulnerabilities to generate quantitative and qualitative scores using the CVSS exploitability, impact, and scope metrics. The finding of this research work will empower different stakeholders (e.g., risk analysts, IT departments, or any individual user) with the ability to understand the security risks associated with the IoT devices.
AB - In today's computing edge, security and data privacy is considered as one of the most critical aspects that hinders the wide spread adoption of large-scale Internet of Things (IoT) devices. Therefore, being able to understand the device-level vulnerabilities and determine the security level of a certain device is crucial for their acceptance. Motivated with this, we compute the security score for each common vulnerability of IoT devices within three primary IoT domains (i.e., healthcare, commerce, and home-automation) using the National Institute of Standards and Technology (NIST) Common Vulnerability Scoring System (CVSS) method. Specifically, IoT devices within these primary domains are isolated and analyzed for common vulnerabilities to generate quantitative and qualitative scores using the CVSS exploitability, impact, and scope metrics. The finding of this research work will empower different stakeholders (e.g., risk analysts, IT departments, or any individual user) with the ability to understand the security risks associated with the IoT devices.
UR - http://www.scopus.com/inward/record.url?scp=85101134272&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85101134272&partnerID=8YFLogxK
U2 - 10.1109/ICSSA48308.2019.00014
DO - 10.1109/ICSSA48308.2019.00014
M3 - Conference contribution
AN - SCOPUS:85101134272
T3 - Proceedings - 2019 International Conference on Software Security and Assurance, ICSSA 2019
SP - 52
EP - 59
BT - Proceedings - 2019 International Conference on Software Security and Assurance, ICSSA 2019
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 5th International Conference on Software Security and Assurance, ICSSA 2019
Y2 - 25 July 2019 through 26 July 2019
ER -