| Popis: |
We propose in this chapter a Model-based Security Toolkit (SecKit) and methodology to address the control and protection of user data in the deployment of the Internet of Things (IoT). This toolkit takes a more general approach for security engineering including risk analysis, establishment of aspect-specific trust relationships, and enforceable security policies. We describe the integrated metamodels used in the toolkit and the accompanying security engineering methodology for IoT systems using these metamodels. We validate our approach through a case study of a realworld supply chain scenario where sensors are used to monitor the temperature and control environmental conditions of the transported goods. The toolkit is applied in the design of this case study, analysis of risks, and specification of security policy rules following the steps of our methodology. Finally, we also show how the specified security policies are enforced using technology-specific policy enforcement points. |
