Threat Modelling and Vulnerability Assessment for IoT Solutions: A Case Study
Abstract
Security in Internet of Things (IoT) systems is increasingly critical due to their growing adoption and complexity. This study investigates how threat modelling and vulnerability assessment are applied in industrial IoT development. We conducted a single-case study with an IoT consultancy company, combining semi-structured interviews with practitioners and analysis of development artefacts from a real-world IoT project. Our findings show that while threat identification is practiced, formal methodologies like STRIDE are only used selectively, and integration into the development process is informal and ad hoc. Vulnerability assessment also lacks systematic approaches for discovery, classification, and testing, often relying on expert judgment and external tools. We identify key attack surfaces and common security weaknesses, and highlight gaps in documentation and testing integration. The study contributes practical recommendations for improving security practices and provides a curated list of open-source penetration testing tools. These insights support more structured and proactive security strategies in IoT development.
Keywords:
Vulnerability Assessment, Threat Modelling, Penetration Testing Tools
References
[n. d.]. ISO/IEC FDIS 27400. [link] accessed 2022-03-08.
[n. d.]. OWASP Internet of Things Project - OWASP. Wiki.owasp.org [Online]. [link] accessed 2022-02-26.
2009 [Online]. The STRIDE Threat Model. Docs.microsoft.com [Online]. [link] accessed 2022-02-26.
2022. CVSS v3.1 Specification Document. FIRST — Forum of Incident Response and Security Teams. [link] accessed 2022-03-08.
2022. Enisa.europa.eu. [link] accessed 2022-03-08.
2022. Software Assurance Maturity Model (SAMM). owasp.org. [link] accessed 2022-03-08.
Palak Aar and Aman Sharma. 2017. Analysis of Penetration Testing Tools. International Journal of Advanced Research in Computer Science and Software Engineering 7 (10 2017), 36. DOI: 10.23956/ijarcsse.v7i9.408
Ahmad Salah Al-Ahmad, Hasan Kahtan, Fadhl Hujainah, and Hamid A. Jalab. 2019. Systematic Literature Review on Penetration Testing for Mobile Cloud Computing Applications. IEEE Access 7 (2019), 173524–173540. DOI: 10.1109/ACCESS.2019.2956770
Christopher Alberts and Audrey Dorofee. 2002. Managing Information Security Risks: The OCTAVE Approach. Addison-Wesley Professional.
Pooja Anand, Yashwant Singh, Arvind Selwal, Mamoun Alazab, Sudeep Tanwar, and Neeraj Kumar. 2020. IoT VulnerabilityAssessment for Sustainable Computing: Threats, Current Solutions, and Open Challenges. IEEE Access 8 (09 2020). DOI: 10.1109/ACCESS.2020.3022842
Pooja Anand, Yashwant Singh, Arvind Selwal, Pradeep Kumar Singh, Raluca Andreea Felseghi, and Maria Simona Raboaca. 2020. IoVT: Internet of vulnerable things? threat architecture, attack surfaces, and vulnerabilities in internet of things and its applications towards smart grids. Energies 13 (2020). Issue 18. DOI: 10.3390/en13184813
Peter Aufner. 2020. The IoT security gap: a look down into the valley between threat models and their implementation. International Journal of Information Security 19 (02 2020). DOI: 10.1007/s10207-019-00445-y
Ahmed Banafa. 2016 [Online]. IoT Standardization and Implementation Challenges. IEEE Internet of Things. [link]
A.O. Baquero, Andrew Kornecki, and Janusz Zalewski. 2015. Threat modeling for aviation computer security. CrossTalk 28 (01 2015), 21–27.
Virginia Braun, Victoria Clarke, Nikki Hayfield, and G. Terry. 2019. Thematic analysis. Springer, Singapore, 843–860. DOI: 10.1007/978-981-10-5251-4_103
Joseph Bugeja, Bahtijar Vogel, Andreas Jacobsson, and Rimpu Varshney. 2019. IoTSM: An End-to-end Security Model for IoT Ecosystems, In 2019 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops). 2019 IEEE International Conference on Pervasive Computing and Communications Workshops, PerCom Workshops 2019. DOI: 10.1109/PERCOMW.2019.8730672
F. den Braber, I. Hogganvik, M. S. Lund, K. Stølen, and F. Vraalsen. 2007. Modelbased security analysis in seven steps - A guided tour to the CORAS method. BT Technology Journal 25 (2007). Issue 1. DOI: 10.1007/s10550-007-0013-9
Danny Dhillon. 2011. Developer-driven threat modeling: Lessons learned in the trenches. IEEE Security and Privacy 9 (2011). Issue 4. DOI: 10.1109/MSP.2011.47
Amir Djenna, S. Harous, and Djamel Eddine Saidouni. 2021. Internet of Things Meet Internet of Threats: New Concern Cyber Security Issues of Critical Cyber Infrastructure. Applied Sciences 11 (05 2021), 4580. DOI: 10.3390/app11104580
Pietro Ferrara, Amit Kr Mandal, Agostino Cortesi, and Fausto Spoto. 2021. Static analysis for discovering IoT vulnerabilities. International Journal on Software Tools for Technology Transfer 23 (2 2021), 71–88. Issue 1. DOI: 10.1007/s10009-020-00592-x
Massimo Ficco, Daniele Granata, Massimiliano Rak, and Giovanni Salzillo. 2021. Threat Modeling of Edge-Based IoT Applications. In International Conference on the Quality of Information and Communications Technology. Springer, 282–296.
Mario FRUSTACI, Pace Pasquale, Gianluca Aloi, and Giancarlo Fortino. 2017. Evaluating Critical Security Issues of the IoT World: Present and Future Challenges. IEEE Internet of Things Journal PP (10 2017), 1–1. DOI: 10.1109/JIOT.2017.2767291
Maxime Frydman, Guifré Ruiz, Elisa Heymann, Eduardo César, and Barton P. Miller. 2014. Automating risk analysis of software design models. ScientificWorld Journal 2014 (2014). DOI: 10.1155/2014/805856
Gemini George and Sabu Thampi. 2019. Vulnerability-based risk assessment and mitigation strategies for edge devices in the Internet of Things. Pervasive and Mobile Computing 59 (08 2019), 101068. DOI: 10.1016/j.pmcj.2019.101068
Aaron Guzman and Aditya Gupta. 2017. IoT Penetration Testing Cookbook: Identify vulnerabilities and secure your smart devices. Packt Publishing Ltd.
M. Howard and D. LeBlanc. 2002. Writing Secure Code (second ed.). Microsoft Press.
Xingbin Jiang, Michele Lora, and Sudipta Chattopadhyay. 2020. An Experimental Analysis of Security Vulnerabilities in Industrial IoT Devices. ACM Transactions on Internet Technology (TOIT) 20, 2, Article 16 (05 2020), 1–24 pages. DOI: 10.1145/ 3379542
Nickson Karie, Nor Sahri, and Paul Haskell-Dowland. 2020. IoT Threat Detection Advances, Challenges and Future Directions. In 2020 Workshop on Emerging Technologies for Security in IoT (ETSecIoT). 22–29. DOI: 10.1109/ETSecIoT50046.2020.00009
Roger Kwon, Travis Ashley, Jerry Castleberry, Penny McKenzie, and Sri Nikhil Gupta Gourisetti. 2020. Cyber Threat Dictionary Using MITRE ATT&CK Matrix and NIST Cybersecurity Framework Mapping. In 2020 Resilience Week (RWS). 106–112. DOI: 10.1109/RWS50334.2020.9241271
Gurjan Lally and Daniele Sgandurra. 2018. Towards a framework for testing the security of IoT devices consistently, In International workshop on emerging technologies for authorization and authentication. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 11263 LNCS, 88–102. DOI: 10.1007/978-3-030-04372-8_8
Xing Liu, Cheng Qian, William Grant Hatcher, Hansong Xu, Weixian Liao, and Wei Yu. 2019. Secure Internet of Things (IoT)-Based Smart-World Critical Infrastructures: Survey, Case Study and Research Opportunities. IEEE Access 7 (2019). DOI: 10.1109/ACCESS.2019.2920763
Mobasshir Mahbub. 2020. Progressive researches on IoT security: An exhaustive analysis from the perspective of protocols, vulnerabilities, and preemptive architectonics. Journal of Network and Computer Applications 168 (2020). DOI: 10.1016/j.jnca.2020.102761
Yasamin Mahmoodi, Sebastian Reiter, Alexander Viehl, Oliver Bringmann, and Wolfgang Rosenstiel. 2018. Attack surface modeling and assessment for penetration testing of IoT system designs, In 2018 21st Euromicro Conference on Digital System Design (DSD). Proceedings - 21st Euromicro Conference on Digital System Design, DSD 2018. DOI: 10.1109/DSD.2018.00043
Sibin Mohan, Mikael Asplund, Gedare Bloom, Ahmad-Reza Sadeghi, Ahmad Ibrahim, Negin Salajageh, Paul Griffioen, and Bruno Sinipoli. 2018. Special Session: The Future of IoT Security. In 2018 International Conference on Embedded Software (EMSOFT). 1–7. DOI: 10.1109/EMSOFT.2018.8537206
Tanusan Rajmohan, Phu Nguyen, and Nicolas Ferry. 2022. A decade of research on patterns and architectures for IoT security. Cybersecurity 5 (01 2022). DOI: 10.1186/s42400-021-00104-7
Syed Rizvi, R. J. Orr, Austin Cox, Prithvee Ashokkumar, and Mohammad R. Rizvi. 2020. Identifying the attack surface for IoT network. Internet of Things (Netherlands) 9 (2020). DOI: 10.1016/j.iot.2020.100162
Per Runeson and Martin Höst. 2009. Guidelines for conducting and reporting case study research in software engineering. Empirical software engineering 14, 2 (2009), 131–164.
Amar Seeam, Ochanya S. Ogbeh, Shivanand Guness, and Xavier Bellekens. 2019. Threat Modeling and Security Issues for the Internet of Things. In 2019 Conference on Next Generation Computing Applications (NextComp). 1–8. DOI: 10.1109/NEXTCOMP.2019.8883642
Astha Srivastava, Shashank Gupta, Megha Quamara, Pooja Chaudhary, and Vidyadhar Aski. 2020. Future IoT-Enabled Threats and Vulnerabilities: State of the Art, Challenges and Future Prospects. International Journal of Communication Systems 33 (08 2020). DOI: 10.1002/dac.4443
Christoph Treude and Margaret-Anne Storey. 2011. Effective Communication of Software Development Knowledge through Community Portals. In Proceedings of the 19th ACM SIGSOFT Symposium and the 13th European Conference on Foundations of Software Engineering (Szeged, Hungary) (ESEC/FSE ’11). Association for Computing Machinery, NewYork, NY, USA, 91–101. DOI: 10.1145/2025113.2025129
Katja Tuma, Gul Calikli, and R. Scandariato. 2018. Threat Analysis of Software Systems: A Systematic Literature Review. Journal of Systems and Software 144 (06 2018). DOI: 10.1016/j.jss.2018.06.073
T. Ucedavélez and M. M. Morana. 2015. Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis. John Wiley & Sons.
Prashant Vats, Manju Mandot, and Anjana Gosain. 2020. A Comprehensive Literature Review of Penetration Testing & Its Applications, In 2020 8th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO). ICRITO 2020 - IEEE 8th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions), 674–680. DOI: 10.1109/ICRITO48877.2020.9197961
Vasaka Visoottiviseth, Phuripat Akarasiriwong, Siravitch Chaiyasart, and Siravit Chotivatunyu. 2017. PENTOS: Penetration testing tool for Internet of Thing devices. In TENCON 2017 - 2017 IEEE Region 10 Conference. 2279–2284. DOI: 10.1109/TENCON.2017.8228241
Ryan Williams, Emma McMahon, Sagar Samtani, and Mark Patton. 2017. Identifying vulnerabilities of consumer Internet of Things (IoT) devices: A scalable approach. In 2017 IEEE International Conference on Intelligence and Security Informatics (ISI). 179–181. DOI: 10.1109/ISI.2017.8004904
Wenjun Xiong and Lagerström Robert. 2019. Threat Modeling – A Systematic Literature Review. Computers & Security 84 (03 2019), 53–69. DOI: 10.1016/j.cose.2019.03.010
Yuchen Yang, Longfei Wu, Guisheng Yin, Lijie Li, and Hongbin Zhao. 2017. A Survey on Security and Privacy Issues in Internet-of-Things. IEEE Internet of Things Journal 4 (2017). Issue 5. DOI: 10.1109/JIOT.2017.2694844
Omerah Yousuf and Roohie Naaz Mir. 2019. A survey on the internet of things security: State-of-art, architecture, issues and countermeasures. Information & Computer Security (2019).
Nan Zhang, Soteris Demetriou, Xianghang Mi, Wenrui Diao, Kan Yuan, Peiyuan Zong, Feng Qian, Xiao Feng Wang, Kai Chen, Yuan Tian, et al. 2017. Understanding iot security through the data crystal ball: Where we are now and where weare going to be. Scanning Electron Microsc Meet at (2017).
[n. d.]. OWASP Internet of Things Project - OWASP. Wiki.owasp.org [Online]. [link] accessed 2022-02-26.
2009 [Online]. The STRIDE Threat Model. Docs.microsoft.com [Online]. [link] accessed 2022-02-26.
2022. CVSS v3.1 Specification Document. FIRST — Forum of Incident Response and Security Teams. [link] accessed 2022-03-08.
2022. Enisa.europa.eu. [link] accessed 2022-03-08.
2022. Software Assurance Maturity Model (SAMM). owasp.org. [link] accessed 2022-03-08.
Palak Aar and Aman Sharma. 2017. Analysis of Penetration Testing Tools. International Journal of Advanced Research in Computer Science and Software Engineering 7 (10 2017), 36. DOI: 10.23956/ijarcsse.v7i9.408
Ahmad Salah Al-Ahmad, Hasan Kahtan, Fadhl Hujainah, and Hamid A. Jalab. 2019. Systematic Literature Review on Penetration Testing for Mobile Cloud Computing Applications. IEEE Access 7 (2019), 173524–173540. DOI: 10.1109/ACCESS.2019.2956770
Christopher Alberts and Audrey Dorofee. 2002. Managing Information Security Risks: The OCTAVE Approach. Addison-Wesley Professional.
Pooja Anand, Yashwant Singh, Arvind Selwal, Mamoun Alazab, Sudeep Tanwar, and Neeraj Kumar. 2020. IoT VulnerabilityAssessment for Sustainable Computing: Threats, Current Solutions, and Open Challenges. IEEE Access 8 (09 2020). DOI: 10.1109/ACCESS.2020.3022842
Pooja Anand, Yashwant Singh, Arvind Selwal, Pradeep Kumar Singh, Raluca Andreea Felseghi, and Maria Simona Raboaca. 2020. IoVT: Internet of vulnerable things? threat architecture, attack surfaces, and vulnerabilities in internet of things and its applications towards smart grids. Energies 13 (2020). Issue 18. DOI: 10.3390/en13184813
Peter Aufner. 2020. The IoT security gap: a look down into the valley between threat models and their implementation. International Journal of Information Security 19 (02 2020). DOI: 10.1007/s10207-019-00445-y
Ahmed Banafa. 2016 [Online]. IoT Standardization and Implementation Challenges. IEEE Internet of Things. [link]
A.O. Baquero, Andrew Kornecki, and Janusz Zalewski. 2015. Threat modeling for aviation computer security. CrossTalk 28 (01 2015), 21–27.
Virginia Braun, Victoria Clarke, Nikki Hayfield, and G. Terry. 2019. Thematic analysis. Springer, Singapore, 843–860. DOI: 10.1007/978-981-10-5251-4_103
Joseph Bugeja, Bahtijar Vogel, Andreas Jacobsson, and Rimpu Varshney. 2019. IoTSM: An End-to-end Security Model for IoT Ecosystems, In 2019 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops). 2019 IEEE International Conference on Pervasive Computing and Communications Workshops, PerCom Workshops 2019. DOI: 10.1109/PERCOMW.2019.8730672
F. den Braber, I. Hogganvik, M. S. Lund, K. Stølen, and F. Vraalsen. 2007. Modelbased security analysis in seven steps - A guided tour to the CORAS method. BT Technology Journal 25 (2007). Issue 1. DOI: 10.1007/s10550-007-0013-9
Danny Dhillon. 2011. Developer-driven threat modeling: Lessons learned in the trenches. IEEE Security and Privacy 9 (2011). Issue 4. DOI: 10.1109/MSP.2011.47
Amir Djenna, S. Harous, and Djamel Eddine Saidouni. 2021. Internet of Things Meet Internet of Threats: New Concern Cyber Security Issues of Critical Cyber Infrastructure. Applied Sciences 11 (05 2021), 4580. DOI: 10.3390/app11104580
Pietro Ferrara, Amit Kr Mandal, Agostino Cortesi, and Fausto Spoto. 2021. Static analysis for discovering IoT vulnerabilities. International Journal on Software Tools for Technology Transfer 23 (2 2021), 71–88. Issue 1. DOI: 10.1007/s10009-020-00592-x
Massimo Ficco, Daniele Granata, Massimiliano Rak, and Giovanni Salzillo. 2021. Threat Modeling of Edge-Based IoT Applications. In International Conference on the Quality of Information and Communications Technology. Springer, 282–296.
Mario FRUSTACI, Pace Pasquale, Gianluca Aloi, and Giancarlo Fortino. 2017. Evaluating Critical Security Issues of the IoT World: Present and Future Challenges. IEEE Internet of Things Journal PP (10 2017), 1–1. DOI: 10.1109/JIOT.2017.2767291
Maxime Frydman, Guifré Ruiz, Elisa Heymann, Eduardo César, and Barton P. Miller. 2014. Automating risk analysis of software design models. ScientificWorld Journal 2014 (2014). DOI: 10.1155/2014/805856
Gemini George and Sabu Thampi. 2019. Vulnerability-based risk assessment and mitigation strategies for edge devices in the Internet of Things. Pervasive and Mobile Computing 59 (08 2019), 101068. DOI: 10.1016/j.pmcj.2019.101068
Aaron Guzman and Aditya Gupta. 2017. IoT Penetration Testing Cookbook: Identify vulnerabilities and secure your smart devices. Packt Publishing Ltd.
M. Howard and D. LeBlanc. 2002. Writing Secure Code (second ed.). Microsoft Press.
Xingbin Jiang, Michele Lora, and Sudipta Chattopadhyay. 2020. An Experimental Analysis of Security Vulnerabilities in Industrial IoT Devices. ACM Transactions on Internet Technology (TOIT) 20, 2, Article 16 (05 2020), 1–24 pages. DOI: 10.1145/ 3379542
Nickson Karie, Nor Sahri, and Paul Haskell-Dowland. 2020. IoT Threat Detection Advances, Challenges and Future Directions. In 2020 Workshop on Emerging Technologies for Security in IoT (ETSecIoT). 22–29. DOI: 10.1109/ETSecIoT50046.2020.00009
Roger Kwon, Travis Ashley, Jerry Castleberry, Penny McKenzie, and Sri Nikhil Gupta Gourisetti. 2020. Cyber Threat Dictionary Using MITRE ATT&CK Matrix and NIST Cybersecurity Framework Mapping. In 2020 Resilience Week (RWS). 106–112. DOI: 10.1109/RWS50334.2020.9241271
Gurjan Lally and Daniele Sgandurra. 2018. Towards a framework for testing the security of IoT devices consistently, In International workshop on emerging technologies for authorization and authentication. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 11263 LNCS, 88–102. DOI: 10.1007/978-3-030-04372-8_8
Xing Liu, Cheng Qian, William Grant Hatcher, Hansong Xu, Weixian Liao, and Wei Yu. 2019. Secure Internet of Things (IoT)-Based Smart-World Critical Infrastructures: Survey, Case Study and Research Opportunities. IEEE Access 7 (2019). DOI: 10.1109/ACCESS.2019.2920763
Mobasshir Mahbub. 2020. Progressive researches on IoT security: An exhaustive analysis from the perspective of protocols, vulnerabilities, and preemptive architectonics. Journal of Network and Computer Applications 168 (2020). DOI: 10.1016/j.jnca.2020.102761
Yasamin Mahmoodi, Sebastian Reiter, Alexander Viehl, Oliver Bringmann, and Wolfgang Rosenstiel. 2018. Attack surface modeling and assessment for penetration testing of IoT system designs, In 2018 21st Euromicro Conference on Digital System Design (DSD). Proceedings - 21st Euromicro Conference on Digital System Design, DSD 2018. DOI: 10.1109/DSD.2018.00043
Sibin Mohan, Mikael Asplund, Gedare Bloom, Ahmad-Reza Sadeghi, Ahmad Ibrahim, Negin Salajageh, Paul Griffioen, and Bruno Sinipoli. 2018. Special Session: The Future of IoT Security. In 2018 International Conference on Embedded Software (EMSOFT). 1–7. DOI: 10.1109/EMSOFT.2018.8537206
Tanusan Rajmohan, Phu Nguyen, and Nicolas Ferry. 2022. A decade of research on patterns and architectures for IoT security. Cybersecurity 5 (01 2022). DOI: 10.1186/s42400-021-00104-7
Syed Rizvi, R. J. Orr, Austin Cox, Prithvee Ashokkumar, and Mohammad R. Rizvi. 2020. Identifying the attack surface for IoT network. Internet of Things (Netherlands) 9 (2020). DOI: 10.1016/j.iot.2020.100162
Per Runeson and Martin Höst. 2009. Guidelines for conducting and reporting case study research in software engineering. Empirical software engineering 14, 2 (2009), 131–164.
Amar Seeam, Ochanya S. Ogbeh, Shivanand Guness, and Xavier Bellekens. 2019. Threat Modeling and Security Issues for the Internet of Things. In 2019 Conference on Next Generation Computing Applications (NextComp). 1–8. DOI: 10.1109/NEXTCOMP.2019.8883642
Astha Srivastava, Shashank Gupta, Megha Quamara, Pooja Chaudhary, and Vidyadhar Aski. 2020. Future IoT-Enabled Threats and Vulnerabilities: State of the Art, Challenges and Future Prospects. International Journal of Communication Systems 33 (08 2020). DOI: 10.1002/dac.4443
Christoph Treude and Margaret-Anne Storey. 2011. Effective Communication of Software Development Knowledge through Community Portals. In Proceedings of the 19th ACM SIGSOFT Symposium and the 13th European Conference on Foundations of Software Engineering (Szeged, Hungary) (ESEC/FSE ’11). Association for Computing Machinery, NewYork, NY, USA, 91–101. DOI: 10.1145/2025113.2025129
Katja Tuma, Gul Calikli, and R. Scandariato. 2018. Threat Analysis of Software Systems: A Systematic Literature Review. Journal of Systems and Software 144 (06 2018). DOI: 10.1016/j.jss.2018.06.073
T. Ucedavélez and M. M. Morana. 2015. Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis. John Wiley & Sons.
Prashant Vats, Manju Mandot, and Anjana Gosain. 2020. A Comprehensive Literature Review of Penetration Testing & Its Applications, In 2020 8th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO). ICRITO 2020 - IEEE 8th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions), 674–680. DOI: 10.1109/ICRITO48877.2020.9197961
Vasaka Visoottiviseth, Phuripat Akarasiriwong, Siravitch Chaiyasart, and Siravit Chotivatunyu. 2017. PENTOS: Penetration testing tool for Internet of Thing devices. In TENCON 2017 - 2017 IEEE Region 10 Conference. 2279–2284. DOI: 10.1109/TENCON.2017.8228241
Ryan Williams, Emma McMahon, Sagar Samtani, and Mark Patton. 2017. Identifying vulnerabilities of consumer Internet of Things (IoT) devices: A scalable approach. In 2017 IEEE International Conference on Intelligence and Security Informatics (ISI). 179–181. DOI: 10.1109/ISI.2017.8004904
Wenjun Xiong and Lagerström Robert. 2019. Threat Modeling – A Systematic Literature Review. Computers & Security 84 (03 2019), 53–69. DOI: 10.1016/j.cose.2019.03.010
Yuchen Yang, Longfei Wu, Guisheng Yin, Lijie Li, and Hongbin Zhao. 2017. A Survey on Security and Privacy Issues in Internet-of-Things. IEEE Internet of Things Journal 4 (2017). Issue 5. DOI: 10.1109/JIOT.2017.2694844
Omerah Yousuf and Roohie Naaz Mir. 2019. A survey on the internet of things security: State-of-art, architecture, issues and countermeasures. Information & Computer Security (2019).
Nan Zhang, Soteris Demetriou, Xianghang Mi, Wenrui Diao, Kan Yuan, Peiyuan Zong, Feng Qian, Xiao Feng Wang, Kai Chen, Yuan Tian, et al. 2017. Understanding iot security through the data crystal ball: Where we are now and where weare going to be. Scanning Electron Microsc Meet at (2017).
Published
2025-09-22
How to Cite
PARVANOV, Krasen Anatoliev; TSAGKIDIS, Chrysostomos; OLIVEIRA NETO, Francisco Gomes de.
Threat Modelling and Vulnerability Assessment for IoT Solutions: A Case Study. In: BRAZILIAN SYMPOSIUM ON SOFTWARE ENGINEERING (SBES), 39. , 2025, Recife/PE.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 160-170.
ISSN 2833-0633.
DOI: https://doi.org/10.5753/sbes.2025.9885.
