The complexity of ensuring IoT security is that the system is heterogeneous, consists of many assets on each of the architecture layer. Many experts in IoT security focus on threat analysis and risk assessments to estimate the impact if a security incident or a breach occurs.
In order to provide the general security requirements for the IoT system using threat risk modelling, the first thing to do is to identify the main security stakeholders, security assets, possible attacks, and, finally, threats for the IoT system. Using this general IoT threat model as a basis you can create a specific set of security objectives for a specific IoT application domain.
In this paper we will try to highlight the assets that necessary for further analysis of the treat model for Internet of Things. We will also specify the stakeholders who are the connecting link between IoT devices, services and customers, as well as link between transfer and displaying the client commands onto smart things.
For describing the model of component interaction in IoT system we will use the avatar-oriented approach since it allows us to merge objects into a system of objects. IoT Service has a more complex structure than a single entity. The application can use several services to display all information to end user, can aggregate data from several devices.
To manipulate data objects the avatar representation approach is most appropriate, then you can easily connect or disconnect microservices, data from things, visual representation of data.
2018. p. 46-49
IoT, Avatar, Thing instance Threat assessment Security risk assessment.
14th Swedish National Computer Networking Workshop (SNCNW 2018), Karlskrona