Show simple item record

dc.contributor.authorParvanov, Krasen Anatoliev
dc.contributor.authorTsagkidis, Chrysostomos
dc.date.accessioned2022-07-06T08:17:15Z
dc.date.available2022-07-06T08:17:15Z
dc.date.issued2022-07-06
dc.identifier.urihttps://hdl.handle.net/2077/72699
dc.description.abstractThe cyber-security for Internet of Things (IoT) is of great importance for the future of the software industry, especially since the number of IoT devices rapidly increases. Therefore, it is important that practitioners consider threat modelling and vulnerability assessment in their software development process. The goal of this study is to inspect how threat modelling and vulnerability assessment is applied in applied in industry. The study is conducted as a single case study with an IoT company, in order to explore the aforementioned security aspects from the practitoner's perspective, by conducting interviews and by looking into the documentation of an IoT solution, as well as existing literature. Results indicate that although threat modelling constitutes a well researched area, tehre is evidence that it is not well integrated into the overall software development process. However, practitioners do perform threat identification analysis in their work without applying a particular methodology. In addition, a lack of a systemativ and structured process when performing vulnerability assessment activities was evident. Practitioners appear to evalute their design and architecture, but there is a need for a strategy for integration of security testing and penetration testing into the software development life cycle (SDLC). Our findings are summarised into recommendations to practitioners with a list of open source penetration testing tools, guidelines, and suggestions for conducting threat modelling and vulnerability assessment. Futhermore, our scientific contributions provide insights on the work process that is in place in the industry, in regards to threat modelling and vulnerability assesment.en_US
dc.language.isoengen_US
dc.subjectTerms Threat Modellingen_US
dc.subjectInternet of Thingsen_US
dc.subjectIoTen_US
dc.subjectVulnerabilitiesen_US
dc.subjectVulnerability assessmenten_US
dc.subjectPenetration testing toolsen_US
dc.titleThreat modelling and vulnerability assessment for IoT solutions: a case studyen_US
dc.title.alternativeThreat modelling and vulnerability assessment for IoT solutions: a case studyen_US
dc.typetext
dc.setspec.uppsokTechnology
dc.type.uppsokM2
dc.contributor.departmentGöteborgs universitet/Institutionen för data- och informationsteknikswe
dc.contributor.departmentUniversity of Gothenburg/Department of Computer Science and Engineeringeng
dc.type.degreeStudent essay


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record