GRAVITAS: Graphical Reticulated Attack Vectors for Internet of Things Aggregate Security

Abstract

Internet of Things (IoT) systems can consist of thousands of devices connected in a complex network topology. While significant efforts have been made to improve the security of individual devices, little attention has been paid to security at the aggregate level. GRAVITAS builds on a generic IoT/CPS security model to create a vulnerability assessment and optimization tool for virtually any real-world IoT/CPS system. The user first enters information about each device and the system’s network topology, which GRAVITAS then converts into a graph that contains all predicted “attack pathways” in the system. GRAVITAS subsequently optimizes the design of the system by adding defenses from a user-defined list, with the goal of reducing the system’s overall vulnerability while minimizing the total cost of the added defenses. This tool can easily be employed by governments, companies, and individuals to design secure IoT systems without the time and expense of traditional pen testing, providing a measure of efficiency and security in a world where IoT devices will soon be ubiquitous.