Towards an Automated Exploration of Secure IoT/CPS Design-Variants

Activity: Talk or presentationTalk at conference or symposiumScience to science


The advent of the Internet of Things (IoT) and Cyber-Physical Systems (CPS) enabled a new class of connected, smart, and interactive devices. With their continuous connectivity and their access to valuable information in both the digital and physical world, they are highly attractive targets for security attackers. Integrating them into the industry and our daily used devices adds new attack surfaces. These potential threats call for special care of security vulnerabilities during the design of IoT devices and CPS. Due to their resource-constrained nature, designing secure IoT devices and CPS poses a complex task, considering the selectable hardware components and task implementation alternatives. Researchers proposed a range of automatic design tools to support system designers in their task of finding the optimal hardware selection and task implementations. Said tools offer a limited way of modeling attack scenarios for a system under design. The framework proposed in this paper aims at closing this gap, offering system designers a way to consider security attacks and security risks during the early phase of system design. It offers designers the possibility to model security constraints from the view of potential attackers, assessing the probability of successful security attacks and the resulting security risk, alike. We demonstrate the framework’s feasibility and performance by revisiting an industry partner’s potential system design of a future IoT device.
Period17 Sep 2020
Event title39th International Conference on Computer Safety, Reliability and Security: SAFECOMP 2020
Event typeConference
LocationLisbon, Virtual, PortugalShow on map
Degree of RecognitionInternational


  • Cyber security
  • Embedded system design
  • Secure CPS
  • Secure embedded consumer devices
  • Secure IoT systems

ASJC Scopus subject areas

  • Hardware and Architecture

Fields of Expertise

  • Information, Communication & Computing

Treatment code (Nähere Zuordnung)

  • Application