Towards Secure E-Services: Risk Analysis of a Home Automation Service
暂无分享,去创建一个
This paper deals with the assessment of threats and vulnerabilities of service software that targets the home automation market. Specifically, the investigated service is used as a low-cost alarm system that can notify its end users of alarms by way of Internet technology. The service uses a given e-home infrastructure, an Ericsson-developed commercial system that builds on the OSGi platform for electronic services for the home market. We use the methodology of fault-tree analysis to explore causes of events that could damage the user trust in the service. The purpose of this work is to raise the security awareness of the software engineers developing this service as well as identifying the amount of trust this particular service has to put on its underlying infrastructure that it is obliged to use. This work is the starting point for working on the improvement of security of this infrastructure.
[1] Peter Neumann,et al. Safeware: System Safety and Computers , 1995, SOEN.
[2] Neil R. Storey,et al. Safety-critical computer systems , 1996 .
[3] John A. McDermid,et al. Experience with the application of HAZOP to computer-based systems , 1995, COMPASS '95 Proceedings of the Tenth Annual Conference on Computer Assurance Systems Integrity, Software Safety and Process Security'.