AttackDefense Framework (ADF): Enhancing IoT Devices and Lifecycles Threat Modeling

Threat modeling (TM) is essential to manage, prevent, and fix security and privacy issues in our society. TM requires a data model to represent threats and tools to exploit such data. Current TM data models and tools have significant limitations preventing their usage in real-world scenarios. For ex...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	ACM transactions on embedded computing systems 2024-10
Hauptverfasser:	Sacchetti, Tommaso, Bognar, Marton, De Meulemeester, Jesse, Gierlichs, Benedikt, Piessens, Frank, Bezsmertnyi, Volodymyr, Molteni, Maria Chiara, Cristalli, Stefano, Gringiani, Arianna, Thomas, Olivier, Antonioli, Daniele
Format:	Artikel
Sprache:	eng
Schlagworte:	Computer Science Cryptography and Security Embedded systems security Hardware attacks and countermeasures Security and privacy Tamper-proof and tamper-resistant designs
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page
container_issue
container_start_page
container_title	ACM transactions on embedded computing systems
container_volume
creator	Sacchetti, Tommaso Bognar, Marton De Meulemeester, Jesse Gierlichs, Benedikt Piessens, Frank Bezsmertnyi, Volodymyr Molteni, Maria Chiara Cristalli, Stefano Gringiani, Arianna Thomas, Olivier Antonioli, Daniele
description	Threat modeling (TM) is essential to manage, prevent, and fix security and privacy issues in our society. TM requires a data model to represent threats and tools to exploit such data. Current TM data models and tools have significant limitations preventing their usage in real-world scenarios. For example, it is challenging to TM embedded devices with current data models and tools as they cannot model their hardware, firmware, and low-level software. Moreover, it is impossible to TM a device lifecycle or security-privacy tradeoffs as these data models and tools were developed for other use cases (e.g., software security or user privacy). We fill this relevant gap by presenting the AttackDefense Framework (ADF), which provides a novel data model and related tools to augment TM. ADF’s building block is the AD object that can be used to represent heterogeneous and complex threats. Moreover, ADF provides automations to process a collection of AD objects, including ways to create sets, maps, chains, trees, and wordclouds of AD objects. We present ADF, a toolkit implementing ADF composed of four modules (Catalog, Parse, Check, and Analyze). We confirm that the data model and tools provided by ADF are useful by running an extensive set of experiments while threat modeling a crypto wallet and its lifecycle. Our experiments involved seven expert groups from academia and industry, each using the ADF on an orthogonal threat class. The evaluation generated 175 high-quality ADs covering ISA/IEC 62433-4-1 SecDev Lifecycle, side-channels, fault injection, microarchitectural attacks, speculative execution, pre-silicon testing, invasive physical chip modifications, Bluetooth protocol and implementation threats, and FIDO2 authentication.
doi_str_mv	10.1145/3698396
format	Article
fullrecord	<record><control><sourceid>hal_cross</sourceid><recordid>TN_cdi_hal_primary_oai_HAL_hal_04735344v1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>oai_HAL_hal_04735344v1</sourcerecordid><originalsourceid>FETCH-LOGICAL-a1186-1fc84cd3034dae1afe7b698c8b6ce6cd4e9b1c549ae561ad81e32f52054079383</originalsourceid><addsrcrecordid>eNo9kM1PwzAMxSMEEmMg7pxygx0KyfLRhFu1DzapiAPjXHmpw8q6FiXT0P57Og128rP985P1CLnl7JFzqZ6EtkZYfUZ6XCmTCKnV-UELm1hm0ktyFeMXYzwdStUj79l2C249Ro9NRDoNsMGfNqzpQzaeDp7ppFlB46rmk87bBR3jrnIYKTQlzSuPbu_qrl2sAsKWvrYl1h16TS481BFv_mqffEwni9Esyd9e5qMsT4BzoxPunZGuFEzIEpCDx3TZ_e7MUjvUrpRol9wpaQGV5lAajmLo1ZApyVIrjOiTwdF3BXXxHaoNhH3RQlXMsrw4zJhMhRJS7njH3h9ZF9oYA_rTAWfFIbfiL7eOvDuS4DYn6H_5C9j4Zas</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>AttackDefense Framework (ADF): Enhancing IoT Devices and Lifecycles Threat Modeling</title><source>Access via ACM Digital Library</source><creator>Sacchetti, Tommaso ; Bognar, Marton ; De Meulemeester, Jesse ; Gierlichs, Benedikt ; Piessens, Frank ; Bezsmertnyi, Volodymyr ; Molteni, Maria Chiara ; Cristalli, Stefano ; Gringiani, Arianna ; Thomas, Olivier ; Antonioli, Daniele</creator><creatorcontrib>Sacchetti, Tommaso ; Bognar, Marton ; De Meulemeester, Jesse ; Gierlichs, Benedikt ; Piessens, Frank ; Bezsmertnyi, Volodymyr ; Molteni, Maria Chiara ; Cristalli, Stefano ; Gringiani, Arianna ; Thomas, Olivier ; Antonioli, Daniele</creatorcontrib><description>Threat modeling (TM) is essential to manage, prevent, and fix security and privacy issues in our society. TM requires a data model to represent threats and tools to exploit such data. Current TM data models and tools have significant limitations preventing their usage in real-world scenarios. For example, it is challenging to TM embedded devices with current data models and tools as they cannot model their hardware, firmware, and low-level software. Moreover, it is impossible to TM a device lifecycle or security-privacy tradeoffs as these data models and tools were developed for other use cases (e.g., software security or user privacy). We fill this relevant gap by presenting the AttackDefense Framework (ADF), which provides a novel data model and related tools to augment TM. ADF’s building block is the AD object that can be used to represent heterogeneous and complex threats. Moreover, ADF provides automations to process a collection of AD objects, including ways to create sets, maps, chains, trees, and wordclouds of AD objects. We present ADF, a toolkit implementing ADF composed of four modules (Catalog, Parse, Check, and Analyze). We confirm that the data model and tools provided by ADF are useful by running an extensive set of experiments while threat modeling a crypto wallet and its lifecycle. Our experiments involved seven expert groups from academia and industry, each using the ADF on an orthogonal threat class. The evaluation generated 175 high-quality ADs covering ISA/IEC 62433-4-1 SecDev Lifecycle, side-channels, fault injection, microarchitectural attacks, speculative execution, pre-silicon testing, invasive physical chip modifications, Bluetooth protocol and implementation threats, and FIDO2 authentication.</description><identifier>ISSN: 1539-9087</identifier><identifier>EISSN: 1558-3465</identifier><identifier>DOI: 10.1145/3698396</identifier><language>eng</language><publisher>New York, NY: ACM</publisher><subject>Computer Science ; Cryptography and Security ; Embedded systems security ; Hardware attacks and countermeasures ; Security and privacy ; Tamper-proof and tamper-resistant designs</subject><ispartof>ACM transactions on embedded computing systems, 2024-10</ispartof><rights>Copyright held by the owner/author(s). Publication rights licensed to ACM.</rights><rights>Distributed under a Creative Commons Attribution 4.0 International License</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-a1186-1fc84cd3034dae1afe7b698c8b6ce6cd4e9b1c549ae561ad81e32f52054079383</cites><orcidid>0009-0001-9722-9949 ; 0009-0001-6914-7428 ; 0000-0003-2901-2972 ; 0009-0009-6146-6465 ; 0009-0000-0508-1709 ; 0000-0001-5438-153X ; 0000-0002-8641-7549 ; 0000-0002-0124-4467 ; 0000-0003-2295-9979 ; 0000-0002-5866-1990 ; 0000-0002-9342-3920</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>230,314,780,784,885,27924,27925</link.rule.ids><backlink>$$Uhttps://hal.science/hal-04735344$$DView record in HAL$$Hfree_for_read</backlink></links><search><creatorcontrib>Sacchetti, Tommaso</creatorcontrib><creatorcontrib>Bognar, Marton</creatorcontrib><creatorcontrib>De Meulemeester, Jesse</creatorcontrib><creatorcontrib>Gierlichs, Benedikt</creatorcontrib><creatorcontrib>Piessens, Frank</creatorcontrib><creatorcontrib>Bezsmertnyi, Volodymyr</creatorcontrib><creatorcontrib>Molteni, Maria Chiara</creatorcontrib><creatorcontrib>Cristalli, Stefano</creatorcontrib><creatorcontrib>Gringiani, Arianna</creatorcontrib><creatorcontrib>Thomas, Olivier</creatorcontrib><creatorcontrib>Antonioli, Daniele</creatorcontrib><title>AttackDefense Framework (ADF): Enhancing IoT Devices and Lifecycles Threat Modeling</title><title>ACM transactions on embedded computing systems</title><addtitle>ACM TECS</addtitle><description>Threat modeling (TM) is essential to manage, prevent, and fix security and privacy issues in our society. TM requires a data model to represent threats and tools to exploit such data. Current TM data models and tools have significant limitations preventing their usage in real-world scenarios. For example, it is challenging to TM embedded devices with current data models and tools as they cannot model their hardware, firmware, and low-level software. Moreover, it is impossible to TM a device lifecycle or security-privacy tradeoffs as these data models and tools were developed for other use cases (e.g., software security or user privacy). We fill this relevant gap by presenting the AttackDefense Framework (ADF), which provides a novel data model and related tools to augment TM. ADF’s building block is the AD object that can be used to represent heterogeneous and complex threats. Moreover, ADF provides automations to process a collection of AD objects, including ways to create sets, maps, chains, trees, and wordclouds of AD objects. We present ADF, a toolkit implementing ADF composed of four modules (Catalog, Parse, Check, and Analyze). We confirm that the data model and tools provided by ADF are useful by running an extensive set of experiments while threat modeling a crypto wallet and its lifecycle. Our experiments involved seven expert groups from academia and industry, each using the ADF on an orthogonal threat class. The evaluation generated 175 high-quality ADs covering ISA/IEC 62433-4-1 SecDev Lifecycle, side-channels, fault injection, microarchitectural attacks, speculative execution, pre-silicon testing, invasive physical chip modifications, Bluetooth protocol and implementation threats, and FIDO2 authentication.</description><subject>Computer Science</subject><subject>Cryptography and Security</subject><subject>Embedded systems security</subject><subject>Hardware attacks and countermeasures</subject><subject>Security and privacy</subject><subject>Tamper-proof and tamper-resistant designs</subject><issn>1539-9087</issn><issn>1558-3465</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><recordid>eNo9kM1PwzAMxSMEEmMg7pxygx0KyfLRhFu1DzapiAPjXHmpw8q6FiXT0P57Og128rP985P1CLnl7JFzqZ6EtkZYfUZ6XCmTCKnV-UELm1hm0ktyFeMXYzwdStUj79l2C249Ro9NRDoNsMGfNqzpQzaeDp7ppFlB46rmk87bBR3jrnIYKTQlzSuPbu_qrl2sAsKWvrYl1h16TS481BFv_mqffEwni9Esyd9e5qMsT4BzoxPunZGuFEzIEpCDx3TZ_e7MUjvUrpRol9wpaQGV5lAajmLo1ZApyVIrjOiTwdF3BXXxHaoNhH3RQlXMsrw4zJhMhRJS7njH3h9ZF9oYA_rTAWfFIbfiL7eOvDuS4DYn6H_5C9j4Zas</recordid><startdate>20241008</startdate><enddate>20241008</enddate><creator>Sacchetti, Tommaso</creator><creator>Bognar, Marton</creator><creator>De Meulemeester, Jesse</creator><creator>Gierlichs, Benedikt</creator><creator>Piessens, Frank</creator><creator>Bezsmertnyi, Volodymyr</creator><creator>Molteni, Maria Chiara</creator><creator>Cristalli, Stefano</creator><creator>Gringiani, Arianna</creator><creator>Thomas, Olivier</creator><creator>Antonioli, Daniele</creator><general>ACM</general><scope>AAYXX</scope><scope>CITATION</scope><scope>1XC</scope><scope>VOOES</scope><orcidid>https://orcid.org/0009-0001-9722-9949</orcidid><orcidid>https://orcid.org/0009-0001-6914-7428</orcidid><orcidid>https://orcid.org/0000-0003-2901-2972</orcidid><orcidid>https://orcid.org/0009-0009-6146-6465</orcidid><orcidid>https://orcid.org/0009-0000-0508-1709</orcidid><orcidid>https://orcid.org/0000-0001-5438-153X</orcidid><orcidid>https://orcid.org/0000-0002-8641-7549</orcidid><orcidid>https://orcid.org/0000-0002-0124-4467</orcidid><orcidid>https://orcid.org/0000-0003-2295-9979</orcidid><orcidid>https://orcid.org/0000-0002-5866-1990</orcidid><orcidid>https://orcid.org/0000-0002-9342-3920</orcidid></search><sort><creationdate>20241008</creationdate><title>AttackDefense Framework (ADF): Enhancing IoT Devices and Lifecycles Threat Modeling</title><author>Sacchetti, Tommaso ; Bognar, Marton ; De Meulemeester, Jesse ; Gierlichs, Benedikt ; Piessens, Frank ; Bezsmertnyi, Volodymyr ; Molteni, Maria Chiara ; Cristalli, Stefano ; Gringiani, Arianna ; Thomas, Olivier ; Antonioli, Daniele</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a1186-1fc84cd3034dae1afe7b698c8b6ce6cd4e9b1c549ae561ad81e32f52054079383</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Computer Science</topic><topic>Cryptography and Security</topic><topic>Embedded systems security</topic><topic>Hardware attacks and countermeasures</topic><topic>Security and privacy</topic><topic>Tamper-proof and tamper-resistant designs</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Sacchetti, Tommaso</creatorcontrib><creatorcontrib>Bognar, Marton</creatorcontrib><creatorcontrib>De Meulemeester, Jesse</creatorcontrib><creatorcontrib>Gierlichs, Benedikt</creatorcontrib><creatorcontrib>Piessens, Frank</creatorcontrib><creatorcontrib>Bezsmertnyi, Volodymyr</creatorcontrib><creatorcontrib>Molteni, Maria Chiara</creatorcontrib><creatorcontrib>Cristalli, Stefano</creatorcontrib><creatorcontrib>Gringiani, Arianna</creatorcontrib><creatorcontrib>Thomas, Olivier</creatorcontrib><creatorcontrib>Antonioli, Daniele</creatorcontrib><collection>CrossRef</collection><collection>Hyper Article en Ligne (HAL)</collection><collection>Hyper Article en Ligne (HAL) (Open Access)</collection><jtitle>ACM transactions on embedded computing systems</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Sacchetti, Tommaso</au><au>Bognar, Marton</au><au>De Meulemeester, Jesse</au><au>Gierlichs, Benedikt</au><au>Piessens, Frank</au><au>Bezsmertnyi, Volodymyr</au><au>Molteni, Maria Chiara</au><au>Cristalli, Stefano</au><au>Gringiani, Arianna</au><au>Thomas, Olivier</au><au>Antonioli, Daniele</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>AttackDefense Framework (ADF): Enhancing IoT Devices and Lifecycles Threat Modeling</atitle><jtitle>ACM transactions on embedded computing systems</jtitle><stitle>ACM TECS</stitle><date>2024-10-08</date><risdate>2024</risdate><issn>1539-9087</issn><eissn>1558-3465</eissn><abstract>Threat modeling (TM) is essential to manage, prevent, and fix security and privacy issues in our society. TM requires a data model to represent threats and tools to exploit such data. Current TM data models and tools have significant limitations preventing their usage in real-world scenarios. For example, it is challenging to TM embedded devices with current data models and tools as they cannot model their hardware, firmware, and low-level software. Moreover, it is impossible to TM a device lifecycle or security-privacy tradeoffs as these data models and tools were developed for other use cases (e.g., software security or user privacy). We fill this relevant gap by presenting the AttackDefense Framework (ADF), which provides a novel data model and related tools to augment TM. ADF’s building block is the AD object that can be used to represent heterogeneous and complex threats. Moreover, ADF provides automations to process a collection of AD objects, including ways to create sets, maps, chains, trees, and wordclouds of AD objects. We present ADF, a toolkit implementing ADF composed of four modules (Catalog, Parse, Check, and Analyze). We confirm that the data model and tools provided by ADF are useful by running an extensive set of experiments while threat modeling a crypto wallet and its lifecycle. Our experiments involved seven expert groups from academia and industry, each using the ADF on an orthogonal threat class. The evaluation generated 175 high-quality ADs covering ISA/IEC 62433-4-1 SecDev Lifecycle, side-channels, fault injection, microarchitectural attacks, speculative execution, pre-silicon testing, invasive physical chip modifications, Bluetooth protocol and implementation threats, and FIDO2 authentication.</abstract><cop>New York, NY</cop><pub>ACM</pub><doi>10.1145/3698396</doi><orcidid>https://orcid.org/0009-0001-9722-9949</orcidid><orcidid>https://orcid.org/0009-0001-6914-7428</orcidid><orcidid>https://orcid.org/0000-0003-2901-2972</orcidid><orcidid>https://orcid.org/0009-0009-6146-6465</orcidid><orcidid>https://orcid.org/0009-0000-0508-1709</orcidid><orcidid>https://orcid.org/0000-0001-5438-153X</orcidid><orcidid>https://orcid.org/0000-0002-8641-7549</orcidid><orcidid>https://orcid.org/0000-0002-0124-4467</orcidid><orcidid>https://orcid.org/0000-0003-2295-9979</orcidid><orcidid>https://orcid.org/0000-0002-5866-1990</orcidid><orcidid>https://orcid.org/0000-0002-9342-3920</orcidid><oa>free_for_read</oa></addata></record>
fulltext	fulltext
identifier	ISSN: 1539-9087
ispartof	ACM transactions on embedded computing systems, 2024-10
issn	1539-9087 1558-3465
language	eng
recordid	cdi_hal_primary_oai_HAL_hal_04735344v1
source	Access via ACM Digital Library
subjects	Computer Science Cryptography and Security Embedded systems security Hardware attacks and countermeasures Security and privacy Tamper-proof and tamper-resistant designs
title	AttackDefense Framework (ADF): Enhancing IoT Devices and Lifecycles Threat Modeling
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-04T14%3A07%3A13IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-hal_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=AttackDefense%20Framework%20(ADF):%20Enhancing%20IoT%20Devices%20and%20Lifecycles%20Threat%20Modeling&rft.jtitle=ACM%20transactions%20on%20embedded%20computing%20systems&rft.au=Sacchetti,%20Tommaso&rft.date=2024-10-08&rft.issn=1539-9087&rft.eissn=1558-3465&rft_id=info:doi/10.1145/3698396&rft_dat=%3Chal_cross%3Eoai_HAL_hal_04735344v1%3C/hal_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true