The heterogeneity of Internet of Things (IoT) systems has so far prevented the definition of adequate standards, hence making it difficult to compare meaningfully the security degree of diverse architectural choices. This task can be nonetheless achieved with formal methodologies. However, the dedicated IoT literature shows no evidence of a universal model allowing the security evaluation of any arbitrary system. Based on these considerations, we propose a new model that aims at being global and all-encompassing. Our model can be used to fairly analyse the security level of different IoT systems and compare them in a significant way. It is designed to be adaptive with realistic definitions of the adversary’s (1) actions of interacting with IoT systems; (2) capabilities of accessing the data generated by and exchanged in IoT systems with established rules; and (3) objectives of attacking IoT systems according to the four recognised security properties of confidentiality, integrity, availability and soundness. Such a design enables the straightforward characterization of new adversaries. It further helps in providing a fine-grained security evaluation of IoT systems by either accurately describing attacks against the analysed systems or formally proving their guaranteed level of security.

中文翻译：

---

迈向正式的物联网安全模型

迄今为止，物联网 (IoT) 系统的异构性阻碍了适当标准的定义，因此难以对不同架构选择的安全程度进行有意义的比较。尽管如此，这项任务可以通过形式化方法来实现。然而，专门的物联网文献没有显示出允许对任意系统进行安全评估的通用模型的证据。基于这些考虑，我们提出了一种旨在全球化和无所不包的新模式。我们的模型可用于公平分析不同物联网系统的安全级别，并以重要的方式进行比较。它旨在适应对手 (1) 与物联网系统交互的行为的现实定义；(2) 访问物联网系统生成和交换的数据的能力，有既定规则；(3) 根据机密性、完整性、可用性和健全性四个公认的安全属性攻击物联网系统的目标。这样的设计可以直接表征新的对手。通过准确描述对分析系统的攻击或正式证明其保证的安全级别，它进一步有助于提供物联网系统的细粒度安全评估。