ABSTRACT
As more and more security tools provide organizations with cybersecurity capabilities, security analysts are overwhelmed by security events. Resolving these events is challenging due to extensive manual processes, limited financial resources, and human errors. Security Orchestration, Automation, and Response (SOAR) is an established approach to manage security tools and assets. However, SOAR platforms typically integrate traditional IT systems only. Additional considerations are required to deal with the Internet of Things (IoT), its multiple devices and complex networks. Therefore, we adapt SOAR to IoT. We first aggregate existing research and information on SOAR and SOAR platforms. We envision the SOAR4IoT framework, making IoT assets manageable for SOAR via middleware. We implement a prototypical digital twin-based SOAR application integrating IoT assets and security tools to validate our framework. The experimental setup includes two playbooks coping with Mirai and Sybil attacks. Results show feasibility as our SOAR application enables securing IoT assets with digital twins.
- Ala I. Al-Fuqaha, Mohsen Guizani, Mehdi Mohammadi, Mohammed Aledhari, and Moussa Ayyash. 2015. Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications. IEEE Communications Surveys & Tutorials 17, 4 (2015), 2347–2376. https://doi.org/10.1109/COMST.2015.2444095Google ScholarDigital Library
- Jan Bauwens, Peter Ruckebusch, Spilios Giannoulis, Ingrid Moerman, and Eli De Poorter. 2020. Over-the-Air Software Updates in the Internet of Things: An Overview of Key Principles. IEEE Communications Magazine 58, 2 (2020), 35–41. https://doi.org/10.1109/MCOM.001.1900125Google ScholarCross Ref
- Stefan Boschert, Christoph Heinrich, and R. Rosen. 2018. Next Generation Digital Twin. In Proceedings of the 12th. International Symposium on Tools and Methods of Competitive Engineering (TMCE’18) (Las Palmas de Gran Canaria, Spain), I. Horvath, J.P. Suarez Riviero, and P.M. Hernandez Castellano (Eds.). 209–218.Google Scholar
- Ismail Butun, Patrik Österberg, and Houbing Song. 2020. Security of the Internet of Things: Vulnerabilities, Attacks, and Countermeasures. IEEE Communications Surveys & Tutorials 22, 1 (2020), 616–644. https://doi.org/10.1109/COMST.2019.2953364Google ScholarDigital Library
- Seoyun Choi and Jong-Hyouk Lee. 2020. Blockchain-based distributed firmware update architecture for IoT devices. IEEE Access 8(2020), 37518–37525. https://doi.org/10.1109/ACCESS.2020.2975920Google ScholarCross Ref
- Mauro A. A. da Cruz, Joel José Puga Coelho Rodrigues, Jalal Al-Muhtadi, Valery Korotaev, and Victor Hugo C. de Albuquerque. 2018. A Reference Model for Internet of Things Middleware. IEEE Internet of Things Journal 5, 2 (2018), 871–883. https://doi.org/10.1109/JIOT.2018.2796561Google ScholarCross Ref
- Violeta Damjanovic-Behrendt. 2018. A digital twin architecture for security, privacy and safety. ERCIM News 115 Special Issue ”Digital Twins (2018).Google Scholar
- Marietheres Dietz, Manfred Vielberth, and Günther Pernul. 2020. Integrating digital twin security simulations in the security operations center. In Proceedings of the 15th International Conference on Availability, Reliability and Security (ARES’20) (Virtual Event), Melanie Volkamer and Christian Wressnegger (Eds.). 18:1–18:9. https://doi.org/10.1145/3407023.3407039Google ScholarDigital Library
- Matthias Eckhart and Andreas Ekelhart. 2019. Digital twins for cyber-physical systems security: State of the art and outlook. Security and quality in cyber-physical systems engineering (2019), 383–412.Google Scholar
- Matthias Eckhart, Andreas Ekelhart, and Roland Eisl. 2021. Digital Twins for Cyber-Physical Threat Detection and Response. ERCIM News 127(2021).Google Scholar
- Forrester Consulting. 2020. The 2020 State Of Security Operations. Technical Report E-46260. Forrester Research (commissioned by Palo Alto Networks), Cambridge, England.Google Scholar
- Janis Grabis, Janis Stirna, and Jelena Zdravkovic. 2021. A Capability Based Method for Development of Resilient Digital Services. In Enterprise Information Systems, Joaquim Filipe, Michał Śmiałek, Alexander Brodsky, and Slimane Hammoudi (Eds.). Vol. 417. 498–516. https://doi.org/10.1007/978-3-030-75418-1_23Google Scholar
- Chadni Islam, Muhammad Ali Babar, and Surya Nepal. 2019. A Multi-Vocal Review of Security Orchestration. Comput. Surveys 52, 2, Article 37 (2019), 45 pages. https://doi.org/10.1145/3305268Google ScholarDigital Library
- Chadni Islam, Muhammad Ali Babar, and Surya Nepal. 2020. Architecture-Centric Support for Integrating Security Tools in a Security Orchestration Platform. In Proceedings of the 14th. European Conference on Software Architecture (ECSA’20) (L’Aquila, Italy), A. Jansen, I. Malavolta, H. Muccini, I. Ozkaya, and O. Zimmermann (Eds.). Springer, Cham, Germany, 165–181. https://doi.org/10.1007/978-3-030-58923-3_11Google ScholarDigital Library
- Bernd Jäger. 2015. Security Orchestrator: Introducing a Security Orchestrator in the Context of the ETSI NFV Reference Architecture. In Proceedings of the 14th. IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom’15) (Helsinki, Finland). IEEE, New York, NY, USA, 1255–1260. https://doi.org/10.1109/Trustcom.2015.514Google ScholarDigital Library
- Xingwei Liang and Yoohwan Kim. 2021. A Survey on Security Attacks and Solutions in the IoT Network. In Proceedings of the 11th. IEEE Annual Computing and Communication Workshop and Conference (CCWC’21)(Virtual Event). IEEE, New York, NY, USA, 853–859. https://doi.org/10.1109/CCWC51732.2021.9376174Google ScholarCross Ref
- Parushi Malhotra, Yashwant Singh, Pooja Anand, Deep Kumar Bangotra, Pradeep Kumar Singh, and Wei-Chiang Hong. 2021. Internet of Things: Evolution, Concerns and Security Challenges. Sensors 21, 5 (2021), 1809. https://doi.org/10.3390/s21051809Google Scholar
- Brendan Moran, Hannes Tschofenig, David Brown, and Milosch Meriac. 2021. A Firmware Update Architecture for Internet of Things. Technical Report. RFC 9019. Internet Engineering Task Force (IETF).Google Scholar
- Claudio Neiva, Craig Lawson, Toby Bussa, and Gorka Sadowski. 2020. 2020 Market Guide for Security Orchestration, Automation and Response Solutions. Technical Report. Gartner.Google Scholar
- Netscout. 2020. Netscout Threat Intelligence Report (Issue 6). Technical Report. Netscout.Google Scholar
- Savannah Norem, Ashley E Rice, Samantha Erwin, Robert A Bridges, Sean Oesch, and Brian Weber. 2021. A Mathematical Framework for Evaluation of SOAR Tools with Limited Survey Data. https://doi.org/10.48550/arXiv.2112.00100Google Scholar
- Megan Nyre-Yu. 2021. Identifying Expertise Gaps in Cyber Incident Response: Cyber Defender Needs vs. Technological Development. In Proceedings of the 54th. Hawaii International Conference on System Sciences (HICCS’21) (Wailea, Hawaii). 1978–1987.Google ScholarCross Ref
- OASIS. 2020. Open Command and Control (OpenC2) Language Specification Version 1.0 - Committee Specification 02. OASIS. https://docs.oasis-open.org/openc2/oc2ls/v1.0/cs02/oc2ls-v1.0-cs02.html Last accessed 2021-11-20.Google Scholar
- OASIS. 2021. CACAO Security Playbooks Version 1.0 - Committee Specification 01. OASIS. https://docs.oasis-open.org/cacao/security-playbooks/v1.0/security-playbooks-v1.0.html Last accessed 2021-11-20.Google Scholar
- Palo Alto Networks. 2020. Measuring the ROI of an Incident Response Platform. Technical Report UC-031220. Palo Alto Networks, Santa Clara, CA, USA.Google Scholar
- Anjana Rajan, J. Jithish, and Sriram Sankaran. 2017. Sybil attack in IOT: Modelling and defenses. In Proceedings of the 6th. International Conference on Advances in Computing, Communications and Informatics, ICACCI’17(Manipal, India). IEEE, New York, NY, USA, 2323–2327. https://doi.org/10.1109/ICACCI.2017.8126193Google ScholarCross Ref
- Mohammad Abdur Razzaque, Marija Milojevic-Jevric, Andrei Palade, and Siobhán Clarke. 2016. Middleware for Internet of Things: A Survey. IEEE Internet of Things Journal 3, 1 (2016), 70–95. https://doi.org/10.1109/JIOT.2015.2498900Google ScholarCross Ref
- Daniel Schlette, Marco Caselli, and Günther Pernul. 2021. A Comparative Study on Cyber Threat Intelligence: The Security Incident Response Perspective. IEEE Communications Surveys & Tutorials 23, 4 (2021), 2525–2556. https://doi.org/10.1109/COMST.2021.3117338Google ScholarCross Ref
- Daniel Schlette, Florian Menges, Thomas Baumer, and Günther Pernul. 2020. Security enumerations for cyber-physical systems. In IFIP Annual Conference on Data and Applications Security and Privacy (DBSec’20) (Virtual Event). Springer, Cham, Germany, 64–76.Google ScholarCross Ref
- Tara Seils. 2021. IoT Attacks Skyrocket, Doubling in 6 Months. https://threatpost.com/iot-attacks-doubling/169224/. Last accessed 2021-02-21.Google Scholar
- Manfred Vielberth, Fabian Bohm, Ines Fichtinger, and Günther Pernul. 2020. Security Operations Center: A Systematic Study and Open Challenges. IEEE Access 8(2020), 227756–227779. https://doi.org/10.1109/ACCESS.2020.3045514Google ScholarCross Ref
- Jingbin Zhang, Meng Ma, Ping Wang, and Xiao-dong Sun. 2021. Middleware for the Internet of Things: A survey on requirements, enabling technologies, and solutions. Journal of Systems Architecture 117 (2021), 102098. https://doi.org/10.1016/j.sysarc.2021.102098Google ScholarDigital Library
Recommendations
Integrating digital twin security simulations in the security operations center
ARES '20: Proceedings of the 15th International Conference on Availability, Reliability and SecurityWhile industrial environments are increasingly equipped with sensors and integrated to enterprise networks, current security strategies are generally not prepared for the growing attack surface that resides from the convergence of their IT ...
Digital Twin for Cybersecurity Incident Prediction: A Multivocal Literature Review
ICSEW'20: Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering WorkshopsThe advancements in the field of internet of things, artificial intelligence, machine learning, and data analytics has laid the path to the evolution of digital twin technology. The digital twin is a high-fidelity digital model of a physical system or ...
Employing Digital Twins for Security-by-Design System Testing
Sat-CPS '22: Proceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical SystemsEver since cyber attacks focused on industrial and critical infrastructure settings, the awareness of the security issues of these systems has increased. These industrial control systems (ICS) mainly focus on operation and availability -- instead of ...
Comments