The IoT enables using smart devices, like smart-watches, smart wristbands, and smartphones, to provide cost-effective services for humans, for example, for low-cost monitoring schemes in the health-care sector to provide early diagnosis of diseases. From a security and privacy perspective, the IoT could be described as a hopeless case since all prevention aspects of security (confidentiality, integrity, and availability) are inherently weak and unwanted tracking and monitoring throws the doors wide open to privacy attacks. To provide secure IoT solutions, modeling and analysis needs to be integrated in the planning and validation of application scenarios and smart-device architectures to address burning security issues like unintentional or intentional insider attacks. The more so, we need to look at how to represent humans and the ways they interact with systems, and make security risks understandable for humans and secure IoT solutions accessible.

Project start date

October 2016


36 Months

Funding sum

699 701 €


Middlesex University of London


  • To provide logical specification and analysis methods for organisational security [4]and integrate them with risk and fault tree analysis [1],
  • To extend quantitative attack tree analysis and decentralized access control for IoT component systems by generalizing security models to include smart devices [1],
  • To design and prototypically implement certification methodology for IoT component frameworks [2],
  • To build and test user-aware security of an IoT pilot scenario from the healthcare sector of a sensor based monitoring architecture [4] for dementia patients with security critical data and actions.


[1] F. Arnold, H. Hermanns, R. Pulungan, M.I.A. Stoelinga: Time-Dependent Analysis of Attacks. Principles of Security and Trust (POST’14), LNCS, pages 285-305, 2014.
[2] A. Basu, S. Bensalem, M. Bozga, J. Combaz, M. Jaber, T.-H. Nguyen, and J. Sifakis. Rigorous Component-Based System Design Using the BIP Framework. IEEE Software, volume 28, No. 3, 2011.
[3] C. Evans, L. Brodie, J.C. Augusto. Requirements Engineering for Intelligent Environments. In Proceedings The 10th International Conference on Intelligent Environments (IE’14), pp. 154-161. Shanghai, 29th of June to 4th of July, 2014. IEEE Press.
[4] F. Kammueller and C.W. Probst. Modeling and Verification of Insider Threats Using Logical Analysis. IEEE Systems Journal, 2016.
[5] SUCCESS: SecUre aCCESSibility for the internet of things. http://www.chistera.eu/projects/success. CHIST-ERA 2016.