Towards Automated Threat-Based Risk Assessment for Cyber Security in Smarthomes

Cyber security is a concern of each citizen, especially when it comes to novel technologies surrounding us in our daily lives. Fighting a cyber battle while enjoying your cup of coffee and observing gentle lights dimming when you move from the kitchen to the sitting room to review your today’s running training, is no longer science fiction.
A multitude of the cyber security solutions are currently under development to satisfy the increasing demand on threats and vulnerabilities identification and private data leakage detection tools. Within this domain, ubiquitous decision making to facilitate the life of the regular end-users is a key feature here. In this paper we present an approach called Negative to Positive modelling to automate the threat-based risk assessment process, tailored specifically to the smart home environments. The calculation model application is demonstrated on derived threat-triggered evaluation scenarios, which were established from analysing the historical evidence of data communication within the smarthome context. The main features of the proposed risk management are identification of the existing risks, estimation of the consequences on possible positive and negative actions and embedding of the mitigation strategies. The application of this modelling approach for automation of risk assessment would lead to a deep understanding on the extent to which decision making could be automated while tracking and controlling the cyber risks within the end-user’s accepted level. Through the proposed risk assessment process, common factors and variables are extracted and integrated into a quantified risk model before being embedded in the automated decision making process. This research falls within the \ghost (Safe-Guarding Home IoT Environments with Personalised Real-time Risk Control) project, aiming to provide a cyber security solution targeted at the regular citizens.