The IoT revolution has just started to take off and the IoT market is quickly increasing, giving us connected devices targeting e.g., wearables, cars, homes, cities, industry, transportation and healthcare. New business opportunities give rise to many new products and in order to be competitive, the manufacturer has to be efficient and implement a strategy that optimizes the time to market (TTM) and minimizes the price. This often means using existing open source software. When new vulnerabilities are found, it is crucial to efficiently determine the potential damage and to decide on a plan for patching the device. In this project we will develop a semiautomated and cost efficient decision support system for assessing the need for updating a device and the impact such an update will have on a device or system. Publicly available vulnerability information is often too general and can not immediately be applied to a device with a specific configuration operating in a specific environment. Taking these parameters into
account, a much more accurate and reliable assessment can be performed.
The decision support system will be integrated into an existing software management system and tested on real devices. Thus, the results can be evaluated in a real setting, ensuring that all practical parameters can be taken into account.
A viable solution to cost efficient updates for connected devices has a potential to increase the security in different parts of the society and the privacy of users. Considering the expected penetration of these devices, such a service has an almost unlimited potential.
The IoT revolution has just started and an increasing number of devices are used in a plethora of applications. With all these connected devices, we face an unprecedented security challenge. The project will develop cost-efficient support mechanisms for software patching in these devices.