A growing number of Internet of Things (IoT) devices are used across consumer, medical, and industrial domains. They interact with their environment through sensors and actuators and connect to networks such as the Internet. Because sensors may collect sensitive data and actuators can trigger physical actions, security, privacy, and safety are major challenges. Threat modelling can help identify risks, but established IT-focused methods transfer to the IoT only to a limited extent. In this paper, a new modelling technique specifically for IoT devices called Cyber-Physical Data Flow Diagram (CPDFD) is proposed that also allows modelling of hardware with the aim to support manufacturers in identifying threats and developing countermeasures. The technique was examined through an experimental study and a survey with interviews. The results suggest that numerous other attack scenarios can be found through the modelling technique, improving the identification of threats to IoT devices.

翻译：越来越多的物联网设备被用于消费、医疗和工业领域。它们通过传感器和执行器与环境交互，并连接到互联网等网络。由于传感器可能收集敏感数据，执行器可以触发物理动作，因此安全性、隐私性和安全成为主要挑战。威胁建模有助于识别风险，但现有的以IT为中心的方法在向物联网迁移时效果有限。本文提出了一种专门针对物联网设备的新型建模技术，称为网络物理数据流图，该技术还支持硬件建模，旨在协助制造商识别威胁并制定应对措施。通过实验研究和包含访谈的调查对该技术进行了评估。结果表明，该建模技术能够发现众多其他攻击场景，从而改进对物联网设备威胁的识别。