Key points are not available for this paper at this time.
This work provides a design of a certification methodology for IoT, paying attention to the test-based risk assessment phase to empower testers with the ability to assess security solutions for large-scale IoT deployments. The resulting approach is an instantiation of the Risk-based Security Assessment presented by ETSI based on the ISO 31000, and it is built on top of different technologies and approaches for security testing and risk assessment adapted to the IoT landscape. The proposed methodology is intended to be used for the different experiments that are proposed in the scope of the ARMOUR project for assessing the fulfilment of several security aspects. It is expected to be used as a baseline to build a new security certification and labelling approach for IoT devices.
Matheu et al. (Thu,) studied this question.