Attack and System Modeling Applied to IoT, Cloud, and Mobile Ecosystems: Embedding Security by Design

Over the years, pervasive computing and communication technologies have enabled the emergence of new computing paradigms that have gained importance across a wide spectrum of domains. The three most notable that have witnessed significant advancements and have a solid track record of exponential growth in diverse applications are the Internet of Things (loT), Cloud, and Mobile Computing. The ubiquity of these paradigms, their expandability, and applicability in different problem spaces have made them invaluable in modern computing solutions. Security becomes a real concern, especially when it comes to the development of applications in these environments, as numerous security issues may arise from potential design flaws. Secure application development across these three technologies can only be achieved when applications and systems are designed and developed with security in mind. This will improve the quality of the solutions and ensure that vulnerabilities are identified. It will also help in defining countermeasures against cyberattacks or mitigate the effects of potential threats to the systems. This article surveys existing approaches, tools, and techniques for attack and system modeling applicable to IoT, Cloud computing, and Mobile Computing. It also evaluates the strengths and limitations of the reviewed approaches and tools, from which it highlights the main existing challenges and open issues in the area.