Automated Security Assessement for IoT devices

Agentless assessment of the security of a connected device in its running

environnement

IA and ML techniques for automated building of Security Knowledge graphs

Predict inrusion chains and evaluate them.

SCUBA Tool Suite

Mapping IoT devices to threats

Active and passive probing, traffic analysis.

Device discovery and inventory, fingerprinting,

Pentesting and fuzzing: vulnerabilities discovery and testing.

Security properties, templates and recipes.

Knowledge and vulnerability graphs.

How does this work ?

SCUBA relies on collected information through passive and active scanning of a running

IoT device in its exploitation environment to build its Security Knowledge base (SKB). The

knowledge base contains all relevant information (CPE, CVE, CAPEC, CWE, communication

flows) to verify the security capabilities of a connected device.

Abdelkader LAHMADI - Frederic BECK - Thomas LACOUR

Jérome FRANÇOIS - Régis LHOSTE

scuba@inria.fr

RESIST research group - Loria - Inria Nancy Grand Est