Components Interconnection Consideration In Multi Metrics Approach Seraj Fayyad University of Oslo/UNIK Oslo, Norway Email: seraj@unik.no Josef Noll University of Oslo/UNIK Oslo, Norway Email: josef@unik.no Abstract—Internet of Things, People and Services (IoTPS) systems have become increasingly popular in modern times. And this popularity increases the importance of measurable Security, Privacy, and Dependability (SPD). One of the crucial aspects for system SPD enhancement is reliable evaluation for system SPD level. The evaluation of SPD level for IoTPS system has many challenges, such as the heterogeneity among the components. Considering the challenges of IoTPS system, several approaches are proposed to evaluate system SPD level. One of these approaches, is Multi Metrics (MM) approach. This approach is considered as comprehensive approach, because of its features. Some of MM approach features target the scalability and applicability within the architecture of unlike systems. To enhance the comprehensiveness of MM approach, we propose an extension for the approach to consider the impact of components interconnection on SPD level. Index Terms—components interconnection; interconnection weighting equation; mHealth system; IoTPS; Multi-Metrics; security level; privacy level; dependability level. I. I NTRODUCTION Internet is transforming from communication highway be- tween computers into a backend system connecting hybrid networks. Within these hybrid networks, people, services, things (sensors, actuators) and computers are connected as one. A good example for IoTPS systems is smart grid system, which consists of diversity subsystems. The interaction of Sub- systems provides powerful services, such as grid monitoring and remote controlling. Another kind of IoTPS systems is mHealth systems. This type of system defined by Adibi as the practice of eHealth assisted by smartphones, which are used to capture, analyze, process, and transmit health-based information from sensors and other biomedical systems [1]. Some of provided services by this kind of systems are regular monitoring, real time ad- vising, auto-notification in emergency cases and also affection of emotional states as stated by Cipresso et al. [2]. Eloff et al. envisaged that an IoTPS system will require focus on security and privacy [3]. Despite of many advantages of IoTPS systems, these systems arise new security, privacy and dependability concerns. One of these concerns, is the heterogeneity among subsystems, which complicates system SPD evaluation and satisfaction. Another concern, is the new open area for exploitation of the system, such as the mobile of the patient in mHealth systems. Garitano et al. propose a Multi Metrics (MM) approach, be- ing a comprehensive and dynamic approach for the evaluation of SPD level for a given IoTPS system [4]. They demonstrate the MM approach applicability by performing it on the smart vehicle IoTPS system. Noll et al. demonstrate more features of the MM approach, such as applicability on huge IoTPS system (e.g smart grid) and scalability [5]. This paper enhances the MM approach, by considering the impact of interconnection on the SPD level. The paper is organized as follows: In Section II, we give an overview of related work. In Section III, we elaborate the proposed extension for MM approach. In Section IV, we demonstrate proposed extension, by applying it on mHealth system as use case. In Section V, we present our conclusion. II. RELATED WORK Different approaches have been developed for analyzing of IT system risks. Based on the envisaged focus, Manadhata and Wing classified these approaches into attacker-centric approaches and design or system-centric approaches [6]. Attacker-centric approaches, are based mainly on the knowl- edge about the system attacks. Usually, these approaches collect and analyze attacks-related data, such as; system vul- nerabilities, goals of system attackers and detected malicious activities. For the collection of attacks-related data different resources could be used, such as; Intrusion Detection Sys- tem (IDS) and National Vulnerabilities Database (NVD) [7]. Based on collected data, these approaches build system-attacks model, to analyze the risks of IT system. The most popular attack models are: attack graph [2], [8], attack trees [9] and Bayesian network [10]. Wang et al. pro- pose an attack graph-based probabilistic model, to quantify the security of IT system network [11], [12]. Wang et al. propose attack graph analysis to be used as a knowledge base for correlating IDS received Alerts, hypothesizing missing alerts, and predicting future alerts [13]. Xie et al. use Bayesian networks incorporated with IDS alerts to analyze the security risks of the IT system [10]. Schneier proposes the analysis 22 Copyright (c) IARIA, 2015. ISBN: 978-1-61208-440-4 CENTRIC 2015 : The Eighth International Conference on Advances in Human-oriented and Personalized Mechanisms, Technologies, and Services