research-article

Security and Privacy Requirements for the Internet of Things: A Survey

Authors:

Charith PereraAuthors Info & Claims

ACM Transactions on Internet of Things, Volume 2, Issue 1

Article No.: 6, Pages 1 - 37

https://doi.org/10.1145/3437537

Published: 01 February 2021 Publication History

Abstract

The design and development process for internet of things (IoT) applications is more complicated than that for desktop, mobile, or web applications. First, IoT applications require both software and hardware to work together across many different types of nodes with different capabilities under different conditions. Second, IoT application development involves different types of software engineers such as desktop, web, embedded, and mobile to work together. Furthermore, non-software engineering personnel such as business analysts are also involved in the design process. In addition to the complexity of having multiple software engineering specialists cooperating to merge different hardware and software components together, the development process requires different software and hardware stacks to be integrated together (e.g., different stacks from different companies such as Microsoft Azure and IBM Bluemix). Due to the above complexities, non-functional requirements (such as security and privacy, which are highly important in the context of the IoT) tend to be ignored or treated as though they are less important in the IoT application development process. This article reviews techniques, methods, and tools to support security and privacy requirements in existing non-IoT application designs, enabling their use and integration into IoT applications. This article primarily focuses on design notations, models, and languages that facilitate capturing non-functional requirements (i.e., security and privacy). Our goal is not only to analyse, compare, and consolidate the empirical research but also to appreciate their findings and discuss their applicability for the IoT.

References

[1]

ISO/IEC JTC 1/SC 27. 2011. ISO/IEC 29100:2011(en): Information technology—Security techniques—Privacy framework. Retrieved from https://www.iso.org/obp/ui/#iso:std:iso-iec:29100:ed-1:v1:en.

[2]

Jenny Abramov, Arnon Sturm, and Peretz Shoval. 2012. Evaluation of the pattern-based method for Secure Development (PbSD): A controlled experiment. Inf. Softw. Technol. 54, 9 (2012), 1029--1043.

Digital Library

[3]

Yuvraj Agarwal and Malcolm Hall. 2013. ProtectMyPrivacy: Detecting and mitigating privacy leaks on iOS devices using crowdsourcing. In Proceedings of the 11th International Conference on Mobile Systems, Applications, and Services. ACM, 97--110.

Digital Library

[4]

Gail Joon Ahn, Seung Phil Hong, and Michael E. Shin. 2002. Reconstructing a formal security model. Inf. Softw. Technol. 44, 11 (2002), 649--657.

[5]

Bako Ali and Ali Ismail Awad. 2018. Cyber and physical security vulnerability assessment for IoT-based smart homes. Sensors 18, 3 (2018), 817.

[6]

D. Ameller, X. Franch, and J. Cabot. 2010. Dealing with non-functional requirements in model-driven development. In Proceedings of the 18th IEEE International Requirements Engineering Conference. 189--198.

[7]

ARC. 2019. Excellence in Research for Australia (ERA). Retrieved from https://www.arc.gov.au/excellence-research-australia.

[8]

Yosef Ashibani and Qusay H. Mahmoud. 2017. Cyber physical systems security: Analysis, challenges and solutions. Comput. Secur. 68 (2017), 81--97.

Digital Library

[9]

Luigi Atzori, Antonio Iera, and Giacomo Morabito. 2010. The internet of things: A survey. Comput. Netw. 54, 15 (2010), 2787--2805.

Digital Library

[10]

Rebecca Balebako, Abigail Marsh, Jialiu Lin, Jason I. Hong, and Lorrie Faith Cranor. 2014. The privacy and security behaviors of smartphone app developers. Retrieved from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.661.42218rep=rep18type=pdf.

[11]

David Basin, Manuel Clavel, Jürgen Doser, and Marina Egea. 2009. Automated analysis of security-design models. Inf. Softw. Technol. 51, 5 (2009), 815--831.

Digital Library

[12]

Matt Bishop. 2003. What is computer security? IEEE Secur. Priv. 1, 1 (2003), 67--69.

Digital Library

[13]

Michael Blackstock and Rodger Lea. 2014. Toward a distributed data flow platform for the Web of Things (distributed node-RED). In Proceedings of the 5th International Workshop on Web of Things (WoT’14). Association for Computing Machinery, New York, NY, 34--39.

Digital Library

[14]

Jan Lauren Boyles, Aaron Smith, and Mary Madden. 2012. Privacy and Data Management on Mobile Devices. Retrieved from https://www.pewinternet.org/2012/09/05/privacy-and-data-management-on-mobile-devices/.

[15]

Koen Buyens, Riccardo Scandariato, and Wouter Joosen. 2013. Least privilege analysis in software architectures. Softw. Syst. Model. 12, 2 (2013), 331--348.

Digital Library

[16]

Richard A. Caralli, J. Stevens, L. Young, and W. R. Wilson. 2007. Introducing OCTAVE Allegro: Improving the information security risk assessment process. Technical Report. CMU/SEI-2007-TR-012. Retrieved from https://resources.sei.cmu.edu/library/asset-view.cfm?assetID=8419.

[17]

Ioannis Chatzigiannakis, Georgios Mylonas, and Sotiris Nikoletseas. 2007. 50 ways to build your application: A survey of middleware and systems for wireless sensor networks. In Proceedings of the IEEE Conference on Emerging Technologies and Factory Automation (EFTA’07). IEEE, 466--473.

[18]

Abhik Chaudhuri and Ann Cavoukian. 2018. The proactive and preventive privacy (3P) framework for IoT privacy by design. EDPACS 57, 1 (2018), 1--16.

[19]

Y. Cherdantseva. 2014. Secure * BPMN—A Graphical Extension for BPMN 2.0 Based on a Reference Model of Information Assurance 8 Security. Ph.D. Dissertation. Yulia Cherdantseva Cardiff University. Retrieved from https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.655937.

[20]

Collaboration. [n.d.]. privacy patterns. Retrieved from https://privacypatterns.org/.

[21]

Fredrik Dahlqvist, Mark Patel, Alexander Rajko, and Jonathan Shulman. 2019. Growing opportunities in the Internet of Things. McKinsey July (2019).

[22]

Lirong Dai and Kendra Cooper. 2007. Using FDAF to bridge the gap between enterprise and software architectures for security. Sci. Comput. Prog. 66, 1 (2007), 87--102.

Digital Library

[23]

Cleber Matos De Morais, Judith Kelner, Djamel Sadok, and Thea Lynn. 2018. SiMoNa: A proof-of-concept domain specific modeling language for IoT infographics. In Proceedings of the IEEE Symposium on Visual Languages and Human-centric Computing (VL/HCC’18). 199--203.

[24]

Paloma Díaz, Ignacio Aedo, Mary Beth Rosson, and John M. Carroll. 2010. A visual tool for using design patterns as pattern languages. In Proceedings of the International Conference on Advanced Visual Interfaces. ACM, 67--74.

[25]

Paloma Díaz, Ignacio Aedo, Daniel Sanz, and Alessio Malizia. 2008. A model-driven approach for the visual specification of Role-Based Access Control policies in web systems. In Proceedings of the IEEE Symposium on Visual Languages and Human-centric Computing (VL/HCC’08). 203--210.

[26]

European Union. 2016. Regulation 2016/679. Offic. J. Eur. Commun. 59, L 119 (2016), 1--88.

[27]

Dave Evans. 2011. The internet of things: How the next evolution of the internet is changing everything. CISCO White Paper 1, 2011 (2011), 1--11.

[28]

Tibor Farkas, Carsten Neumann, and Andreas Hinnerichs. 2009. An integrative approach for embedded software design with UML and simulink. In Proceedings of the International Computer Software and Applications Conference, Vol. 2. IEEE, 516--521.

[29]

Avelet Maria Fernandes, Anusha Pai, and Louella M. Mesquita Colaco. 2018. Secure SDLC for IoT based health monitor. In Proceedings of the 2nd International Conference on Electronics, Communication and Aerospace Technology (ICECA’18). 1236--1241.

[30]

Peter L. Flake and Simon J. Davidmann. 2000. Superlog, a unified design language for system-on-chip. In Proceedings of the Design Automation Conference. 583--586.

[31]

R. Francese, G. Scanniello, G. Costagliola, A. De Lucia, and M. Risi. 2002. A component-based visual environment development process. In Proceedings of the 14th International Conference on Software Engineering and Knowledge Engineering. 327--334.

[32]

David Geer. 2010. Are companies actually using secure development life cycles? Computer 43, 6 (2010), 12--16.

Digital Library

[33]

Geri Georg, Indrakshi Ray, Kyriakos Anastasakis, Behzad Bordbar, Manachai Toahchoodee, and Siv Hilde Houmb. 2009. An aspect-oriented methodology for designing secure applications. Inf. Softw. Technol. 51, 5 (2009), 846--864.

Digital Library

[34]

Nam Ky Giang, Michael Blackstock, Rodger Lea, and Victor C. M. Leung. 2015. Developing IoT applications in the fog: A distributed dataflow approach. In Proceedings of the 5th International Conference on the Internet of Things (IOT’15). IEEE, 155--162.

[35]

Massimiliano Giordano, Giuseppe Polese, Giuseppe Scanniello, and Genoveffa Tortora. 2010. A system for visual role-based policy modelling. J. Vis. Lang. Comput. 21, 1 (2010), 41--64.

Digital Library

[36]

M. Eonsuk Shin and H. Gomaa. 2004. Modeling complex systems by separating application and security concerns. In Proceedings of the 9th IEEE International Conference on Engineering of Complex Computer Systems. 19—28.

[37]

Francisco Gomariz-Castillo, Irene Garrigós, Jose-Alfonso Aguilar, Jose Zubcoff, Sven Casteleyn, and Jose-Norberto Mazón. 2018. Evaluating different i*-based approaches for selecting functional requirements while balancing and optimizing non-functional requirements: A controlled experiment. Inf. Softw. Technol. 106, Jan. 2017 (2018), 68--84.

[38]

Cristian González García, B. Cristina Pelayo G-Bustelo, Jordán Pascual Espada, and Guillermo Cueva-Fernandez. 2014. Midgar: Generation of heterogeneous objects interconnecting applications. A domain specific language proposal for Internet of Things scenarios. Comput. Netw. 64 (2014), 143--158.

[39]

Google. [n.d.]. Google Nest. Retrieved from https://nest.com/uk/.

[40]

Jayavardhana Gubbi, Rajkumar Buyya, Slaven Marusic, and Marimuthu Palaniswami. 2013. Internet of Things (IoT): A vision, architectural elements, and future directions. Fut. Gen. Comput. Syst. 29, 7 (2013), 1645--1660.

Digital Library

[41]

Aakanshi Gupta, Bharti Suri, Vijay Kumar, Sanjay Misra, Tomas Blažauskas, and Robertas Damaševičius. 2018. Software code smell prediction model using shannon, rényi, and tsallis entropies. Entropy 20, 5 (2018), 372.

[42]

M. Hafner, M. Breu, R. Breu, and A. Nowak. 2005. Modelling inter-organizational workflow security in a peer-to-peer environment. In Proceedings of the IEEE International Conference on Web Services (ICWS’05).

[43]

M. Hafner, R. Breu, B. Agreiter, and A. Nowak. 2006. SECTET—An extensible framework for the realization of secure inter-organizational workflows. Internet Res.: Electron. Netw. Applic. Polic. 16, 5 (2006), 491--506.

[44]

Nicolas Harrand, Franck Fleurey, Brice Morin, and Knut Eilif Husa. 2016. ThingML: A language and code generation framework for heterogeneous targets. In Proceedings of the ACM/IEEE 19th International Conference on Model Driven Engineering Languages and Systems. 125--135.

Digital Library

[45]

Rogardt Heldal and Fredrik Hultin. 2003. Bridging model-based and language-based security. In Proceedings of the European Symposium on Research in Computer Security. LNCS, Vol. 2808 (2003), 235--236.

[46]

Sehyeon Heo, Sungpil Woo, Janggwan Im, and Daeyoung Kim. 2015. IoT-MAP: IoT mashup application platform for the flexible IoT ecosystem. In Proceedings of the 5th International Conference on the Internet of Things (IOT’15). IEEE, 163--170.

[47]

Grant Hernandez, Orlando Arias, Daniel Buentello, and Yier Jin. 2014. Smart Nest thermostat: A smart spy in your home. In Proceedings of the Black Hat USA Conference. 1--8.

[48]

Michael Hirsch. 2002. Making RUP agile. OOPSLA 2002 Practitioners Reports. Retrieved from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.119.93888rep=rep18type=pdf.

Digital Library

[49]

Jeffrey A. Hoffer. 2012. Modern Systems Analysis and Design, 6/e. Pearson Education India.

[50]

Bernhard Hoisl, Stefan Sobernig, and Mark Strembeck. 2014. Modeling and enforcing secure object flows in process-driven SOAs: An integrated model-driven approach. Softw. Syst. Model. 13, 2 (2014), 513--548.

Digital Library

[51]

J. Hong. 2017. The privacy landscape of pervasive computing. IEEE Pervas. Comput. 16, 3 (2017), 40--48.

Digital Library

[52]

Michael Howard and Steve Lipner. 2006. The Security Development Lifecycle. Vol. 8. Microsoft Press, Redmond WA.

Digital Library

[53]

Hongxin Hu and Gail-joon Ahn. 2010. Constructing authorization systems using assurance management framework. IEEE Trans. Syst., Man, Cyber., Part C (Applic. Rev.) 40, 4 (2010), 396--405.

Digital Library

[54]

A. Humayed, J. Lin, F. Li, and B. Luo. 2017. Cyber-physical systems security—A survey. IEEE Internet Things J. 4, 6 (2017), 1802--1831.

[55]

ISO/IEC. 2013. BS ISO/IEC DIS 27001. Retrieved from https://www.iso.org/isoiec-27001-information-security.html.

[56]

ISO/IEC JTC 1/SC 7. 2011. ISO/IEC 25010:2011(en): Systems and software Quality Requirements and Evaluation (SQuaRE)—System and software quality models. Retrieved from https://www.iso.org/obp/ui/#iso:std:iso-iec:25010:ed-1:v1:en.

[57]

Esther Jun, Huafei Liao, April Savoy, Liang Zeng, and Gavriel Salvendy. 2008. The Design of Future Things, by D. A. Norman, Basic Books, New York, NY. Hum. Fact. Ergon. 8 Manuf. 18 (2008), 480–481.

Digital Library

[58]

Jan Jürjens, Joerg Schreck, and Peter Bartmann. 2008. Model-based security analysis for mobile communications. In Proceedings of the 13th International Conference on Software Engineering (ICSE’08), Vol. 2. 683.

[59]

Frank Kargl, Robert Schmidt, Antonio Kung, Christoph Bösch, et al. 2019. A privacy-aware V-model for software development. In Proceedings of the IEEE Security and Privacy Workshops (SPW’19). IEEE, 100--104.

[60]

Sangsig Kim, Dae Kyoo Kim, Lunjin Lu, Suntae Kim, and Sooyong Park. 2011. A feature-based approach for modeling role-based access control systems. J. Syst. Softw. 84, 12 (2011), 2035--2052.

Digital Library

[61]

Barbara Kitchenham and Pearl Brereton. 2013. A systematic review of systematic review process research in software engineering. Inf. Softw. Technol. 55, 12 (2013), 2049--2075.

Digital Library

[62]

Manuel Koch and Francesco Parisi-Presicce. 2006. UML specification of access control policies and their formal verification. Softw. Syst. Model. 5, 4 (2006), 429--447.

[63]

Jun Kong, Dianxiang Xu, and Xiaoqin Zeng. 2010. UML-based modeling and analysis of security threats. Int. J. Softw. Eng. Knowl. Eng. 20, 06 (2010), 875--897.

[64]

J. Sathish Kumar and Dhiren R. Patel. 2014. A survey on internet of things: Security and privacy issues. Int. J. Comput. Applic. 90, 11 (2014).

[65]

Letitia W. Li, Florian Lugou, and Ludovic Apvrille. 2017. Security-aware modeling and analysis for HW/SW partitioning. In Proceedings of the International Conference on Model-driven Engineering and Software Development. 302--311.

[66]

Na Liu, John Hosking, and John Grundy. 2005. A visual language and environment for specifying user interface event handling in design tools. In Proceedings of the IEEE Symposium on Visual Languages and Human-centric Computing (VL/HCC’05). 278--280.

[67]

Nakarin Maneerat and Pomsiri Muenchaisri. 2011. Bad-smell prediction from software design model using machine learning techniques. In Proceedings of the 8th International Joint Conference on Computer Science and Software Engineering (JCSSE’11). IEEE, 331--336.

[68]

Bogdan Ghilic-Micu, Marian Stoica, and Marinela Mircea. 2013. Software development: Agile vs. traditional. Inf. Econ. 17, 4 (2013), 64--76.

[69]

Diego Martin, Ramon Alcarria, Tomas Robles, and Augusto Morales. 2013. A systematic approach for service prosumerization in IoT scenarios. In Proceedings of the 7th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS’13). 494--499.

[70]

Bruce R. Maxim and Marouane Kessentini. 2016. An introduction to modern software quality assurance. In Software Quality Assurance, Ivan Mistrik, Richard Soley, Nour Ali, John Grundy, and Bedir Tekinerdogan (Eds.). Morgan Kaufmann, Boston, MA, 19--46.

[71]

Mukhtiar Memon, Gordhan D. Menghwar, Mansoor H. Depar, Akhtar A. Jalbani, and Waqar M. Mashwani. 2014. Security modeling for service-oriented systems using security pattern refinement approach. Softw. Syst. Model. 13, 2 (2014), 549--572.

Digital Library

[72]

Michael Menzel and Christoph Meinel. 2010. SecureSOA—Modelling security requirements for service-oriented architectures. In Proceedings of the IEEE 7th International Conference on Services Computing (SCC’10). IEEE, 146--153.

[73]

Microsoft. 2004. Microsoft Security Development Lifecycle (SDL). Retrieved from https://www.microsoft.com/en-us/securityengineering/sdl/.

[74]

Microsoft. 2018. Microsoft Threat Modeling Tool. Retrieved from https://docs.microsoft.com/en-us/azure/security/azure-security-threat-modeling-tool.

[75]

Daniele Miorandi, Sabrina Sicari, Francesco De Pellegrini, and Imrich Chlamtac. 2012. Internet of things: Vision, applications and research challenges. Ad Hoc Netw. 10, 7 (2012), 1497--1516.

Digital Library

[76]

Pieter J. Mosterman and Justyna Zander. 2016. Cyber-physical systems challenges: A needs analysis for collaborating embedded software systems. Softw. Syst. Model. 15, 1 (2016), 5--16.

Digital Library

[77]

Emerson Murphy-Hill and Andrew P. Black. 2010. An interactive ambient visualization for code smells. In Proceedings of the 5th International Symposium on Software Visualization. 5--14.

[78]

M. H. N. Nasir and S. Sahibuddin. 2011. Critical success factors for software projects: A comparative study. Sci. Res. Essays 6, 10 (2011), 2174--2186. Retrieved from https://www.scopus.com/inward/record.uri?eid=2-s2.0-799562187418partnerID=408md5=294f5a21a02adf8352a4728178c5f3eb.

[79]

Nianping Zhu, J. Grundy, and J. Hosking. 2004. Pounamu: A meta-tool for multi-view visual language environment construction. In Proceedings of the IEEE Symposium on Visual Languages-Human Centric Computing. 254--256.

[80]

Nicolás Notario, Alberto Crespo, Yod-Samuel Martín, Jose M. Del Alamo, Daniel Le Métayer, Thibaud Antignac, Antonio Kung, Inga Kroener, and David Wright. 2015. PRIPARE: Integrating privacy best practices into a privacy engineering methodology. In Proceedings of the IEEE Security and Privacy Workshops. IEEE, 151--158.

[81]

Dr. Ian Oliver. 2014. Privacy Engineering: A Dataflow and Ontological Approach. CreateSpace Independent Publishing Platform.

[82]

Oracle. 2009. proactive support tools diagnostics. Retrieved from http://www.oracle.com/us/support/library/proactive-support-tools-diagnostics-069181.pdf.

[83]

OWASP. 2018. OWASP Secure Software Development Lifecycle Project (S-SDLC). Retrieved from https://www.owasp.org/index.php/OWASP_Secure_Software_Development_Lifecycle_Project.

[84]

Jaime A. Pavlich-Mariscal, Steven A. Demurjian, and Laurent D. Michel. 2010. A framework of composable access control features: Preserving separation of access control concerns from models to code. Comput. Secur. 29, 3 (2010), 350--379.

Digital Library

[85]

Charith Perera and Mahmoud Barhamgi. 2019. Augmenting software engineering processes towards designing privacy aware Internet of Things applications. arXiv preprint arXiv:1908.02724 (2019).

[86]

Charith Perera, Mahmoud Barhamgi, Arosha K. Bandara, Muhammad Ajmal, Blaine Price, and Bashar Nuseibeh. 2020. Designing privacy-aware internet of things applications. Inf. Sci. 512 (2020), 238--257.

Digital Library

[87]

Charith Perera, Chang Liu, Rajiv Ranjan, Lizhe Wang, and Albert Y. Zomaya. 2016. Privacy-knowledge modeling for the internet of things: A look back. Computer 49, 12 (2016), 60--68.

Digital Library

[88]

Charith Perera, Chi Harold Liu, and Srimal Jayawardena. 2015. The emerging internet of things marketplace from an industrial perspective: A survey. IEEE Trans. Emerg. Top. Comput. 3, 4 (2015), 585--598.

[89]

Charith Perera, Chi Harold Liu, Srimal Jayawardena, and Min Chen. 2014. A survey on internet of things from industrial market perspective. IEEE Access 2 (2014), 1660--1679.

[90]

Charith Perera, Rajiv Ranjan, Lizhe Wang, Samee U. Khan, and Albert Y. Zomaya. 2015. Big data privacy in the internet of things era. IT Prof. 17, 3 (2015), 32--39.

Digital Library

[91]

Charith Perera, Arkady Zaslavsky, Peter Christen, and Dimitrios Georgakopoulos. 2014. Context aware computing for the internet of things: A survey. IEEE Commun. Surv. Tutor. 16, 1 (2014), 414--454.

[92]

Philips. [n.d.]. Philips e-Alert. Retrieved from https://www.philips.co.uk/healthcare/resources/feature-detail/e-alert-faq.

[93]

Georgi Popov, Bruce K. Lyon, and Bruce Hollcroft. 2016. Risk Assessment: A Practical Guide to Assessing Operational Risks. John Wiley 8 Sons.

[94]

Hanene Boussi Rahmouni, Tony Solomonides, Marco Casassa Mont, and Simon Shiu. 2010. Privacy compliance and enforcement on European healthgrids: An approach through ontology. Philos. Trans. Roy. Soc. A: Math., Phys. Eng. Sci. 368, 1926 (2010), 4057--4072.

[95]

Arjun Rao, Ayush Bihani, and Mydhili Nair. 2018. Milo: A visual programming environment for data science education. In Proceedings of the IEEE Symposium on Visual Languages and Human-cCentric Computing (VL/HCC’18). IEEE, 211--215.

[96]

Indrakshi Ray, Robert France, Na Li, and Geri Georg. 2004. An aspect-based approach to modeling access control concerns. Inf. Softw. Technol. 46, 9 (2004), 575--587.

[97]

Martin Reddy. 2011. Design. In API Design for C++, Martin Reddy (Ed.). Morgan Kaufmann, Boston, MA, 105--150.

[98]

A. Sadeghi, C. Wachsmann, and M. Waidner. 2015. Security and privacy challenges in industrial Internet of Things. In Proceedings of the 52nd ACM/EDAC/IEEE Design Automation Conference (DAC’15). 1--6.

[99]

Fumiko Satoh, Yuichi Nakamura, and Koichi Ono. 2006. Adding authentication to model driven security. In Proceedings of theIEEE International Conference on Web Services (ICWS’06). 585--592.

[100]

Gunar Schirner, Deniz Erdogmus, Kaushik Chowdhury, and Taskin Padir. 2013. The future of human-in-the-loop cyber-physical systems. Computer 46, 1 (2013), 36--45.

Digital Library

[101]

Wesam Shanaa, Steven Spier, and Bastian Tenbergen. 2017. A case study into the development process of cyber physical systems. In Proceedings of the REFSQ Workshops.

[102]

Elaine Shi, Yuan Niu, Markus Jakobsson, and Richard Chow. 2010. Implicit authentication through learning user behavior. In Proceedings of the International Conference on Information Security. Springer, 99--113.

Digital Library

[103]

Robert W. Shirey. 2007. Internet Security Glossary, Version 2. RFC 4949.

[104]

S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini. 2015. Security, privacy and trust in Internet of Things: The road ahead. Comput. Netw. 76 (2015), 146--164.

Digital Library

[105]

Laurens Sion, Dimitri Van Landuyt, Koen Yskout, and Wouter Joosen. 2018. SPARTA: Security 8 privacy architecture through risk-driven threat assessment. In Proceedings of the IEEE 15th International Conference on Software Architecture Companion (ICSA-C’18). 89--92.

[106]

Laurens Sion, Kim Wuyts, Koen Yskout, Dimitri Van Landuyt, and Wouter Joosen. 2018. Interaction-based privacy threat elicitation. In Proceedings of the 3rd IEEE European Symposium on Security and Privacy Workshops. 79--86.

[107]

Karsten Sohr, Gail-Joon Ahn, Martin Gogolla, and Lars Migge. 2005. Specification and validation of authorisation constraints using UML and OCL. In Proceedings of the European Symposium on Research in Computer Security. LNCS, Vol. 3679, 64--79.

[108]

Emilio Soler, Juan Trujillo, Eduardo Fernandez-Medina, and Mario Piattini. 2007. Application of QVT for the development of secure data warehouses: A case study. In Proceedings of the 2nd International Conference on Availability, Reliability and Security (ARES’07). IEEE, 829--836.

[109]

Junichi Suzuki and Yoshikazu Yamamoto. 1999. Toward the interoperable software design models: Quartet of UML, XML, DOM and CORBA. In Proceedings of the 4th IEEE International Symposium and Forum on Software Engineering Standards (ISESS’99). 163--172.

[110]

Juha-pekka Tolvanen and Steven Kelly. 2009. MetaEdit+: Defining and using integrated domain-specific modeling languages. In Proceedings of the 24th ACM SIGPLAN Conference Companion on Object Oriented Programming Systems Languages and Applications. 819--820.

[111]

Inger Anne Tondel, Martin Gilje Jaatun, and Per Hakon Meland. 2008. Security requirements for the rest of us: A survey. IEEE Softw. 25, 1 (2008), 20--27.

Digital Library

[112]

Wade Trappe, Richard Howard, and Robert S. Moore. 2015. Low-energy security: Limits and opportunities in the internet of things. IEEE Secur. Priv. 13, 1 (2015), 14--21.

Digital Library

[113]

Juan Trujillo, Emilio Soler, Eduardo Fernández-Medina, and Mario Piattini. 2009. An engineering process for developing secure data warehouses. Inf. Softw. Technol. 51, 6 (2009), 1033--1051.

Digital Library

[114]

Joseph S. Valacich and Joey F. George. 2017. Modern Systems Analysis and Design. Pearson Education, Inc.

[115]

A. Van Den Berghe, K. Yskout, W. Joosen, and R. Scandariato. 2017. A model for provably secure software design. In Proceedings of the IEEE/ACM 5th International FME Workshop on Formal Methods in Software Engineering (FormaliSE’17). Institute of Electrical and Electronics Engineers Inc., 3--9.

[116]

Rob van der Meulen and Gartner. 2017. Gartner Says 8.4 Billion Connected “Things” Will Be in Use in 2017, Up 31 Percent From 2016. Retrieved from https://www.gartner.com/en/newsroom/press-releases/2017-02-07-gartner-says-8-billion-connected-things-will-be-in-use-in-2017-up-31-percent-from-2016.

[117]

Alexander van den Berghe, Riccardo Scandariato, Koen Yskout, and Wouter Joosen. 2017. Design notations for secure software: A systematic literature review. Softw. Syst. Model. 16, 3 (2017), 809--831.

Digital Library

[118]

Belén Vela, Carlos Blanco, Eduardo Fernández-Medina, and Esperanza Marcos. 2012. A practical application of our MDD approach for modeling secure XML data warehouses. Dec. Supp. Syst. 52, 4 (2012), 899--925.

[119]

Rolf H. Weber. 2010. Internet of Things—-New security and privacy challenges. Comput. Law 8 Secur. Rev. 26, 1 (2010), 23--30.

[120]

Michael E. Whitman and Herbert J. Mattord. 2011. Principles of Information Security. Cengage Learning.

[121]

Wiki.owasp.org. [n.d.]. CISO AppSec Guide: Criteria for Managing Application Security Risks. Retrieved from https://wiki.owasp.org/index.php/CISO_AppSec_Guide:_Criteria_for_Managing_Application_Security_Risks.

[122]

Claes Wohlin. 2014. Guidelines for snowballing in systematic literature studies and a replication in software engineering. In Proceedings of the 18th International Conference on Evaluation and Assessment in Software Engineering. Citeseer, 38.

Digital Library

[123]

M. Wolf and D. Serpanos. 2018. Safety and security in cyber-physical systems and Internet-of-Things systems. Proc. IEEE 106, 1 (2018), 9--20.

[124]

Kim Wuyts. 2014. LINDDUN: A privacy threat analysis framework. Retrieved from https://people.cs.kuleuven.be/~kim.wuyts/LINDDUN/LINDDUN.pdf.

[125]

Kim Wuyts. 2015. Privacy Threats in Software Architectures. Ph.D. Dissertation. Institution: KU Leuven – Faculty of Engineering Science (Belgium). Retrieved from https://lirias.kuleuven.be/retrieve/295669.

[126]

D. Xu and K. E. Nygard. 2006. Threat-driven modeling and verification of secure software using aspect-oriented Petri nets. IEEE Trans. Softw. Eng. 32, 4 (2006), 265--278.

Digital Library

[127]

Y. Yang, L. Wu, G. Yin, L. Li, and H. Zhao. 2017. A survey on security and privacy issues in Internet-of-Things. IEEE Internet Things J. 4, 5 (Oct. 2017), 1250--1258.

[128]

Lijun Yu, Robert France, Indrakshi Ray, and Sudipto Ghosh. 2009. A rigorous approach to uncovering security policy violations in UML designs. In Proceedings of the IEEE International Conference on Engineering of Complex Computer Systems (ICECCS’09). 126--135.

[129]

Kang Zhang, Da Qian Zhang, and Jiannong Cao. 2001. Design, construction, and application of a generic visual language generation environment. IEEE Trans. Softw. Eng. 27, 4 (2001), 289--307.

Digital Library

[130]

Kai Zhao and Lina Ge. 2013. A survey on the internet of things security. In Proceedings of the 9th International Conference on Computational Intelligence and Security. IEEE, 663--667.

Cited By

Kitsiou ASideri MPantelelis MSimou SMavroeidi AVgena KTzortzaki EKalloniatis C(2025)Developers’ mindset on self-adaptive privacy and its requirements for cloud computing environmentsInternational Journal of Information Security10.1007/s10207-024-00943-824:1Online publication date: 1-Feb-2025
https://dl.acm.org/doi/10.1007/s10207-024-00943-8
Zhou LSuh W(2024)A Bibliometric Analysis of Research on the Metaverse for Smart Cities: The Dimensions of Technology, People, and InstitutionsSystems10.3390/systems1210041212:10(412)Online publication date: 4-Oct-2024
https://doi.org/10.3390/systems12100412
Meng QWang HZhang CSong YLi SLu LZhu HShu YLiu JTan RHe YChen J(2024)Processor-Sharing Internet of Things Architecture for Large-scale DeploymentProceedings of the 22nd ACM Conference on Embedded Networked Sensor Systems10.1145/3666025.3699333(211-224)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3666025.3699333
Show More Cited By

Index Terms

Security and Privacy Requirements for the Internet of Things: A Survey

Recommendations

Privacy and security requirements framework for the internet of things (IoT)
ICSE Companion 2014: Companion Proceedings of the 36th International Conference on Software Engineering

Capturing privacy and security requirements in the very early stages is essential for creating sufficient public confidence in order to facilitate the adaption of novel systems such as the Internet of Things (IoT). However, traditional requirements ...
Privacy preserving Internet of Things

The Internet of Things (IoT) is the latest web evolution that incorporates billions of devices that are owned by different organisations and people who are deploying and using them for their own purposes. IoT-enabled harnessing of the information that ...
Privacy and Security Challenges in Internet of Things
ICDCIT 2015: Proceedings of the 11th International Conference on Distributed Computing and Internet Technology - Volume 8956

Internet of Things IoT envisions as a global network, connecting any objects around us, ranging from home appliances, wearable things to military applications. With IoT infrastructure, physical objects such as wearable objects, television, refrigerator, ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Transactions on Internet of Things

ACM Transactions on Internet of Things Volume 2, Issue 1

February 2021

199 pages

EISSN:2577-6207

DOI:10.1145/3430935

Editors:
Schahram Dustdar
TU Wien, Austria
,
Gian Pietro Picco
University of Trento, Italy

Issue’s Table of Contents

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

ACM Journals for the Design of Smart and Connected Systems

Publication History

Published: 01 February 2021

Accepted: 01 October 2020

Revised: 01 September 2020

Received: 01 October 2019

Published in TIOT Volume 2, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

EPSRC PETRAS
EPSRC PACE

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

45
Total Citations
View Citations
1,899
Total Downloads

Downloads (Last 12 months)292
Downloads (Last 6 weeks)13

Reflects downloads up to 18 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Kitsiou ASideri MPantelelis MSimou SMavroeidi AVgena KTzortzaki EKalloniatis C(2025)Developers’ mindset on self-adaptive privacy and its requirements for cloud computing environmentsInternational Journal of Information Security10.1007/s10207-024-00943-824:1Online publication date: 1-Feb-2025
https://dl.acm.org/doi/10.1007/s10207-024-00943-8
Zhou LSuh W(2024)A Bibliometric Analysis of Research on the Metaverse for Smart Cities: The Dimensions of Technology, People, and InstitutionsSystems10.3390/systems1210041212:10(412)Online publication date: 4-Oct-2024
https://doi.org/10.3390/systems12100412
Meng QWang HZhang CSong YLi SLu LZhu HShu YLiu JTan RHe YChen J(2024)Processor-Sharing Internet of Things Architecture for Large-scale DeploymentProceedings of the 22nd ACM Conference on Embedded Networked Sensor Systems10.1145/3666025.3699333(211-224)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3666025.3699333
Alhirabi NBeaumont SRana OPerera C(2024)Designing Privacy-Aware IoT Applications for Unregulated DomainsACM Transactions on Internet of Things10.1145/36484805:2(1-32)Online publication date: 23-Apr-2024
https://dl.acm.org/doi/10.1145/3648480
Feng LLin JQiu FYu BJIn ZWang JCheng JYao S(2024)SDAC-BBPP: A Secure Dynamic Access Control Scheme With Blockchain-Based Privacy Protection for IIoTIEEE Transactions on Network and Service Management10.1109/TNSM.2024.337152121:3(3179-3193)Online publication date: 1-Jun-2024
https://dl.acm.org/doi/10.1109/TNSM.2024.3371521
Alex SJagalchandran DPattathil D(2024)Privacy-Preserving and Energy-Saving Random Forest-Based Disease Detection Framework for Green Internet of Things in Mobile Healthcare NetworksIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.334734221:4(4180-4192)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/TDSC.2023.3347342
Adil MKhan MKumar NAttique MFarouk AGuizani MJin Z(2024)Healthcare Internet of Things: Security Threats, Challenges, and Future Research DirectionsIEEE Internet of Things Journal10.1109/JIOT.2024.336028911:11(19046-19069)Online publication date: 1-Jun-2024
https://doi.org/10.1109/JIOT.2024.3360289
Handri EIndra Sensuse DTarigan A(2024)Developing an Agile Cybersecurity Framework With Organizational Culture Approach Using Q MethodologyIEEE Access10.1109/ACCESS.2024.343216012(108835-108850)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3432160
Salim SLahcen O(2024)A BERT-Enhanced Exploration of Web and Mobile Request Safety Through Advanced NLP Models and Hybrid ArchitecturesIEEE Access10.1109/ACCESS.2024.340641312(76180-76193)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3406413
Adam MHammoudeh MAlrawashdeh RAlsulaimy B(2024)A Survey on Security, Privacy, Trust, and Architectural Challenges in IoT SystemsIEEE Access10.1109/ACCESS.2024.338270912(57128-57149)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3382709
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Issue’s Table of Contents