e-Informatica Software Engineering Journal (Mar 2020)

SIoT Framework: Towards an Approach for Early Identification of Security Requirements for Internet-of-things Applications

  • Ronald Jabangwe,
  • Anh Nguyen-Duc

DOI
https://doi.org/10.37190/e-Inf200103
Journal volume & issue
Vol. 14, no. 1
pp. 77 – 95

Abstract

Read online

Background: Security has become more of a concern with the wide deployment of Internet-of-things (IoT) devices. The importance of addressing security risks early in the development lifecycle before pushing to market cannot be over emphasized. Aim: To this end, we propose a conceptual framework to help with identifying security concerns early in the product development lifecycle for Internet-of-things, that we refer to as SIoT (Security for Internet-of-Things). Method: The framework adopts well known security engineering approaches and best practices, and systematically builds on existing research work on IoT architecture. Results: Practitioners at a Norwegian start-up company evaluated the framework and found it useful as a foundation for addressing critical security concerns for IoT applications early in the development lifecycle. The output from using the framework can be a checklist that can be used as input during security requirements engineering activities for IoT applications. Conclusions: However, security is a multi-faced concept; therefore, users of the SIoT framework should not view the framework as a panacea to all security threats. The framework may need to be refined in the future, particularly to improve its completeness to cover various IoT contexts.

Keywords