SIoT Framework: Towards an Approach for Early Identification of Security Requirements for Internet-of-things Applications

Ronald Jabangwe, Anh Nguyen-Duc
2020 e-Informatica Software Engineering Journal  
Security has become more of a concern with the wide deployment of Internet-of-things (IoT) devices. The importance of addressing security risks early in the development lifecycle before pushing to market cannot be over emphasized. Aim: To this end, we propose a conceptual framework to help with identifying security concerns early in the product development lifecycle for Internet-of-things, that we refer to as SIoT (Security for Internet-of-Things). Method: The framework adopts well known
more » ... y engineering approaches and best practices, and systematically builds on existing research work on IoT architecture. Results: Practitioners at a Norwegian start-up company evaluated the framework and found it useful as a foundation for addressing critical security concerns for IoT applications early in the development lifecycle. The output from using the framework can be a checklist that can be used as input during security requirements engineering activities for IoT applications. Conclusions: However, security is a multi-faced concept; therefore, users of the SIoT framework should not view the framework as a panacea to all security threats. The framework may need to be refined in the future, particularly to improve its completeness to cover various IoT contexts.
doi:10.37190/e-inf200103 fatcat:ws2ph4rvgbao5j6u2jztdshoj4