An Approach for Safety and Security Requirements Alignment of Critical IoT Systems
Abstract
The complexity and heterogeneity of IoT systems have given rise to new challenges in the Requirements Engineering (RE) process, such as the joint treatment of security and protection requirements, essential in most of these systems, especially those considered critical. Given the lack of studies that meet this objective, this work presents a proposal for an approach to align security and protection requirements of critical IoT systems, which aims to reduce the complexity of carrying out the RE process for engineers and developers of these systems.
Keywords:
requirements engineering, safety, security, requirements alignment, IoT
References
Asplund, F., McDermid, J., Oates, R., and Roberts, J. (2019). Rapid Integration of CPS Security and Safety. IEEE Embedded Systems Letters, 11(4):111–114.
Avizienis, A., Laprie, J.-C., Randell, B., and Landwehr, C. (2004). Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing, pages 11–33.
Binder, C., Polanec, K., Brankovic, B., Neureiter, C., Lastro, G., and Lüder, A. (2021). Enabling Model-Based Requirements Engineering in a Complex Industrial System of Systems Environment. In 2021 26th IEEE Int. Conf. on Emerging Technologies and Factory Automation (ETFA ), page 1–6. IEEE Press.
Dixon-Woods, M., Agarwal, S., Jones, D., Young, B., and Sutton, A. (2005). Synthesising qualitative and quantitative evidence: a review of possible methods. Journal of health services research & policy, 10(1):45–53.
Fritz, S., Weber, F., and Ovtcharova, J. (2019). A Guideline for the Requirements Engineering Process of SMEs Regarding to the Development of CPS. In 2019 8th International Conference on Industrial Technology and Management (ICITM), pages 85–94.
Greer, C., Burns, M., Wollman, D., and Griffor, E. (2019). Cyber-Physical Systems and Internet of Things.
Hansch, G., Schneider, P., Fischer, K., and Böttinger, K. (2019). A Unified Architecture for Industrial IoT Security Requirements in Open Platform Communications. In 2019 24th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA), pages 325–332.
Hofbauer, D., Ivkic, I., Maksuti, S., Aldrian, A., and Tauber, M. (2019). On the Cost of Security Compliance in Information Systems. CoRR, abs/1905.06122.
Japs, S. (2020). Security & Safety by Model-based Requirements Engineering. In 2020 IEEE 28th International Requirements Engineering Conference (RE), pages 422–427.
Kavallieratos, G., Katsikas, S., and Gkioulos, V. (2020). SafeSec Tropos: Joint security and safety requirements elicitation. Computer Standards & Interfaces, 70:103429.
Lisova, E., Sljivo, I., and Čaušević, A. (2019). Safety and Security Co-Analyses: A Systematic Literature Review. IEEE Systems Journal, 13(3):2189–2200.
Mailloux, L. O., Span, M., Mills, R. F., and Young,W. (2019). A Top Down Approach for Eliciting Systems Security Requirements for a Notional Autonomous Space System. In 2019 IEEE International Systems Conference (SysCon), pages 1–7.
Nguyen-Duc, A., Khalid, K., Shahid Bajwa, S., and Lønnestad, T. (2019). Minimum Viable Products for Internet of Things Applications: Common Pitfalls and Practices. Future Internet, 11(2).
Piètre-Cambacédès, L. (2010). Des relations entre sûreté et sécurité. PhD thesis, Télécom ParisTech.
Sadvandi, S., Chapon, N., and Piètre-Cambacédès, L. (2012). Safety and Security Interdependencies in Complex Systems and SoS: Challenges and Perspectives. In Complex Systems Design & Management, pages 229–241, Berlin, Heidelberg. Springer Berlin Heidelberg.
Sommerville, I. (2015). Software Engineering. Pearson, 10th edition.
Veiga, E. F. and Bulcão-Neto, R. F. (2022). Engenharia de Requisitos de Sistemas IoT e Ciber-Físicos: Resultados Preliminares. In Anais do WER22 - Workshop em Engenharia de Requisitos, page 1–14.
Wohlin, C. (2014). Guidelines for Snowballing in Systematic Literature Studies and a Replication in Software Engineering. In Proceedings of the 18th International Conference on Evaluation and Assessment in Software Engineering, EASE ’14, New York, NY, USA. Association for Computing Machinery.
Wolf, M. and Serpanos, D. (2018). Safety and Security in Cyber-Physical Systems and Internet-of-Things Systems. Proceedings of the IEEE, 106(1):9–20.
Avizienis, A., Laprie, J.-C., Randell, B., and Landwehr, C. (2004). Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing, pages 11–33.
Binder, C., Polanec, K., Brankovic, B., Neureiter, C., Lastro, G., and Lüder, A. (2021). Enabling Model-Based Requirements Engineering in a Complex Industrial System of Systems Environment. In 2021 26th IEEE Int. Conf. on Emerging Technologies and Factory Automation (ETFA ), page 1–6. IEEE Press.
Dixon-Woods, M., Agarwal, S., Jones, D., Young, B., and Sutton, A. (2005). Synthesising qualitative and quantitative evidence: a review of possible methods. Journal of health services research & policy, 10(1):45–53.
Fritz, S., Weber, F., and Ovtcharova, J. (2019). A Guideline for the Requirements Engineering Process of SMEs Regarding to the Development of CPS. In 2019 8th International Conference on Industrial Technology and Management (ICITM), pages 85–94.
Greer, C., Burns, M., Wollman, D., and Griffor, E. (2019). Cyber-Physical Systems and Internet of Things.
Hansch, G., Schneider, P., Fischer, K., and Böttinger, K. (2019). A Unified Architecture for Industrial IoT Security Requirements in Open Platform Communications. In 2019 24th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA), pages 325–332.
Hofbauer, D., Ivkic, I., Maksuti, S., Aldrian, A., and Tauber, M. (2019). On the Cost of Security Compliance in Information Systems. CoRR, abs/1905.06122.
Japs, S. (2020). Security & Safety by Model-based Requirements Engineering. In 2020 IEEE 28th International Requirements Engineering Conference (RE), pages 422–427.
Kavallieratos, G., Katsikas, S., and Gkioulos, V. (2020). SafeSec Tropos: Joint security and safety requirements elicitation. Computer Standards & Interfaces, 70:103429.
Lisova, E., Sljivo, I., and Čaušević, A. (2019). Safety and Security Co-Analyses: A Systematic Literature Review. IEEE Systems Journal, 13(3):2189–2200.
Mailloux, L. O., Span, M., Mills, R. F., and Young,W. (2019). A Top Down Approach for Eliciting Systems Security Requirements for a Notional Autonomous Space System. In 2019 IEEE International Systems Conference (SysCon), pages 1–7.
Nguyen-Duc, A., Khalid, K., Shahid Bajwa, S., and Lønnestad, T. (2019). Minimum Viable Products for Internet of Things Applications: Common Pitfalls and Practices. Future Internet, 11(2).
Piètre-Cambacédès, L. (2010). Des relations entre sûreté et sécurité. PhD thesis, Télécom ParisTech.
Sadvandi, S., Chapon, N., and Piètre-Cambacédès, L. (2012). Safety and Security Interdependencies in Complex Systems and SoS: Challenges and Perspectives. In Complex Systems Design & Management, pages 229–241, Berlin, Heidelberg. Springer Berlin Heidelberg.
Sommerville, I. (2015). Software Engineering. Pearson, 10th edition.
Veiga, E. F. and Bulcão-Neto, R. F. (2022). Engenharia de Requisitos de Sistemas IoT e Ciber-Físicos: Resultados Preliminares. In Anais do WER22 - Workshop em Engenharia de Requisitos, page 1–14.
Wohlin, C. (2014). Guidelines for Snowballing in Systematic Literature Studies and a Replication in Software Engineering. In Proceedings of the 18th International Conference on Evaluation and Assessment in Software Engineering, EASE ’14, New York, NY, USA. Association for Computing Machinery.
Wolf, M. and Serpanos, D. (2018). Safety and Security in Cyber-Physical Systems and Internet-of-Things Systems. Proceedings of the IEEE, 106(1):9–20.
Published
2023-04-24
How to Cite
VEIGA, Ernesto Fonseca.
An Approach for Safety and Security Requirements Alignment of Critical IoT Systems. In: IBERO-AMERICAN CONFERENCE ON SOFTWARE ENGINEERING (CIBSE), 26. , 2023, Montevideo, Uruguai.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2023
.
p. 277-284.
DOI: https://doi.org/10.5753/cibse.2023.24712.
