Uma Abordagem para Alinhamento de Requisitos de Segurança e Proteção de Sistemas IoT Críticos
Resumo
A complexidade e heterogeneidade dos sistemas IoT tem dado origem a novos desafios no processo de Engenharia de Requisitos (ER), como o tratamento conjunto de requisitos de segurança e proteção, essenciais em grande parte destes sistemas, principalmente aqueles considerados críticos. Diante da carência de estudos que atendam esse objetivo, este trabalho apresenta uma proposta de abordagem para alinhamento de requisitos de segurança e proteção de sistemas IoT críticos, que visa reduzir a complexidade na realização do processo de ER para engenheiros e desenvolvedores destes sistemas.
Palavras-chave:
requirements engineering, safety, security, requirements alignment, IoT
Referências
Asplund, F., McDermid, J., Oates, R., and Roberts, J. (2019). Rapid Integration of CPS Security and Safety. IEEE Embedded Systems Letters, 11(4):111–114.
Avizienis, A., Laprie, J.-C., Randell, B., and Landwehr, C. (2004). Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing, pages 11–33.
Binder, C., Polanec, K., Brankovic, B., Neureiter, C., Lastro, G., and Lüder, A. (2021). Enabling Model-Based Requirements Engineering in a Complex Industrial System of Systems Environment. In 2021 26th IEEE Int. Conf. on Emerging Technologies and Factory Automation (ETFA ), page 1–6. IEEE Press.
Dixon-Woods, M., Agarwal, S., Jones, D., Young, B., and Sutton, A. (2005). Synthesising qualitative and quantitative evidence: a review of possible methods. Journal of health services research & policy, 10(1):45–53.
Fritz, S., Weber, F., and Ovtcharova, J. (2019). A Guideline for the Requirements Engineering Process of SMEs Regarding to the Development of CPS. In 2019 8th International Conference on Industrial Technology and Management (ICITM), pages 85–94.
Greer, C., Burns, M., Wollman, D., and Griffor, E. (2019). Cyber-Physical Systems and Internet of Things.
Hansch, G., Schneider, P., Fischer, K., and Böttinger, K. (2019). A Unified Architecture for Industrial IoT Security Requirements in Open Platform Communications. In 2019 24th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA), pages 325–332.
Hofbauer, D., Ivkic, I., Maksuti, S., Aldrian, A., and Tauber, M. (2019). On the Cost of Security Compliance in Information Systems. CoRR, abs/1905.06122.
Japs, S. (2020). Security & Safety by Model-based Requirements Engineering. In 2020 IEEE 28th International Requirements Engineering Conference (RE), pages 422–427.
Kavallieratos, G., Katsikas, S., and Gkioulos, V. (2020). SafeSec Tropos: Joint security and safety requirements elicitation. Computer Standards & Interfaces, 70:103429.
Lisova, E., Sljivo, I., and Čaušević, A. (2019). Safety and Security Co-Analyses: A Systematic Literature Review. IEEE Systems Journal, 13(3):2189–2200.
Mailloux, L. O., Span, M., Mills, R. F., and Young,W. (2019). A Top Down Approach for Eliciting Systems Security Requirements for a Notional Autonomous Space System. In 2019 IEEE International Systems Conference (SysCon), pages 1–7.
Nguyen-Duc, A., Khalid, K., Shahid Bajwa, S., and Lønnestad, T. (2019). Minimum Viable Products for Internet of Things Applications: Common Pitfalls and Practices. Future Internet, 11(2).
Piètre-Cambacédès, L. (2010). Des relations entre sûreté et sécurité. PhD thesis, Télécom ParisTech.
Sadvandi, S., Chapon, N., and Piètre-Cambacédès, L. (2012). Safety and Security Interdependencies in Complex Systems and SoS: Challenges and Perspectives. In Complex Systems Design & Management, pages 229–241, Berlin, Heidelberg. Springer Berlin Heidelberg.
Sommerville, I. (2015). Software Engineering. Pearson, 10th edition.
Veiga, E. F. and Bulcão-Neto, R. F. (2022). Engenharia de Requisitos de Sistemas IoT e Ciber-Físicos: Resultados Preliminares. In Anais do WER22 - Workshop em Engenharia de Requisitos, page 1–14.
Wohlin, C. (2014). Guidelines for Snowballing in Systematic Literature Studies and a Replication in Software Engineering. In Proceedings of the 18th International Conference on Evaluation and Assessment in Software Engineering, EASE ’14, New York, NY, USA. Association for Computing Machinery.
Wolf, M. and Serpanos, D. (2018). Safety and Security in Cyber-Physical Systems and Internet-of-Things Systems. Proceedings of the IEEE, 106(1):9–20.
Avizienis, A., Laprie, J.-C., Randell, B., and Landwehr, C. (2004). Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing, pages 11–33.
Binder, C., Polanec, K., Brankovic, B., Neureiter, C., Lastro, G., and Lüder, A. (2021). Enabling Model-Based Requirements Engineering in a Complex Industrial System of Systems Environment. In 2021 26th IEEE Int. Conf. on Emerging Technologies and Factory Automation (ETFA ), page 1–6. IEEE Press.
Dixon-Woods, M., Agarwal, S., Jones, D., Young, B., and Sutton, A. (2005). Synthesising qualitative and quantitative evidence: a review of possible methods. Journal of health services research & policy, 10(1):45–53.
Fritz, S., Weber, F., and Ovtcharova, J. (2019). A Guideline for the Requirements Engineering Process of SMEs Regarding to the Development of CPS. In 2019 8th International Conference on Industrial Technology and Management (ICITM), pages 85–94.
Greer, C., Burns, M., Wollman, D., and Griffor, E. (2019). Cyber-Physical Systems and Internet of Things.
Hansch, G., Schneider, P., Fischer, K., and Böttinger, K. (2019). A Unified Architecture for Industrial IoT Security Requirements in Open Platform Communications. In 2019 24th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA), pages 325–332.
Hofbauer, D., Ivkic, I., Maksuti, S., Aldrian, A., and Tauber, M. (2019). On the Cost of Security Compliance in Information Systems. CoRR, abs/1905.06122.
Japs, S. (2020). Security & Safety by Model-based Requirements Engineering. In 2020 IEEE 28th International Requirements Engineering Conference (RE), pages 422–427.
Kavallieratos, G., Katsikas, S., and Gkioulos, V. (2020). SafeSec Tropos: Joint security and safety requirements elicitation. Computer Standards & Interfaces, 70:103429.
Lisova, E., Sljivo, I., and Čaušević, A. (2019). Safety and Security Co-Analyses: A Systematic Literature Review. IEEE Systems Journal, 13(3):2189–2200.
Mailloux, L. O., Span, M., Mills, R. F., and Young,W. (2019). A Top Down Approach for Eliciting Systems Security Requirements for a Notional Autonomous Space System. In 2019 IEEE International Systems Conference (SysCon), pages 1–7.
Nguyen-Duc, A., Khalid, K., Shahid Bajwa, S., and Lønnestad, T. (2019). Minimum Viable Products for Internet of Things Applications: Common Pitfalls and Practices. Future Internet, 11(2).
Piètre-Cambacédès, L. (2010). Des relations entre sûreté et sécurité. PhD thesis, Télécom ParisTech.
Sadvandi, S., Chapon, N., and Piètre-Cambacédès, L. (2012). Safety and Security Interdependencies in Complex Systems and SoS: Challenges and Perspectives. In Complex Systems Design & Management, pages 229–241, Berlin, Heidelberg. Springer Berlin Heidelberg.
Sommerville, I. (2015). Software Engineering. Pearson, 10th edition.
Veiga, E. F. and Bulcão-Neto, R. F. (2022). Engenharia de Requisitos de Sistemas IoT e Ciber-Físicos: Resultados Preliminares. In Anais do WER22 - Workshop em Engenharia de Requisitos, page 1–14.
Wohlin, C. (2014). Guidelines for Snowballing in Systematic Literature Studies and a Replication in Software Engineering. In Proceedings of the 18th International Conference on Evaluation and Assessment in Software Engineering, EASE ’14, New York, NY, USA. Association for Computing Machinery.
Wolf, M. and Serpanos, D. (2018). Safety and Security in Cyber-Physical Systems and Internet-of-Things Systems. Proceedings of the IEEE, 106(1):9–20.
Publicado
24/04/2023
Como Citar
VEIGA, Ernesto Fonseca.
Uma Abordagem para Alinhamento de Requisitos de Segurança e Proteção de Sistemas IoT Críticos. In: CONGRESSO IBERO-AMERICANO EM ENGENHARIA DE SOFTWARE (CIBSE), 26. , 2023, Montevideo, Uruguai.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2023
.
p. 277-284.
DOI: https://doi.org/10.5753/cibse.2023.24712.
