Linking Agile Planning and Safety and Security Analysis in Critical IoT Systems: An Approach based on ISO/IEC/IEEE 15288

Resumo

Critical IoT systems demand the joint treatment of safety and security requirements from the early stages of the system development life cycle. However, the complexity of such systems poses challenges in dealing with these requirements in an integrated fashion. Moreover, the literature identifies a gap in the system scope definition activity, which underpins safety and security analysis and the remaining Requirements Engineering (RE) activities. A clear definition of system scope in project planning helps ensure that requirements are correctly understood and that system development moves in the right direction. Thus, this activity is directly related to the quality of the system development process. In this paper, we bridge project planning and a systems analysis method based on System Theoretic Process Analysis (STPA) through a canvas artifact called SafeSecIoT Canvas. This approach is grounded in ISO/IEC/IEEE 15288:2023 processes and activities for the systems life cycle. We aim to balance an agile approach to project planning with the solidity of the process guidelines of the ISO/IEC/IEEE 15288:2023 standard to improve the quality of the STPA-based safety and security analysis. As a proof of concept, we present how this approach can support the safety and security RE process in the Autonomous Driving Systems application domain.