ABSTRACT
The rapid growth of Internet-of-things (IoT) software applications has driven both practitioners and researchers' attention to methodological approaches for secure IoT development. Security issues for IoT is special in the way that they include not only software, but also hardware and network concerns. With the aim at proposing a methodological approach for secure IoT application development, we investigated what are security challenges in the context of IoT development. We reviewed literature and investigated two industry cases. The preliminary finding results in a list of 17 security challenges with regards to technical, organizational and methodological perspectives. Cross-case comparison provides initial explanation about the less emphasis on methodological and organizational security concerns in our cases.
- S Hassan Adelyar and Alex Norta. 2016. Towards a Secure Agile Software Development Process. In Quality of Information and Communications Technology (QUATIC), 2016 10th International Conference on the. IEEE, 101--106.Google ScholarCross Ref
- Subho Shankar Basu, Somanath Tripathy, and Atanu Roy Chowdhury. 2015. Design challenges and security issues in the Internet of Things. In Region 10 Symposium (TENSYMP), 2015 IEEE. IEEE, 90--93. Google ScholarDigital Library
- Konstantin Beznosov. 2003. Extreme security engineering: On employing XP practices to achieve'good enough security'without defining it. In First ACM Workshop on Business Driven Security Engineering (BizSec). Fairfax, VA.Google Scholar
- Rajendra Billure, Varun M Tayur, and V Mahesh. 2015. Internet of Things-a study on the security challenges. In Advance Computing Conference (IACC), 2015 IEEE International. IEEE, 247--252.Google ScholarCross Ref
- Imran Ghani, Nor Izzaty, and Adila Firdaus. 2013. Role-based Extreme Programming (XP) For Secure Software Development. Special Issue-Agile Symposium 25 (2013), 1071--1074. Issue 4.Google Scholar
- Moeen Hassanalieragh, Alex Page, Tolga Soyata, Gaurav Sharma, Mehmet Aktas, Gonzalo Mateos, Burak Kantarci, and Silvana Andreescu. 2015. Health monitoring and management using Internet-of-Things (IoT) sensing with cloud-based processing: Opportunities and challenges. In Services Computing (SCC), 2015 IEEE International Conference on. IEEE, 285--292.Google ScholarDigital Library
- Ivar Jacobson, Ian Spence, and Pan Wei Ng. 2016. Is there a single method for the Internet of Things? Ivar Jacobson International (2016).Google Scholar
- Qi Jing, Athanasios V Vasilakos, Jiafu Wan, Jingwei Lu, and Dechao Qiu. 2014. Security of the Internet of Things: perspectives and challenges. Wireless Networks 20, 8 (2014), 2481--2501. Google ScholarDigital Library
- Sam Lucero. 2016. IoT platforms: enabling the Internet of Things. IHS Technology - Whitepaper (2016), 1--21.Google Scholar
- Mohammad Alshayeb Nabil M. Mohammed, Mahmood Niazi and Sajjad Mahmood. 2017. Exploring software security approaches in software development lifecycle: A systematic mapping study. Computer Standards and Interfaces 50 (2017), 107 -- 115. Google ScholarDigital Library
- National Institute of Standards and Technology (Joint Task Force Transformation Initiative). 2014. Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans. Special Publication 800-53A, Recommendations of the National Institute of Standards and Technology, 53A (2014), 487.Google Scholar
- James Ransome and Anmol Misra. 2013. Core Software Security: Security at the Source. CRC Press.Google Scholar
- Johnny Saldaña. 2015. The coding manual for qualitative researchers. Sage.Google Scholar
- Y Sattarova Feruza and Tao-hoon Kim. 2007. IT security review: Privacy, protection, access control, assurance and system security. International journal of multimedia and ubiquitous engineering 2, 2 (2007), 17--31.Google Scholar
- Xiangyu Sun and Changguang Wang. 2011. The research of security technology in the Internet of Things. In Advances in Computer Science, Intelligent System and Environment. Springer, 113--119. Google ScholarCross Ref
- Frank Swiderski and Window Snyder. 2004. Threat Modeling. Microsoft Press, Redmond, WA, USA.Google Scholar
- Rolf H Weber. 2010. Internet of Things-New security and privacy challenges. Computer law & security review 26, 1 (2010), 23--30. Google ScholarCross Ref
Recommendations
Infiltrating security into development: exploring the world’s largest software security study
ESEC/FSE 2021: Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software EngineeringRecent years have seen rapid increases in cybercrime. The use of effective software security activities plays an important part in preventing the harm involved. Objective research on industry use of software security practices is needed to help ...
Integrating security activities into the software development life cycle and the software quality assurance process
Security concerns should be an integral part of the entire planning, development, and operation of a computer application. Inadequacies in the design and operation of computer applications are very frequent source of security vulnerabilities associated ...
Comments