Eliciting security requirements for internet of things software application development using semi-formalized model approach

• Main Author: Ibrahim, Asma Asdayana
• Format: Thesis
• Language: English; English
• Published: 2022
• Subjects: T Technology (General); TK Electrical engineering. Electronics Nuclear engineering
• Online Access: http://eprints.utem.edu.my/id/eprint/26911/; https://plh.utem.edu.my/cgi-bin/koha/opac-detail.pl?biblionumber=122059

In today’s era, there is a rapid increase in the demand for Internet of Thing (IoT) applications. Thus, securing the information content delivered among various entities involved in the IoT applications development has become an important issue. It is also identified that high cost is needed in implementing a secured IoT application as it requires efforts, skills, and knowledge to understand the security concern, especially when developers and requirement engineers do not have any formal training in software engineering and eliciting security requirements. Furthermore, security requirement is an important intangible requirement that could be taken as a burden on the smooth functioning of the system or application. Requirement engineers without adequate experience in security are at risk of overlooking security requirement, which frequently leads to the act of misuse. In addition, requirements engineers who are unfamiliar with the IoT applications face problems to elicit accurate security requirements. Motivated by this problem, the main objectives of this study are threefold. The first objective is to determine the security requirements for the IoT applications. Secondly, the study aims to propose a model-based approach for security requirements elicitation of IoT application and finally, to evaluate the approach in terms of usability and correctness in eliciting the security requirements for the IoT applications. A model-based approach was developed in adopting Model-Design Driven (MDD) approach with semiformalized models: Essential Use Cases (EUCs) and Essential User Interface (EUI). Security requirement pattern library and IoT technologies pattern library were developed to assist the correct elicitation from the EUC model. A new model was proposed to be a reference for IoT developers in developing secure IoT applications software. Here, automated tool support was also developed to realise the approach. Finally, a comprehensive evaluation of the approach, comprising the comparison study between the existing tool and our tool, experiments of correctness test, and usability test were conducted. This study also evaluated the feedback from the industry experts, especially on the usability of the approach and tool support. In summary, the findings of the evaluation show that our approach contributed to the body of knowledge of requirements engineering, especially in enhancing the performance and correctness level of security requirement elicitation and its usability for end-to-end elicitation. It is found that the approach was able to enhance the correctness level of the elicited security attribute compared to the manual task, and produce the correct generation of security requirement. The results of the usability test by the novice and experts show that the approach is useful and helpful in eliciting security requirements application software development and is able to ease the elicitation process of security requirements and technologies involved in IoT applications software development.