Apparatus: Reasoning About Security Requirements in the Internet of Things

  • Orestis Mavropoulos
  • Haralambos Mouratidis
  • Andrew Fish
  • Emmanouil Panaousis
  • Christos Kalloniatis
Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 249)


Internet of Things (IoT) can be seen as the main driver towards an era of ubiquitous computing. Taking into account the scale of IoT, the number of security issues that emerge are unprecedented, therefore the need for proposing new methodologies for elaborating about security in IoT systems is undoubtedly crucial and this is recognised by both academia and the industry alike. In this work we present Apparatus, a conceptual model for reasoning about security in IoT systems through the lens of Security Requirements Engineering. Apparatus is architecture-oriented and describes an IoT system as a cluster of nodes that share network connections. The information of the system is documented in a textual manner, using Javascript Notation Object (JSON) format, in order to elicit security requirements. To demonstrate its usage the security requirements of a temperature monitor system are identified and a first application of Apparatus is exhibited.


Internet of things Security requirements engineering IoT conceptual model Information security 


  1. 1.
    Weiser, M.: The computer for the 21st century. Sci. Am. 265(3), 94–104 (1991)CrossRefGoogle Scholar
  2. 2.
    Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54(15), 2787–2805 (2010)CrossRefGoogle Scholar
  3. 3.
    Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., Ayyash, M.: Internet of things: a survey on enabling technologies, protocols, and applications. IEEE Commun. Surv. Tutorials 17(4), 2347–2376 (2015)CrossRefGoogle Scholar
  4. 4.
    Granjal, J., Monteiro, E., Silva, J.S.: Security for the internet of things: a survey of existing protocols and open research issues. IEEE Commun. Surv. Tutorials 17(3), 1294–1312 (2015)CrossRefGoogle Scholar
  5. 5.
    Jing, Q., Vasilakos, A.V., Wan, J., Lu, J., Qiu, D.: Security of the internet of things: perspectives and challenges. Wireless Netw. 20(8), 2481–2501 (2014)CrossRefGoogle Scholar
  6. 6.
    Suo, H., Wan, J., Zou, C., Liu, J.: Security in the internet of things: a review. In: 2012 International Conference on Computer Science and Electronics Engineering, (Hangzhou), pp. 648–651. Institute of Electrical & Electronics Engineers (IEEE) (2012)Google Scholar
  7. 7.
    Du, J., Chao, S.: A study of information security for M2M of IoT. In: 2010 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE) (2010)Google Scholar
  8. 8.
    Liu, J., Xiao, Y., Chen, C.P.: Authentication and access control in the internet of things. In: 2012 32nd International Conference on Distributed Computing Systems Workshops, (Macau), pp. 588–592. Institute of Electrical & Electronics Engineers (IEEE) (2012)Google Scholar
  9. 9.
    Coles, E.S.: Analyzing and specifying security requirements in early stages of software development life cycle. J. Mobile Embed. Distrib. Syst. 7(2), 87–94 (2015)Google Scholar
  10. 10.
    Mead, N.R., Stehney, T.: Security quality requirements engineering (square) methodology. ACM SIGSOFT Softw. Eng. Notes 30(4), 1–7 (2005)CrossRefGoogle Scholar
  11. 11.
    Giorgini, P., Mouratidis, H.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. 17(02), 285–309 (2011)Google Scholar
  12. 12.
    Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. 17, 285–309 (2007)CrossRefGoogle Scholar
  13. 13.
    Ge, M., Kim, D.S.: A framework for modeling and assessing security of the internet of things. In: 2015 IEEE 21st International Conference on Parallel and Distributed Systems (ICPADS), (Melbourne, VIC), pp. 776–781. Institute of Electrical & Electronics Engineers (IEEE) (2015)Google Scholar
  14. 14.
    Haley, C., Laney, R., Moffett, J., Nuseibeh, B.: Security requirements engineering: a framework for representation and analysis. IEEE Trans. Softw. Eng. 34(1), 133–153 (2008)CrossRefGoogle Scholar
  15. 15.
    Alqassem, I.: Privacy and security requirements framework for the internet of things (IoT). In: Companion Proceedings of the 36th International Conference on Software Engineering - ICSE Companion 2014, pp. 739–741 (2014)Google Scholar
  16. 16.
    Gürgens, S., Rudolph, C., Maña, A., Nadjm-Tehrani, S.: Security engineering for embedded systems. In: Proceedings of the International Workshop on Security and Dependability for Resource Constrained Embedded Systems - S&D4RCES 2010 (2010)Google Scholar
  17. 17.
    Babar, S., Stango, A., Prasad, N., Sen, J., Prasad, R.: Proposed embedded security framework for internet of things (IoT). In: 2011 2nd International Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology (Wireless VITAE), pp. 1–5 (2011)Google Scholar
  18. 18.
    Tian, B., xian Yang, Y., Li, D., Li, Q., Xin, Y.: A security framework for wireless sensor networks. J. China Univ. Posts Telecommun. 17(2), 118–122 (2010)CrossRefGoogle Scholar
  19. 19.
    Díaz, M., Martín, C., Rubio, B.: State-of-the-art, challenges, and open issues in the integration of internet of things and cloud computing. J. Netw. Comput. Appl. 67, pp. 99–117 (2016)Google Scholar
  20. 20.
    Yang, Z., Yue, Y., Yang, Y., Peng, Y., Wang, X., Liu, W.: Study and application on the architecture and key technologies for IoT. In: 2011 International Conference on Multimedia Technology, (Hangzhou), pp. 747–751. Institute of Electrical & Electronics Engineers (IEEE) (2011)Google Scholar
  21. 21.
    Miao, W., Ting-lie, L., Fei-Yang, L., Ling, S., Hui-Ying, D.: Research on the architecture of internet of things (Chengdu), vol. 5, pp. 484–485. IEEE (2010)Google Scholar
  22. 22.
    Lu, T., Neng, W.: Future internet: the internet of things (Chengdu), vol. 5, p. 376. IEEE (2010)Google Scholar
  23. 23.
    Krco, S., Pokric, B., Carrez, F.: Designing IoT architecture(s): a European perspective. In: 2014 IEEE World Forum on Internet of Things (WF-IoT) (Seoul), pp. 79–84. Institute of Electrical & Electronics Engineers (IEEE) (2014)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Orestis Mavropoulos
    • 1
  • Haralambos Mouratidis
    • 1
  • Andrew Fish
    • 1
  • Emmanouil Panaousis
    • 1
  • Christos Kalloniatis
    • 1
    • 2
  1. 1.School of Computing Engineering and MathematicsUniversity of BrightonBrightonUK
  2. 2.Department of Cultural Technology and CommunicationUniversity of the AegeanLesvosGreece

Personalised recommendations