Eliciting security requirements for internet of things software application development using semi-formalized model approach

In today’s era, there is a rapid increase in the demand for Internet of Thing (IoT) applications. Thus, securing the information content delivered among various entities involved in the IoT applications development has become an important issue. It is also identified that high cost is needed in impl...

Full description

Saved in:
Bibliographic Details
Main Author: Ibrahim, Asma Asdayana
Format: Thesis
Language:English
English
Published: 2022
Subjects:
Online Access:http://eprints.utem.edu.my/id/eprint/26911/1/Eliciting%20security%20requirements%20for%20internet%20of%20things%20software%20application%20development%20using%20semi-formalized%20model%20approach.pdf
http://eprints.utem.edu.my/id/eprint/26911/2/Eliciting%20security%20requirements%20for%20internet%20of%20things%20software%20application%20development%20using%20semi-formalized%20model%20approach.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
id my-utem-ep.26911
record_format uketd_dc
spelling my-utem-ep.269112023-10-16T09:55:59Z Eliciting security requirements for internet of things software application development using semi-formalized model approach 2022 Ibrahim, Asma Asdayana T Technology (General) TK Electrical engineering. Electronics Nuclear engineering In today’s era, there is a rapid increase in the demand for Internet of Thing (IoT) applications. Thus, securing the information content delivered among various entities involved in the IoT applications development has become an important issue. It is also identified that high cost is needed in implementing a secured IoT application as it requires efforts, skills, and knowledge to understand the security concern, especially when developers and requirement engineers do not have any formal training in software engineering and eliciting security requirements. Furthermore, security requirement is an important intangible requirement that could be taken as a burden on the smooth functioning of the system or application. Requirement engineers without adequate experience in security are at risk of overlooking security requirement, which frequently leads to the act of misuse. In addition, requirements engineers who are unfamiliar with the IoT applications face problems to elicit accurate security requirements. Motivated by this problem, the main objectives of this study are threefold. The first objective is to determine the security requirements for the IoT applications. Secondly, the study aims to propose a model-based approach for security requirements elicitation of IoT application and finally, to evaluate the approach in terms of usability and correctness in eliciting the security requirements for the IoT applications. A model-based approach was developed in adopting Model-Design Driven (MDD) approach with semiformalized models: Essential Use Cases (EUCs) and Essential User Interface (EUI). Security requirement pattern library and IoT technologies pattern library were developed to assist the correct elicitation from the EUC model. A new model was proposed to be a reference for IoT developers in developing secure IoT applications software. Here, automated tool support was also developed to realise the approach. Finally, a comprehensive evaluation of the approach, comprising the comparison study between the existing tool and our tool, experiments of correctness test, and usability test were conducted. This study also evaluated the feedback from the industry experts, especially on the usability of the approach and tool support. In summary, the findings of the evaluation show that our approach contributed to the body of knowledge of requirements engineering, especially in enhancing the performance and correctness level of security requirement elicitation and its usability for end-to-end elicitation. It is found that the approach was able to enhance the correctness level of the elicited security attribute compared to the manual task, and produce the correct generation of security requirement. The results of the usability test by the novice and experts show that the approach is useful and helpful in eliciting security requirements application software development and is able to ease the elicitation process of security requirements and technologies involved in IoT applications software development. 2022 Thesis http://eprints.utem.edu.my/id/eprint/26911/ http://eprints.utem.edu.my/id/eprint/26911/1/Eliciting%20security%20requirements%20for%20internet%20of%20things%20software%20application%20development%20using%20semi-formalized%20model%20approach.pdf text en public http://eprints.utem.edu.my/id/eprint/26911/2/Eliciting%20security%20requirements%20for%20internet%20of%20things%20software%20application%20development%20using%20semi-formalized%20model%20approach.pdf text en validuser https://plh.utem.edu.my/cgi-bin/koha/opac-detail.pl?biblionumber=122059 phd doctoral Universiti Teknikal Malaysia Melaka Faculty of Information and Communication Technology Kamalrudin, Massila
institution Universiti Teknikal Malaysia Melaka
collection UTeM Repository
language English
English
advisor Kamalrudin, Massila
topic T Technology (General)
T Technology (General)
spellingShingle T Technology (General)
T Technology (General)
Ibrahim, Asma Asdayana
Eliciting security requirements for internet of things software application development using semi-formalized model approach
description In today’s era, there is a rapid increase in the demand for Internet of Thing (IoT) applications. Thus, securing the information content delivered among various entities involved in the IoT applications development has become an important issue. It is also identified that high cost is needed in implementing a secured IoT application as it requires efforts, skills, and knowledge to understand the security concern, especially when developers and requirement engineers do not have any formal training in software engineering and eliciting security requirements. Furthermore, security requirement is an important intangible requirement that could be taken as a burden on the smooth functioning of the system or application. Requirement engineers without adequate experience in security are at risk of overlooking security requirement, which frequently leads to the act of misuse. In addition, requirements engineers who are unfamiliar with the IoT applications face problems to elicit accurate security requirements. Motivated by this problem, the main objectives of this study are threefold. The first objective is to determine the security requirements for the IoT applications. Secondly, the study aims to propose a model-based approach for security requirements elicitation of IoT application and finally, to evaluate the approach in terms of usability and correctness in eliciting the security requirements for the IoT applications. A model-based approach was developed in adopting Model-Design Driven (MDD) approach with semiformalized models: Essential Use Cases (EUCs) and Essential User Interface (EUI). Security requirement pattern library and IoT technologies pattern library were developed to assist the correct elicitation from the EUC model. A new model was proposed to be a reference for IoT developers in developing secure IoT applications software. Here, automated tool support was also developed to realise the approach. Finally, a comprehensive evaluation of the approach, comprising the comparison study between the existing tool and our tool, experiments of correctness test, and usability test were conducted. This study also evaluated the feedback from the industry experts, especially on the usability of the approach and tool support. In summary, the findings of the evaluation show that our approach contributed to the body of knowledge of requirements engineering, especially in enhancing the performance and correctness level of security requirement elicitation and its usability for end-to-end elicitation. It is found that the approach was able to enhance the correctness level of the elicited security attribute compared to the manual task, and produce the correct generation of security requirement. The results of the usability test by the novice and experts show that the approach is useful and helpful in eliciting security requirements application software development and is able to ease the elicitation process of security requirements and technologies involved in IoT applications software development.
format Thesis
qualification_name Doctor of Philosophy (PhD.)
qualification_level Doctorate
author Ibrahim, Asma Asdayana
author_facet Ibrahim, Asma Asdayana
author_sort Ibrahim, Asma Asdayana
title Eliciting security requirements for internet of things software application development using semi-formalized model approach
title_short Eliciting security requirements for internet of things software application development using semi-formalized model approach
title_full Eliciting security requirements for internet of things software application development using semi-formalized model approach
title_fullStr Eliciting security requirements for internet of things software application development using semi-formalized model approach
title_full_unstemmed Eliciting security requirements for internet of things software application development using semi-formalized model approach
title_sort eliciting security requirements for internet of things software application development using semi-formalized model approach
granting_institution Universiti Teknikal Malaysia Melaka
granting_department Faculty of Information and Communication Technology
publishDate 2022
url http://eprints.utem.edu.my/id/eprint/26911/1/Eliciting%20security%20requirements%20for%20internet%20of%20things%20software%20application%20development%20using%20semi-formalized%20model%20approach.pdf
http://eprints.utem.edu.my/id/eprint/26911/2/Eliciting%20security%20requirements%20for%20internet%20of%20things%20software%20application%20development%20using%20semi-formalized%20model%20approach.pdf
_version_ 1783728749132382208