Abstract
The internet of things (IoT) is an environment of interconnected entities, which are identifiable, usable and controllable via the Internet. Trust is useful for a system such as the IoT as the entities involved would like to know how the other entities they have to interact with are going to perform. When developing an IoT entity, it will be desirable to guarantee trust during its whole life cycle. Trust domain is strongly dependent on other domains such as security and privacy. To consider these domains as a whole and to elicit the right requirements since the first phases of the system development life cycle is a key point when developing an IoT entity. This paper presents a requirements elicitation method focusing on trust plus other domains such as security, privacy and usability that increase the trust level of the IoT entity developed. To help the developers to elicit the requirements, we propose a JavaScript notation object template containing all the key elements that must be taken into consideration. We emphasize on the importance of the concept of traceability. This property permits to connect all the elicited requirements guaranteeing more control on the whole requirements engineering process.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Roman, R., Najera, P., Lopez, J.: Securing the internet of things. Computer 44(9), 51–58 (2011)
Fernandez-Gago, C., Moyano, F., Lopez, J.: Modelling trust dynamics in the internet of things. Inf. Sci. 396, 72–82 (2017). https://doi.org/10.1016/j.ins.2017.02.039
Haskins, C., Forsberg, K., Krueger, M., Walden, D., Hamelin, D.: Systems engineering handbook, INCOSE (2006)
Mellado, D., Blanco, C., Sanchez, L.E., Fernandez-Medina, E.: A systematic review of security requirements engineering. Comput. Stand. Interfaces 32(4), 153–165 (2010)
Bresciani, P., Perini, A., Giorgini, P., Giunchiglia, F., Mylopoulos, J.: Tropos: an agent-oriented software development methodology. Auton. Agents Multi-Agent Syst. 8(3), 203–236 (2004)
Massacci, F., Mylopoulos, J., Zannone, N.: Security requirements engineering: the SI* modeling language and the secure tropos methodology. In: Advances in Intelligent Information Systems. Springer, Berlin, pp. 147–174 (2010)
Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. 17(02), 285–309 (2007)
Yu, E.S.-K.: Modelling strategic relationships for process reengineering, Ph.D. thesis, University of Toronto (1995)
Paja, E., Dalpiaz, F., Giorgini, P.: Modelling and reasoning about security requirements in socio-technical systems. Data Knowl. Eng. 98, 123–143 (2015)
Hoffman, L.J., Lawson-Jenkins, K., Blum, J.: Trust beyond security: an expanded trust model. Commun. ACM 49(7), 94–101 (2006)
Pavlidis, M.: Designing for trust. CAiSE (Doctoral Consortium), pp. 3–14 (2011)
Rios, R., Fernandez-Gago, C., Lopez, J.: Modelling privacy-aware trust negotiations. Comput. Secur. (2017)
Ferraris, D., Fernandez-Gago, C., Lopez, J.: A trust by design framework for the internet of things. In: NTMS’2018—Security Track (NTMS 2018 Security Track). France, Paris (2018)
Yan, Z., Zhang, P., Vasilakos, A.V.: A survey on trust management for internet of things. J. Netw. Comput. Appl. 42, 120–134 (2014)
Jøsang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decis. Support Syst. 43(2), 618–644 (2007)
McKnight, D.H., Chervany, N.L.: The meanings of trust. Technical Report MISRC Working Paper Series 96-04 (1996)
Baharuddin, R., Singh, D., Razali, R.: Usability dimensions for mobile applications: a review. Res. J. Appl. Sci. Eng. Technol. 5(6), 2225–2231 (2013)
Mahalle, P., Babar, S., Prasad, N. R., Prasad, R.: Identity management framework towards internet of things (IoT): roadmap and key challenges. In: International Conference on Network Security and Applications, Springer, Berlin, pp. 430–439 (2010)
Rios, R., Fernandez-Gago, C., Lopez, J.: Privacy-aware trust negotiation. In: International Workshop on Security and Trust Management. Springer, Berlin, pp. 98–105 (2016)
Mavropoulos, O., Mouratidis, H., Fish, A., Panaousis, E., Kalloniatis, C.: Apparatus: reasoning about security requirements in the internet of things. In: International Conference on Advanced Information Systems Engineering, Springer, Berlin, pp. 219–230 (2016)
IEEE Computer Society: Software Engineering Standards Committee. IEEE-SA Standards Board. IEEE Recommended Practice for Software Requirements Specifications. Institute of Electrical and Electronics Engineers (1998)
Alonso-Nogueira, A., Estevez-Fernandez, H., Garcia, I.: Jrem: an approach for formalising models in the requirements phase with JSON and NoSQL databases. World Acad. Sci. Eng. Technol. Int. J. Comput. Electr. Autom. Control Inf. Eng. 11(3), 353–358 (2017)
Abdelghani, W., Zayani, C. A., Amous, I., Sedes, F.: Trust management in social internet of things: a survey. In: Conference on e-Business, e-Services and e-Society. Springer, Berlin, pp. 430–441 (2016)
Beth, T., Borcherding, M., Klein, B.: Valuation of trust in open networks. In: European Symposium on Research in Computer Security. Springer, Berlin, pp. 1–18 (1994)
Chang, J., Wang, H., Gang, Y.: A dynamic trust metric for p2p systems. In: 2006 Fifth International Conference on Grid and Cooperative Computing Workshops, IEEE, pp. 117–120 (2006)
Christianson, B., Harbison, W. S.: Why isn’t trust transitive? In: International Workshop on Security Protocols. Springer, Berlin, pp. 171–176 (1996)
Grandison, T., Sloman, M.: A survey of trust in internet applications. IEEE Commun. Surv. Tutor. 3(4), 2–16 (2000)
Marsh, S.P.: Formalising trust as a computational concept, Ph.D. thesis, Department of Computing Science and Mathematics, University of Stirling (1994)
Nitti, M., Girau, R., Atzori, L.: Trustworthiness management in the social internet of things. IEEE Trans. Knowl. Data Eng. 26(5), 1253–1266 (2014)
Yan, Z., Holtmanns, S.: Trust modeling and management: from social trust to digital trust. IGI Global, pp. 290–323 (2008)
Mahmoud, R., Yousuf, T., Aloul, F., Zualkernan, I.: Internet of things (IoT) security: current status, challenges and prospective measures. In: 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), pp. 336–341 (2015)
Farooq, M.U., Waseem, M., Khairi, A., Mazhar, S.: A critical analysis on the security concerns of internet of things (IoT). Int. J. Comput. Appl. 111(7), 1–6 (2015)
Bauer, M., Boussard, M., Bui, N., De Loof, J., Magerkurth, C., Meissner, S., Walewski, J.W.: IoT reference architecture. In: Enabling Things to Talk, pp. 163–211. Springer, Berlin (2013)
Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management (2010)
Ligett, K., Neel, S., Roth, A., Waggoner, B., Wu, S.Z.: Accuracy first: selecting a differential privacy level for accuracy constrained erm. In: Advances in Neural Information Processing Systems, pp. 2566–2576 (2017)
Lesk, M.: Safety risks-human error or mechanical failure?: Lessons from railways. IEEE Secur. Priv. 13(2), 99–102 (2015)
Singh, S., Singh, N.: Internet of things (IoT): security challenges, business opportunities and reference architecture for E-commerce. In: 2015 International Conference on Green Computing and Internet of Things (ICGCIoT), pp. 1577–1581 (2015)
Gou, Q., Yan, L., Liu, Y., Li, Y.: Construction and strategies in IoT security system. In: 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing (pp. 1129–1132) (2013)
Ferraris, D., Fernandez-Gago, C., Daniel, J., Lopez, J.: A segregated architecture for a trust-based network of internet of things. In: 2019 16th IEEE Annual Consumer Communications and Networking Conference (CCNC), pp. 1–6 (2019)
Friedenthal, S., Moore, A., Steiner, R.: A Practical Guide to SysML: The Systems Modeling Language. Morgan Kaufmann, Los Altos (2014)
Kissel, R.L., Stine, K.M., Scholl, M.A., Rossman, H., Fahlsing, J., Gulick, J.: Security considerations in the system development life cycle (No. Special Publication (NIST SP)-800-64 Rev 2) (2008)
Geisser, M., Hildenbrand, T.: A method for collaborative requirements elicitation and decision-supported requirements analysis. In: IFIP World Computer Congress, TC 2 (pp. 108–122). Springer, Boston (2006)
Saaty, T.L.: Analytic hierarchy process. Encyclopedia of Biostatistics, 1, (2005)
Acknowledgements
This work has received funding from the NeCS project by the European Union’s Horizon 2020 research and innovation programme under the Marie Sklodowska-Curie grant agreement No. 675320, the CyberSec4Europe project under SU-ICT-03 programme grant agreement 830929, and the SMOG project founded by the Spanish Ministry of Economy and Competitiveness (TIN2016-79095-C2-1-R). This work reflects only the authors’ view and the Research Executive Agency is not responsible for any use that may be made of the information it contains.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
All authors declare that they have no conflict of interest.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Ferraris, D., Fernandez-Gago, C. TrUStAPIS: a trust requirements elicitation method for IoT. Int. J. Inf. Secur. 19, 111–127 (2020). https://doi.org/10.1007/s10207-019-00438-x
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-019-00438-x