A SECURITY ASSURANCE CASE FOR IoT SYSTEMS USING GOAL STRUCTURE NOTATION

Authors

  • Aftab Alam Janisar Department of Computer and Information Science Universiti Teknologi Petronas, Seri Iskandar, Perak
  • Khairul Shafee Kalid Department of Computer and Information Science Universiti Teknologi Petronas, Seri Iskandar, Perak
  • Aliza Sarlan Department of Computer and Information Science Universiti Teknologi Petronas, Seri Iskandar, Perak
  • Abdul Rehman Gilal Florida International University, 11200 SW 8th St, Miami, FL 33199, USA
  • M. Aqeel Iqbal Department of Software Engineering Faculty of Engineering & Information Technology Foundation University Islamabad, Pakistan.
  • Muhammad Aamir Khan School of Computing Sciences, College of Computing, Informatics and Mathematics, Universiti Teknologi MARA, Shah Alam, Selangor

DOI:

https://doi.org/10.35631/JISTM.1038026

Keywords:

Security Requirement Engineering (SRE), Requirement Engineering (RE), Software Security, Assurance Case

Abstract

IoT-focused cyberattacks had the largest attack surface, despite having a vast environment. Key security requirements (SR) for IoT include data confidentiality, data integrity, authentication, access control, privacy, etc. On the Internet of Things, confidentiality is a crucial security service and the most frequently targeted. Inadequate emphasis on assessment of IoT (SR) leads to attacks and threats. However, the absence of security requirement assessment in IoT systems architecture jeopardizes security, exposing the system to vulnerabilities, risking organizational assets and reputation, while also escalating the cost and time required to address security issues. An assurance case is developed for identification of security requirements assessment based on compliance standards. To communicate, align IoT security measures, and to identify, analyze, and address potential assets, security threats, and attacks systematically.  In this research, a novel and illustrative example of assurance case is provided for the confidentiality security requirement of IoT system, to shed light on possible attacks and threats relevant to IoT assets. This process will help leverage a practical and clear basis for justifiable development of assurance case for IoT security requirement earlier and integration with RE activities. This structured approach will be vital across methodologies like Agile, Waterfall, and SSDL, ensuring compliance with security standards and offering a comprehensive solution to key challenges in IoT security.

Downloads

Download data is not yet available.

Downloads

Published

2025-03-30

How to Cite

Aftab Alam Janisar, Khairul Shafee Kalid, Aliza Sarlan, Abdul Rehman Gilal, M. Aqeel Iqbal, & Muhammad Aamir Khan. (2025). A SECURITY ASSURANCE CASE FOR IoT SYSTEMS USING GOAL STRUCTURE NOTATION. JOURNAL INFORMATION AND TECHNOLOGY MANAGEMENT (JISTM), 10(38). https://doi.org/10.35631/JISTM.1038026