Designing Security and Privacy Requirements in Internet of Things: A Survey

The design and development process for the Internet of Things (IoT) applications is more complicated than that for desktop, mobile, or web applications. First, IoT applications require both software and hardware to work together across different nodes with different capabilities under different conditions. Secondly, IoT application development involves different software engineers such as desktop, web, embedded and mobile to cooperate. In addition, the development process required different software\hardware stacks to integrated together. Due to above complexities, more often non-functional requirements (such as security and privacy) tend to get ignored in IoT application development process. In this paper, we have reviewed techniques, methods and tools that are being developed to support incorporating security and privacy requirements into traditional application designs. By doing so, we aim to explore how those techniques could be applicable to the IoT domain. In this paper, we primarily focused on two different aspects: (1) design notations, models, and languages that facilitate capturing non-functional requirements (i.e., security and privacy), and (2) proactive and reactive interaction techniques that can be used to support and augment the IoT application design process. Our goal is not only to analyse past research work but also to discuss their applicability towards the IoT.