{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,7]],"date-time":"2026-04-07T02:45:12Z","timestamp":1775529912592,"version":"3.50.1"},"reference-count":130,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2021,2,1]],"date-time":"2021-02-01T00:00:00Z","timestamp":1612137600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"EPSRC PETRAS","award":["EP\/S035362\/1"],"award-info":[{"award-number":["EP\/S035362\/1"]}]},{"name":"EPSRC PACE","award":["EP\/R033439\/1"],"award-info":[{"award-number":["EP\/R033439\/1"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Internet Things"],"published-print":{"date-parts":[[2021,2,28]]},"abstract":"<jats:p>The design and development process for internet of things (IoT) applications is more complicated than that for desktop, mobile, or web applications. First, IoT applications require both software and hardware to work together across many different types of nodes with different capabilities under different conditions. Second, IoT application development involves different types of software engineers such as desktop, web, embedded, and mobile to work together. Furthermore, non-software engineering personnel such as business analysts are also involved in the design process. In addition to the complexity of having multiple software engineering specialists cooperating to merge different hardware and software components together, the development process requires different software and hardware stacks to be integrated together (e.g., different stacks from different companies such as Microsoft Azure and IBM Bluemix). Due to the above complexities, non-functional requirements (such as security and privacy, which are highly important in the context of the IoT) tend to be ignored or treated as though they are less important in the IoT application development process. This article reviews techniques, methods, and tools to support security and privacy requirements in existing non-IoT application designs, enabling their use and integration into IoT applications. This article primarily focuses on design notations, models, and languages that facilitate capturing non-functional requirements (i.e., security and privacy). Our goal is not only to analyse, compare, and consolidate the empirical research but also to appreciate their findings and discuss their applicability for the IoT.<\/jats:p>","DOI":"10.1145\/3437537","type":"journal-article","created":{"date-parts":[[2021,2,1]],"date-time":"2021-02-01T18:00:04Z","timestamp":1612202404000},"page":"1-37","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":70,"title":["Security and Privacy Requirements for the Internet of Things"],"prefix":"10.1145","volume":"2","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8751-1000","authenticated-orcid":false,"given":"Nada","family":"Alhirabi","sequence":"first","affiliation":[{"name":"Cardiff University, UK and King Saud University, Riyadh, Saudi Arabia"}]},{"given":"Omer","family":"Rana","sequence":"additional","affiliation":[{"name":"Cardiff University, Cardiff, UK"}]},{"given":"Charith","family":"Perera","sequence":"additional","affiliation":[{"name":"Cardiff University, Cardiff, UK"}]}],"member":"320","published-online":{"date-parts":[[2021,2]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"ISO\/IEC JTC 1\/SC 27. 2011. ISO\/IEC 29100:2011(en): Information technology\u2014Security techniques\u2014Privacy framework. Retrieved from https:\/\/www.iso.org\/obp\/ui\/#iso:std:iso-iec:29100:ed-1:v1:en.  ISO\/IEC JTC 1\/SC 27. 2011. ISO\/IEC 29100:2011(en): Information technology\u2014Security techniques\u2014Privacy framework. Retrieved from https:\/\/www.iso.org\/obp\/ui\/#iso:std:iso-iec:29100:ed-1:v1:en."},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2012.04.001"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2462456.2464460"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0950-5849(02)00092-7"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.3390\/s18030817"},{"key":"e_1_2_1_6_1","volume-title":"Proceedings of the 18th IEEE International Requirements Engineering Conference. 189--198","author":"Ameller D.","year":"2010","unstructured":"D. Ameller , X. Franch , and J. Cabot . 2010. Dealing with non-functional requirements in model-driven development . In Proceedings of the 18th IEEE International Requirements Engineering Conference. 189--198 . DOI:https:\/\/doi.org\/10.1109\/RE. 2010 .32 10.1109\/RE.2010.32 D. Ameller, X. Franch, and J. Cabot. 2010. Dealing with non-functional requirements in model-driven development. In Proceedings of the 18th IEEE International Requirements Engineering Conference. 189--198. DOI:https:\/\/doi.org\/10.1109\/RE.2010.32"},{"key":"e_1_2_1_7_1","unstructured":"ARC. 2019. Excellence in Research for Australia (ERA). Retrieved from https:\/\/www.arc.gov.au\/excellence-research-australia.  ARC. 2019. Excellence in Research for Australia (ERA). Retrieved from https:\/\/www.arc.gov.au\/excellence-research-australia."},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1016\/J.COSE.2017.04.005"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2010.05.010"},{"key":"e_1_2_1_10_1","unstructured":"Rebecca Balebako Abigail Marsh Jialiu Lin Jason I. Hong and Lorrie Faith Cranor. 2014. The privacy and security behaviors of smartphone app developers. Retrieved from http:\/\/citeseerx.ist.psu.edu\/viewdoc\/download?doi=10.1.1.661.42218rep=rep18type=pdf.  Rebecca Balebako Abigail Marsh Jialiu Lin Jason I. Hong and Lorrie Faith Cranor. 2014. The privacy and security behaviors of smartphone app developers. Retrieved from http:\/\/citeseerx.ist.psu.edu\/viewdoc\/download?doi=10.1.1.661.42218rep=rep18type=pdf."},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2008.05.011"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2003.1176998"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2684432.2684439"},{"key":"e_1_2_1_14_1","unstructured":"Jan Lauren Boyles Aaron Smith and Mary Madden. 2012. Privacy and Data Management on Mobile Devices. Retrieved from https:\/\/www.pewinternet.org\/2012\/09\/05\/privacy-and-data-management-on-mobile-devices\/.  Jan Lauren Boyles Aaron Smith and Mary Madden. 2012. Privacy and Data Management on Mobile Devices. Retrieved from https:\/\/www.pewinternet.org\/2012\/09\/05\/privacy-and-data-management-on-mobile-devices\/."},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10270-011-0218-8"},{"key":"e_1_2_1_16_1","doi-asserted-by":"crossref","unstructured":"Richard A. Caralli J. Stevens L. Young and W. R. Wilson. 2007. Introducing OCTAVE Allegro: Improving the information security risk assessment process. Technical Report. CMU\/SEI-2007-TR-012. Retrieved from https:\/\/resources.sei.cmu.edu\/library\/asset-view.cfm?assetID=8419.  Richard A. Caralli J. Stevens L. Young and W. R. Wilson. 2007. Introducing OCTAVE Allegro: Improving the information security risk assessment process. Technical Report. CMU\/SEI-2007-TR-012. Retrieved from https:\/\/resources.sei.cmu.edu\/library\/asset-view.cfm?assetID=8419.","DOI":"10.21236\/ADA470450"},{"key":"e_1_2_1_17_1","volume-title":"Proceedings of the IEEE Conference on Emerging Technologies and Factory Automation (EFTA\u201907)","author":"Chatzigiannakis Ioannis","year":"2007","unstructured":"Ioannis Chatzigiannakis , Georgios Mylonas , and Sotiris Nikoletseas . 2007 . 50 ways to build your application: A survey of middleware and systems for wireless sensor networks . In Proceedings of the IEEE Conference on Emerging Technologies and Factory Automation (EFTA\u201907) . IEEE, 466--473. Ioannis Chatzigiannakis, Georgios Mylonas, and Sotiris Nikoletseas. 2007. 50 ways to build your application: A survey of middleware and systems for wireless sensor networks. In Proceedings of the IEEE Conference on Emerging Technologies and Factory Automation (EFTA\u201907). IEEE, 466--473."},{"key":"e_1_2_1_18_1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1080\/07366981.2017.1343548","article-title":"The proactive and preventive privacy (3P) framework for IoT privacy by design","volume":"57","author":"Chaudhuri Abhik","year":"2018","unstructured":"Abhik Chaudhuri and Ann Cavoukian . 2018 . The proactive and preventive privacy (3P) framework for IoT privacy by design . EDPACS 57 , 1 (2018), 1 -- 16 . Abhik Chaudhuri and Ann Cavoukian. 2018. The proactive and preventive privacy (3P) framework for IoT privacy by design. EDPACS 57, 1 (2018), 1--16.","journal-title":"EDPACS"},{"key":"e_1_2_1_19_1","unstructured":"Y. Cherdantseva. 2014. Secure * BPMN\u2014A Graphical Extension for BPMN 2.0 Based on a Reference Model of Information Assurance 8 Security. Ph.D. Dissertation. Yulia Cherdantseva Cardiff University. Retrieved from https:\/\/ethos.bl.uk\/OrderDetails.do?uin=uk.bl.ethos.655937.  Y. Cherdantseva. 2014. Secure * BPMN\u2014A Graphical Extension for BPMN 2.0 Based on a Reference Model of Information Assurance 8 Security. Ph.D. Dissertation. Yulia Cherdantseva Cardiff University. Retrieved from https:\/\/ethos.bl.uk\/OrderDetails.do?uin=uk.bl.ethos.655937."},{"key":"e_1_2_1_20_1","unstructured":"Collaboration. [n.d.]. privacy patterns. Retrieved from https:\/\/privacypatterns.org\/.  Collaboration. [n.d.]. privacy patterns. Retrieved from https:\/\/privacypatterns.org\/."},{"key":"e_1_2_1_21_1","volume-title":"Growing opportunities in the Internet of Things. McKinsey July","author":"Dahlqvist Fredrik","year":"2019","unstructured":"Fredrik Dahlqvist , Mark Patel , Alexander Rajko , and Jonathan Shulman . 2019. Growing opportunities in the Internet of Things. McKinsey July ( 2019 ). Fredrik Dahlqvist, Mark Patel, Alexander Rajko, and Jonathan Shulman. 2019. Growing opportunities in the Internet of Things. McKinsey July (2019)."},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.scico.2006.10.010"},{"key":"e_1_2_1_23_1","volume-title":"Proceedings of the IEEE Symposium on Visual Languages and Human-centric Computing (VL\/HCC\u201918)","author":"De Morais Cleber Matos","year":"2018","unstructured":"Cleber Matos De Morais , Judith Kelner , Djamel Sadok , and Thea Lynn . 2018 . SiMoNa: A proof-of-concept domain specific modeling language for IoT infographics . In Proceedings of the IEEE Symposium on Visual Languages and Human-centric Computing (VL\/HCC\u201918) . 199--203. DOI:https:\/\/doi.org\/10.1109\/VLHCC.2018.8506502 10.1109\/VLHCC.2018.8506502 Cleber Matos De Morais, Judith Kelner, Djamel Sadok, and Thea Lynn. 2018. SiMoNa: A proof-of-concept domain specific modeling language for IoT infographics. In Proceedings of the IEEE Symposium on Visual Languages and Human-centric Computing (VL\/HCC\u201918). 199--203. DOI:https:\/\/doi.org\/10.1109\/VLHCC.2018.8506502"},{"key":"e_1_2_1_24_1","volume-title":"Proceedings of the International Conference on Advanced Visual Interfaces. ACM, 67--74","author":"D\u00edaz Paloma","unstructured":"Paloma D\u00edaz , Ignacio Aedo , Mary Beth Rosson , and John M. Carroll . 2010. A visual tool for using design patterns as pattern languages . In Proceedings of the International Conference on Advanced Visual Interfaces. ACM, 67--74 . Paloma D\u00edaz, Ignacio Aedo, Mary Beth Rosson, and John M. Carroll. 2010. A visual tool for using design patterns as pattern languages. In Proceedings of the International Conference on Advanced Visual Interfaces. ACM, 67--74."},{"key":"e_1_2_1_25_1","volume-title":"Proceedings of the IEEE Symposium on Visual Languages and Human-centric Computing (VL\/HCC\u201908)","author":"D\u00edaz Paloma","year":"2008","unstructured":"Paloma D\u00edaz , Ignacio Aedo , Daniel Sanz , and Alessio Malizia . 2008 . A model-driven approach for the visual specification of Role-Based Access Control policies in web systems . In Proceedings of the IEEE Symposium on Visual Languages and Human-centric Computing (VL\/HCC\u201908) . 203--210. DOI:https:\/\/doi.org\/10.1109\/VLHCC.2008.4639087 10.1109\/VLHCC.2008.4639087 Paloma D\u00edaz, Ignacio Aedo, Daniel Sanz, and Alessio Malizia. 2008. A model-driven approach for the visual specification of Role-Based Access Control policies in web systems. In Proceedings of the IEEE Symposium on Visual Languages and Human-centric Computing (VL\/HCC\u201908). 203--210. DOI:https:\/\/doi.org\/10.1109\/VLHCC.2008.4639087"},{"key":"e_1_2_1_26_1","article-title":"Regulation 2016\/679","volume":"59","author":"Union European","year":"2016","unstructured":"European Union . 2016 . Regulation 2016\/679 . Offic. J. Eur. Commun. 59 , L 119 (2016), 1--88. DOI:https:\/\/doi.org\/pri\/en\/oj\/dat\/2003\/l_285\/l_28520031101en00330037.pdf. European Union. 2016. Regulation 2016\/679. Offic. J. Eur. Commun. 59, L 119 (2016), 1--88. DOI:https:\/\/doi.org\/pri\/en\/oj\/dat\/2003\/l_285\/l_28520031101en00330037.pdf.","journal-title":"Offic. J. Eur. Commun."},{"key":"e_1_2_1_27_1","first-page":"1","article-title":"The internet of things: How the next evolution of the internet is changing everything","volume":"1","author":"Evans Dave","year":"2011","unstructured":"Dave Evans . 2011 . The internet of things: How the next evolution of the internet is changing everything . CISCO White Paper 1 , 2011 (2011), 1 -- 11 . Dave Evans. 2011. The internet of things: How the next evolution of the internet is changing everything. CISCO White Paper 1, 2011 (2011), 1--11.","journal-title":"CISCO White Paper"},{"key":"e_1_2_1_28_1","volume-title":"Proceedings of the International Computer Software and Applications Conference","volume":"2","author":"Farkas Tibor","year":"2009","unstructured":"Tibor Farkas , Carsten Neumann , and Andreas Hinnerichs . 2009 . An integrative approach for embedded software design with UML and simulink . In Proceedings of the International Computer Software and Applications Conference , Vol. 2 . IEEE, 516--521. DOI:https:\/\/doi.org\/10.1109\/COMPSAC.2009.185 10.1109\/COMPSAC.2009.185 Tibor Farkas, Carsten Neumann, and Andreas Hinnerichs. 2009. An integrative approach for embedded software design with UML and simulink. In Proceedings of the International Computer Software and Applications Conference, Vol. 2. IEEE, 516--521. DOI:https:\/\/doi.org\/10.1109\/COMPSAC.2009.185"},{"key":"e_1_2_1_29_1","volume-title":"Proceedings of the 2nd International Conference on Electronics, Communication and Aerospace Technology (ICECA\u201918)","author":"Fernandes Avelet Maria","year":"2018","unstructured":"Avelet Maria Fernandes , Anusha Pai , and Louella M . Mesquita Colaco. 2018. Secure SDLC for IoT based health monitor . In Proceedings of the 2nd International Conference on Electronics, Communication and Aerospace Technology (ICECA\u201918) . 1236--1241. DOI:https:\/\/doi.org\/10.1109\/ICECA. 2018 .8474668 10.1109\/ICECA.2018.8474668 Avelet Maria Fernandes, Anusha Pai, and Louella M. Mesquita Colaco. 2018. Secure SDLC for IoT based health monitor. In Proceedings of the 2nd International Conference on Electronics, Communication and Aerospace Technology (ICECA\u201918). 1236--1241. DOI:https:\/\/doi.org\/10.1109\/ICECA.2018.8474668"},{"key":"e_1_2_1_30_1","volume-title":"Proceedings of the Design Automation Conference. 583--586","author":"Peter","unstructured":"Peter L. Flake and Simon J. Davidmann. 2000. Superlog, a unified design language for system-on-chip . In Proceedings of the Design Automation Conference. 583--586 . DOI:https:\/\/doi.org\/10.1145\/368434.368814 10.1145\/368434.368814 Peter L. Flake and Simon J. Davidmann. 2000. Superlog, a unified design language for system-on-chip. In Proceedings of the Design Automation Conference. 583--586. DOI:https:\/\/doi.org\/10.1145\/368434.368814"},{"key":"e_1_2_1_31_1","volume-title":"Proceedings of the 14th International Conference on Software Engineering and Knowledge Engineering. 327--334","author":"Francese R.","unstructured":"R. Francese , G. Scanniello , G. Costagliola , A. De Lucia , and M. Risi . 2002. A component-based visual environment development process . In Proceedings of the 14th International Conference on Software Engineering and Knowledge Engineering. 327--334 . DOI:https:\/\/doi.org\/10.1145\/568813.568818 10.1145\/568813.568818 R. Francese, G. Scanniello, G. Costagliola, A. De Lucia, and M. Risi. 2002. A component-based visual environment development process. In Proceedings of the 14th International Conference on Software Engineering and Knowledge Engineering. 327--334. DOI:https:\/\/doi.org\/10.1145\/568813.568818"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2010.159"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2008.05.004"},{"key":"e_1_2_1_34_1","volume-title":"Proceedings of the 5th International Conference on the Internet of Things (IOT\u201915)","author":"Giang Nam Ky","unstructured":"Nam Ky Giang , Michael Blackstock , Rodger Lea , and Victor C. M. Leung . 2015. Developing IoT applications in the fog: A distributed dataflow approach . In Proceedings of the 5th International Conference on the Internet of Things (IOT\u201915) . IEEE, 155--162. Nam Ky Giang, Michael Blackstock, Rodger Lea, and Victor C. M. Leung. 2015. Developing IoT applications in the fog: A distributed dataflow approach. In Proceedings of the 5th International Conference on the Internet of Things (IOT\u201915). IEEE, 155--162."},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jvlc.2009.11.002"},{"key":"e_1_2_1_36_1","volume-title":"Proceedings of the 9th IEEE International Conference on Engineering of Complex Computer Systems. 19\u201428","author":"Eonsuk Shin M.","unstructured":"M. Eonsuk Shin and H. Gomaa . 2004. Modeling complex systems by separating application and security concerns . In Proceedings of the 9th IEEE International Conference on Engineering of Complex Computer Systems. 19\u201428 . M. Eonsuk Shin and H. Gomaa. 2004. Modeling complex systems by separating application and security concerns. In Proceedings of the 9th IEEE International Conference on Engineering of Complex Computer Systems. 19\u201428."},{"key":"e_1_2_1_37_1","volume-title":"Evaluating different i*-based approaches for selecting functional requirements while balancing and optimizing non-functional requirements: A controlled experiment. Inf. Softw. Technol","author":"Gomariz-Castillo Francisco","year":"2017","unstructured":"Francisco Gomariz-Castillo , Irene Garrig\u00f3s , Jose-Alfonso Aguilar , Jose Zubcoff , Sven Casteleyn , and Jose-Norberto Maz\u00f3n . 2018. Evaluating different i*-based approaches for selecting functional requirements while balancing and optimizing non-functional requirements: A controlled experiment. Inf. Softw. Technol . 106, Jan. 2017 (2018), 68--84. DOI:https:\/\/doi.org\/10.1016\/j.infsof.2018.09.004 10.1016\/j.infsof.2018.09.004 Francisco Gomariz-Castillo, Irene Garrig\u00f3s, Jose-Alfonso Aguilar, Jose Zubcoff, Sven Casteleyn, and Jose-Norberto Maz\u00f3n. 2018. Evaluating different i*-based approaches for selecting functional requirements while balancing and optimizing non-functional requirements: A controlled experiment. Inf. Softw. Technol. 106, Jan. 2017 (2018), 68--84. DOI:https:\/\/doi.org\/10.1016\/j.infsof.2018.09.004"},{"key":"e_1_2_1_38_1","doi-asserted-by":"crossref","first-page":"143","DOI":"10.1016\/j.comnet.2014.02.010","article-title":"Midgar: Generation of heterogeneous objects interconnecting applications. A domain specific language proposal for Internet of Things scenarios","volume":"64","author":"Garc\u00eda Cristian Gonz\u00e1lez","year":"2014","unstructured":"Cristian Gonz\u00e1lez Garc\u00eda , B. Cristina Pelayo G- Bustelo , Jord\u00e1n Pascual Espada , and Guillermo Cueva-Fernandez . 2014 . Midgar: Generation of heterogeneous objects interconnecting applications. A domain specific language proposal for Internet of Things scenarios . Comput. Netw. 64 (2014), 143 -- 158 . DOI:https:\/\/doi.org\/10.1016\/j.comnet.2014.02.010 10.1016\/j.comnet.2014.02.010 Cristian Gonz\u00e1lez Garc\u00eda, B. Cristina Pelayo G-Bustelo, Jord\u00e1n Pascual Espada, and Guillermo Cueva-Fernandez. 2014. Midgar: Generation of heterogeneous objects interconnecting applications. A domain specific language proposal for Internet of Things scenarios. Comput. Netw. 64 (2014), 143--158. DOI:https:\/\/doi.org\/10.1016\/j.comnet.2014.02.010","journal-title":"Comput. Netw."},{"key":"e_1_2_1_39_1","unstructured":"Google. [n.d.]. Google Nest. Retrieved from https:\/\/nest.com\/uk\/.  Google. [n.d.]. Google Nest. Retrieved from https:\/\/nest.com\/uk\/."},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2013.01.010"},{"key":"e_1_2_1_41_1","doi-asserted-by":"crossref","first-page":"372","DOI":"10.3390\/e20050372","article-title":"Software code smell prediction model using shannon, r\u00e9nyi, and tsallis entropies","volume":"20","author":"Gupta Aakanshi","year":"2018","unstructured":"Aakanshi Gupta , Bharti Suri , Vijay Kumar , Sanjay Misra , Tomas Bla\u017eauskas , and Robertas Dama\u0161evi\u010dius . 2018 . Software code smell prediction model using shannon, r\u00e9nyi, and tsallis entropies . Entropy 20 , 5 (2018), 372 . Aakanshi Gupta, Bharti Suri, Vijay Kumar, Sanjay Misra, Tomas Bla\u017eauskas, and Robertas Dama\u0161evi\u010dius. 2018. Software code smell prediction model using shannon, r\u00e9nyi, and tsallis entropies. Entropy 20, 5 (2018), 372.","journal-title":"Entropy"},{"key":"e_1_2_1_42_1","volume-title":"Proceedings of the IEEE International Conference on Web Services (ICWS\u201905)","author":"Hafner M.","year":"2005","unstructured":"M. Hafner , M. Breu , R. Breu , and A. Nowak . 2005. Modelling inter-organizational workflow security in a peer-to-peer environment . In Proceedings of the IEEE International Conference on Web Services (ICWS\u201905) . DOI:https:\/\/doi.org\/10.1109\/ICWS. 2005 .83 10.1109\/ICWS.2005.83 M. Hafner, M. Breu, R. Breu, and A. Nowak. 2005. Modelling inter-organizational workflow security in a peer-to-peer environment. In Proceedings of the IEEE International Conference on Web Services (ICWS\u201905). DOI:https:\/\/doi.org\/10.1109\/ICWS.2005.83"},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1108\/10662240610710978"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976767.2976812"},{"key":"e_1_2_1_45_1","volume-title":"Proceedings of the European Symposium on Research in Computer Security. LNCS","volume":"2808","author":"Heldal Rogardt","year":"2003","unstructured":"Rogardt Heldal and Fredrik Hultin . 2003 . Bridging model-based and language-based security . In Proceedings of the European Symposium on Research in Computer Security. LNCS , Vol. 2808 (2003), 235--236. Rogardt Heldal and Fredrik Hultin. 2003. Bridging model-based and language-based security. In Proceedings of the European Symposium on Research in Computer Security. LNCS, Vol. 2808 (2003), 235--236."},{"key":"e_1_2_1_46_1","volume-title":"Proceedings of the 5th International Conference on the Internet of Things (IOT\u201915)","author":"Heo Sehyeon","year":"2015","unstructured":"Sehyeon Heo , Sungpil Woo , Janggwan Im , and Daeyoung Kim . 2015 . IoT-MAP: IoT mashup application platform for the flexible IoT ecosystem . In Proceedings of the 5th International Conference on the Internet of Things (IOT\u201915) . IEEE, 163--170. Sehyeon Heo, Sungpil Woo, Janggwan Im, and Daeyoung Kim. 2015. IoT-MAP: IoT mashup application platform for the flexible IoT ecosystem. In Proceedings of the 5th International Conference on the Internet of Things (IOT\u201915). IEEE, 163--170."},{"key":"e_1_2_1_47_1","volume-title":"Proceedings of the Black Hat USA Conference. 1--8.","author":"Hernandez Grant","year":"2014","unstructured":"Grant Hernandez , Orlando Arias , Daniel Buentello , and Yier Jin . 2014 . Smart Nest thermostat: A smart spy in your home . In Proceedings of the Black Hat USA Conference. 1--8. Grant Hernandez, Orlando Arias, Daniel Buentello, and Yier Jin. 2014. Smart Nest thermostat: A smart spy in your home. In Proceedings of the Black Hat USA Conference. 1--8."},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/604251.604254"},{"key":"e_1_2_1_49_1","unstructured":"Jeffrey A. Hoffer. 2012. Modern Systems Analysis and Design 6\/e. Pearson Education India.  Jeffrey A. Hoffer. 2012. Modern Systems Analysis and Design 6\/e. Pearson Education India."},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10270-012-0263-y"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/MPRV.2017.2940957"},{"key":"e_1_2_1_52_1","volume-title":"The Security Development Lifecycle","author":"Howard Michael","unstructured":"Michael Howard and Steve Lipner . 2006. The Security Development Lifecycle . Vol. 8 . Microsoft Press , Redmond WA . Michael Howard and Steve Lipner. 2006. The Security Development Lifecycle. Vol. 8. Microsoft Press, Redmond WA."},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCC.2010.2047856"},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2017.2703172"},{"key":"e_1_2_1_55_1","unstructured":"ISO\/IEC. 2013. BS ISO\/IEC DIS 27001. Retrieved from https:\/\/www.iso.org\/isoiec-27001-information-security.html.  ISO\/IEC. 2013. BS ISO\/IEC DIS 27001. Retrieved from https:\/\/www.iso.org\/isoiec-27001-information-security.html."},{"key":"e_1_2_1_56_1","unstructured":"ISO\/IEC JTC 1\/SC 7. 2011. ISO\/IEC 25010:2011(en): Systems and software Quality Requirements and Evaluation (SQuaRE)\u2014System and software quality models. Retrieved from https:\/\/www.iso.org\/obp\/ui\/#iso:std:iso-iec:25010:ed-1:v1:en.  ISO\/IEC JTC 1\/SC 7. 2011. ISO\/IEC 25010:2011(en): Systems and software Quality Requirements and Evaluation (SQuaRE)\u2014System and software quality models. Retrieved from https:\/\/www.iso.org\/obp\/ui\/#iso:std:iso-iec:25010:ed-1:v1:en."},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.5555\/1387127.1387134"},{"key":"e_1_2_1_58_1","volume-title":"Proceedings of the 13th International Conference on Software Engineering (ICSE\u201908)","volume":"2","author":"J\u00fcrjens Jan","year":"2008","unstructured":"Jan J\u00fcrjens , Joerg Schreck , and Peter Bartmann . 2008 . Model-based security analysis for mobile communications . In Proceedings of the 13th International Conference on Software Engineering (ICSE\u201908) , Vol. 2 . 683. DOI:https:\/\/doi.org\/10.1145\/1368088.1368186 10.1145\/1368088.1368186 Jan J\u00fcrjens, Joerg Schreck, and Peter Bartmann. 2008. Model-based security analysis for mobile communications. In Proceedings of the 13th International Conference on Software Engineering (ICSE\u201908), Vol. 2. 683. DOI:https:\/\/doi.org\/10.1145\/1368088.1368186"},{"key":"e_1_2_1_59_1","volume-title":"Proceedings of the IEEE Security and Privacy Workshops (SPW\u201919)","author":"Kargl Frank","year":"2019","unstructured":"Frank Kargl , Robert Schmidt , Antonio Kung , Christoph B\u00f6sch , et\u00a0al. 2019 . A privacy-aware V-model for software development . In Proceedings of the IEEE Security and Privacy Workshops (SPW\u201919) . IEEE, 100--104. Frank Kargl, Robert Schmidt, Antonio Kung, Christoph B\u00f6sch, et\u00a0al. 2019. A privacy-aware V-model for software development. In Proceedings of the IEEE Security and Privacy Workshops (SPW\u201919). IEEE, 100--104."},{"key":"e_1_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2011.03.084"},{"key":"e_1_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2013.07.010"},{"key":"e_1_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10270-006-0030-z"},{"key":"e_1_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1142\/S0218194010004980"},{"key":"e_1_2_1_64_1","article-title":"A survey on internet of things: Security and privacy issues","volume":"90","author":"Sathish Kumar J.","year":"2014","unstructured":"J. Sathish Kumar and Dhiren R. Patel . 2014 . A survey on internet of things: Security and privacy issues . Int. J. Comput. Applic. 90 , 11 (2014). J. Sathish Kumar and Dhiren R. Patel. 2014. A survey on internet of things: Security and privacy issues. Int. J. Comput. Applic. 90, 11 (2014).","journal-title":"Int. J. Comput. Applic."},{"key":"e_1_2_1_65_1","volume-title":"Proceedings of the International Conference on Model-driven Engineering and Software Development. 302--311","author":"Li Letitia W.","year":"2017","unstructured":"Letitia W. Li , Florian Lugou , and Ludovic Apvrille . 2017 . Security-aware modeling and analysis for HW\/SW partitioning . In Proceedings of the International Conference on Model-driven Engineering and Software Development. 302--311 . Letitia W. Li, Florian Lugou, and Ludovic Apvrille. 2017. Security-aware modeling and analysis for HW\/SW partitioning. In Proceedings of the International Conference on Model-driven Engineering and Software Development. 302--311."},{"key":"e_1_2_1_66_1","volume-title":"Proceedings of the IEEE Symposium on Visual Languages and Human-centric Computing (VL\/HCC\u201905)","author":"Liu Na","year":"2005","unstructured":"Na Liu , John Hosking , and John Grundy . 2005 . A visual language and environment for specifying user interface event handling in design tools . In Proceedings of the IEEE Symposium on Visual Languages and Human-centric Computing (VL\/HCC\u201905) . 278--280. Na Liu, John Hosking, and John Grundy. 2005. A visual language and environment for specifying user interface event handling in design tools. In Proceedings of the IEEE Symposium on Visual Languages and Human-centric Computing (VL\/HCC\u201905). 278--280."},{"key":"e_1_2_1_67_1","volume-title":"Proceedings of the 8th International Joint Conference on Computer Science and Software Engineering (JCSSE\u201911)","author":"Maneerat Nakarin","year":"2011","unstructured":"Nakarin Maneerat and Pomsiri Muenchaisri . 2011 . Bad-smell prediction from software design model using machine learning techniques . In Proceedings of the 8th International Joint Conference on Computer Science and Software Engineering (JCSSE\u201911) . IEEE, 331--336. DOI:https:\/\/doi.org\/10.1109\/JCSSE.2011.5930143 10.1109\/JCSSE.2011.5930143 Nakarin Maneerat and Pomsiri Muenchaisri. 2011. Bad-smell prediction from software design model using machine learning techniques. In Proceedings of the 8th International Joint Conference on Computer Science and Software Engineering (JCSSE\u201911). IEEE, 331--336. DOI:https:\/\/doi.org\/10.1109\/JCSSE.2011.5930143"},{"key":"e_1_2_1_68_1","first-page":"64","article-title":"Software development: Agile vs. traditional","volume":"17","author":"Ghilic-Micu Bogdan","year":"2013","unstructured":"Bogdan Ghilic-Micu , Marian Stoica , and Marinela Mircea . 2013 . Software development: Agile vs. traditional . Inf. Econ. 17 , 4 (2013), 64 -- 76 . DOI:https:\/\/doi.org\/10.12948\/issn14531305\/17.4.2013.06 10.12948\/issn14531305 Bogdan Ghilic-Micu, Marian Stoica, and Marinela Mircea. 2013. Software development: Agile vs. traditional. Inf. Econ. 17, 4 (2013), 64--76. DOI:https:\/\/doi.org\/10.12948\/issn14531305\/17.4.2013.06","journal-title":"Inf. Econ."},{"key":"e_1_2_1_69_1","volume-title":"Proceedings of the 7th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS\u201913)","author":"Martin Diego","year":"2013","unstructured":"Diego Martin , Ramon Alcarria , Tomas Robles , and Augusto Morales . 2013 . A systematic approach for service prosumerization in IoT scenarios . In Proceedings of the 7th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS\u201913) . 494--499. DOI:https:\/\/doi.org\/10.1109\/IMIS.2013.89 10.1109\/IMIS.2013.89 Diego Martin, Ramon Alcarria, Tomas Robles, and Augusto Morales. 2013. A systematic approach for service prosumerization in IoT scenarios. In Proceedings of the 7th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS\u201913). 494--499. DOI:https:\/\/doi.org\/10.1109\/IMIS.2013.89"},{"key":"e_1_2_1_70_1","volume-title":"Maxim and Marouane Kessentini","author":"Bruce","year":"2016","unstructured":"Bruce R. Maxim and Marouane Kessentini . 2016 . An introduction to modern software quality assurance. In Software Quality Assurance, Ivan Mistrik, Richard Soley, Nour Ali, John Grundy, and Bedir Tekinerdogan (Eds.). Morgan Kaufmann , Boston, MA, 19--46. DOI:https:\/\/doi.org\/10.1016\/B978-0-12-802301-3.00002-8 10.1016\/B978-0-12-802301-3.00002-8 Bruce R. Maxim and Marouane Kessentini. 2016. An introduction to modern software quality assurance. In Software Quality Assurance, Ivan Mistrik, Richard Soley, Nour Ali, John Grundy, and Bedir Tekinerdogan (Eds.). Morgan Kaufmann, Boston, MA, 19--46. DOI:https:\/\/doi.org\/10.1016\/B978-0-12-802301-3.00002-8"},{"key":"e_1_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10270-012-0268-6"},{"key":"e_1_2_1_72_1","volume-title":"Proceedings of the IEEE 7th International Conference on Services Computing (SCC\u201910)","author":"Menzel Michael","year":"2010","unstructured":"Michael Menzel and Christoph Meinel . 2010 . SecureSOA\u2014Modelling security requirements for service-oriented architectures . In Proceedings of the IEEE 7th International Conference on Services Computing (SCC\u201910) . IEEE, 146--153. DOI:https:\/\/doi.org\/10.1109\/SCC.2010.63 10.1109\/SCC.2010.63 Michael Menzel and Christoph Meinel. 2010. SecureSOA\u2014Modelling security requirements for service-oriented architectures. In Proceedings of the IEEE 7th International Conference on Services Computing (SCC\u201910). IEEE, 146--153. DOI:https:\/\/doi.org\/10.1109\/SCC.2010.63"},{"key":"e_1_2_1_73_1","unstructured":"Microsoft. 2004. Microsoft Security Development Lifecycle (SDL). Retrieved from https:\/\/www.microsoft.com\/en-us\/securityengineering\/sdl\/.  Microsoft. 2004. Microsoft Security Development Lifecycle (SDL). Retrieved from https:\/\/www.microsoft.com\/en-us\/securityengineering\/sdl\/."},{"key":"e_1_2_1_74_1","unstructured":"Microsoft. 2018. Microsoft Threat Modeling Tool. Retrieved from https:\/\/docs.microsoft.com\/en-us\/azure\/security\/azure-security-threat-modeling-tool.  Microsoft. 2018. Microsoft Threat Modeling Tool. Retrieved from https:\/\/docs.microsoft.com\/en-us\/azure\/security\/azure-security-threat-modeling-tool."},{"key":"e_1_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.adhoc.2012.02.016"},{"key":"e_1_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10270-015-0469-x"},{"key":"e_1_2_1_77_1","volume-title":"Proceedings of the 5th International Symposium on Software Visualization. 5--14","author":"Murphy-Hill Emerson","unstructured":"Emerson Murphy-Hill and Andrew P. Black . 2010. An interactive ambient visualization for code smells . In Proceedings of the 5th International Symposium on Software Visualization. 5--14 . Emerson Murphy-Hill and Andrew P. Black. 2010. An interactive ambient visualization for code smells. In Proceedings of the 5th International Symposium on Software Visualization. 5--14."},{"key":"e_1_2_1_78_1","doi-asserted-by":"publisher","DOI":"10.5897\/SRE10.1171"},{"key":"e_1_2_1_79_1","volume-title":"Proceedings of the IEEE Symposium on Visual Languages-Human Centric Computing. 254--256","author":"Zhu Nianping","year":"2004","unstructured":"Nianping Zhu , J. Grundy , and J. Hosking . 2004. Pounamu: A meta-tool for multi-view visual language environment construction . In Proceedings of the IEEE Symposium on Visual Languages-Human Centric Computing. 254--256 . DOI:https:\/\/doi.org\/10.1109\/vlhcc. 2004 .41 10.1109\/vlhcc.2004.41 Nianping Zhu, J. Grundy, and J. Hosking. 2004. Pounamu: A meta-tool for multi-view visual language environment construction. In Proceedings of the IEEE Symposium on Visual Languages-Human Centric Computing. 254--256. DOI:https:\/\/doi.org\/10.1109\/vlhcc.2004.41"},{"key":"e_1_2_1_80_1","volume-title":"Proceedings of the IEEE Security and Privacy Workshops. IEEE, 151--158","author":"Notario Nicol\u00e1s","year":"2015","unstructured":"Nicol\u00e1s Notario , Alberto Crespo , Yod-Samuel Mart\u00edn , Jose M. Del Alamo , Daniel Le M\u00e9tayer , Thibaud Antignac , Antonio Kung , Inga Kroener , and David Wright . 2015 . PRIPARE: Integrating privacy best practices into a privacy engineering methodology . In Proceedings of the IEEE Security and Privacy Workshops. IEEE, 151--158 . Nicol\u00e1s Notario, Alberto Crespo, Yod-Samuel Mart\u00edn, Jose M. Del Alamo, Daniel Le M\u00e9tayer, Thibaud Antignac, Antonio Kung, Inga Kroener, and David Wright. 2015. PRIPARE: Integrating privacy best practices into a privacy engineering methodology. In Proceedings of the IEEE Security and Privacy Workshops. IEEE, 151--158."},{"key":"e_1_2_1_81_1","volume-title":"Privacy Engineering: A Dataflow and Ontological Approach","author":"Ian Oliver Dr.","year":"2014","unstructured":"Dr. Ian Oliver . 2014 . Privacy Engineering: A Dataflow and Ontological Approach . CreateSpace Independent Publishing Platform . Dr. Ian Oliver. 2014. Privacy Engineering: A Dataflow and Ontological Approach. CreateSpace Independent Publishing Platform."},{"key":"e_1_2_1_82_1","unstructured":"Oracle. 2009. proactive support tools diagnostics. Retrieved from http:\/\/www.oracle.com\/us\/support\/library\/proactive-support-tools-diagnostics-069181.pdf.  Oracle. 2009. proactive support tools diagnostics. Retrieved from http:\/\/www.oracle.com\/us\/support\/library\/proactive-support-tools-diagnostics-069181.pdf."},{"key":"e_1_2_1_83_1","unstructured":"OWASP. 2018. OWASP Secure Software Development Lifecycle Project (S-SDLC). Retrieved from https:\/\/www.owasp.org\/index.php\/OWASP_Secure_Software_Development_Lifecycle_Project.  OWASP. 2018. OWASP Secure Software Development Lifecycle Project (S-SDLC). Retrieved from https:\/\/www.owasp.org\/index.php\/OWASP_Secure_Software_Development_Lifecycle_Project."},{"key":"e_1_2_1_84_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2009.11.005"},{"key":"e_1_2_1_85_1","volume-title":"Augmenting software engineering processes towards designing privacy aware Internet of Things applications. arXiv preprint arXiv:1908.02724","author":"Perera Charith","year":"2019","unstructured":"Charith Perera and Mahmoud Barhamgi . 2019. Augmenting software engineering processes towards designing privacy aware Internet of Things applications. arXiv preprint arXiv:1908.02724 ( 2019 ). Charith Perera and Mahmoud Barhamgi. 2019. Augmenting software engineering processes towards designing privacy aware Internet of Things applications. arXiv preprint arXiv:1908.02724 (2019)."},{"key":"e_1_2_1_86_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2019.09.061"},{"key":"e_1_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2016.366"},{"key":"e_1_2_1_88_1","doi-asserted-by":"publisher","DOI":"10.1109\/TETC.2015.2390034"},{"key":"e_1_2_1_89_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2015.2389854"},{"key":"e_1_2_1_90_1","doi-asserted-by":"publisher","DOI":"10.1109\/MITP.2015.34"},{"key":"e_1_2_1_91_1","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2013.042313.00197"},{"key":"e_1_2_1_92_1","unstructured":"Philips. [n.d.]. Philips e-Alert. Retrieved from https:\/\/www.philips.co.uk\/healthcare\/resources\/feature-detail\/e-alert-faq.  Philips. [n.d.]. Philips e-Alert. Retrieved from https:\/\/www.philips.co.uk\/healthcare\/resources\/feature-detail\/e-alert-faq."},{"key":"e_1_2_1_93_1","volume-title":"Risk Assessment: A Practical Guide to Assessing Operational Risks","author":"Popov Georgi","year":"2016","unstructured":"Georgi Popov , Bruce K. Lyon , and Bruce Hollcroft . 2016 . Risk Assessment: A Practical Guide to Assessing Operational Risks . John Wiley 8 Sons. Georgi Popov, Bruce K. Lyon, and Bruce Hollcroft. 2016. Risk Assessment: A Practical Guide to Assessing Operational Risks. John Wiley 8 Sons."},{"key":"e_1_2_1_94_1","article-title":"Privacy compliance and enforcement on European healthgrids: An approach through ontology","volume":"368","author":"Rahmouni Hanene Boussi","year":"2010","unstructured":"Hanene Boussi Rahmouni , Tony Solomonides , Marco Casassa Mont , and Simon Shiu . 2010 . Privacy compliance and enforcement on European healthgrids: An approach through ontology . Philos. Trans. Roy. Soc. A: Math., Phys. Eng. Sci. 368 , 1926 (2010), 4057--4072. Hanene Boussi Rahmouni, Tony Solomonides, Marco Casassa Mont, and Simon Shiu. 2010. Privacy compliance and enforcement on European healthgrids: An approach through ontology. Philos. Trans. Roy. Soc. A: Math., Phys. Eng. Sci. 368, 1926 (2010), 4057--4072.","journal-title":"Philos. Trans. Roy. Soc. A: Math., Phys. Eng. Sci."},{"key":"e_1_2_1_95_1","volume-title":"Proceedings of the IEEE Symposium on Visual Languages and Human-cCentric Computing (VL\/HCC\u201918)","author":"Rao Arjun","year":"2018","unstructured":"Arjun Rao , Ayush Bihani , and Mydhili Nair . 2018 . Milo: A visual programming environment for data science education . In Proceedings of the IEEE Symposium on Visual Languages and Human-cCentric Computing (VL\/HCC\u201918) . IEEE, 211--215. DOI:https:\/\/doi.org\/10.1109\/VLHCC.2018.8506504 10.1109\/VLHCC.2018.8506504 Arjun Rao, Ayush Bihani, and Mydhili Nair. 2018. Milo: A visual programming environment for data science education. In Proceedings of the IEEE Symposium on Visual Languages and Human-cCentric Computing (VL\/HCC\u201918). IEEE, 211--215. DOI:https:\/\/doi.org\/10.1109\/VLHCC.2018.8506504"},{"key":"e_1_2_1_96_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2003.10.007"},{"key":"e_1_2_1_97_1","volume-title":"API Design for C++, Martin Reddy (Ed.). Morgan Kaufmann","author":"Reddy Martin","unstructured":"Martin Reddy . 2011. Design . In API Design for C++, Martin Reddy (Ed.). Morgan Kaufmann , Boston, MA , 105--150. DOI:https:\/\/doi.org\/10.1016\/B978-0-12-385003-4.00004-X 10.1016\/B978-0-12-385003-4.00004-X Martin Reddy. 2011. Design. In API Design for C++, Martin Reddy (Ed.). Morgan Kaufmann, Boston, MA, 105--150. DOI:https:\/\/doi.org\/10.1016\/B978-0-12-385003-4.00004-X"},{"key":"e_1_2_1_98_1","volume-title":"Proceedings of the 52nd ACM\/EDAC\/IEEE Design Automation Conference (DAC\u201915)","author":"Sadeghi A.","unstructured":"A. Sadeghi , C. Wachsmann , and M. Waidner . 2015. Security and privacy challenges in industrial Internet of Things . In Proceedings of the 52nd ACM\/EDAC\/IEEE Design Automation Conference (DAC\u201915) . 1--6. DOI:https:\/\/doi.org\/10.1145\/2744769.2747942 10.1145\/2744769.2747942 A. Sadeghi, C. Wachsmann, and M. Waidner. 2015. Security and privacy challenges in industrial Internet of Things. In Proceedings of the 52nd ACM\/EDAC\/IEEE Design Automation Conference (DAC\u201915). 1--6. DOI:https:\/\/doi.org\/10.1145\/2744769.2747942"},{"key":"e_1_2_1_99_1","volume-title":"Proceedings of theIEEE International Conference on Web Services (ICWS\u201906)","author":"Satoh Fumiko","year":"2006","unstructured":"Fumiko Satoh , Yuichi Nakamura , and Koichi Ono . 2006 . Adding authentication to model driven security . In Proceedings of theIEEE International Conference on Web Services (ICWS\u201906) . 585--592. DOI:https:\/\/doi.org\/10.1109\/ICWS.2006.25 10.1109\/ICWS.2006.25 Fumiko Satoh, Yuichi Nakamura, and Koichi Ono. 2006. Adding authentication to model driven security. In Proceedings of theIEEE International Conference on Web Services (ICWS\u201906). 585--592. DOI:https:\/\/doi.org\/10.1109\/ICWS.2006.25"},{"key":"e_1_2_1_100_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2013.31"},{"key":"e_1_2_1_101_1","volume-title":"Proceedings of the REFSQ Workshops.","author":"Shanaa Wesam","year":"2017","unstructured":"Wesam Shanaa , Steven Spier , and Bastian Tenbergen . 2017 . A case study into the development process of cyber physical systems . In Proceedings of the REFSQ Workshops. Wesam Shanaa, Steven Spier, and Bastian Tenbergen. 2017. A case study into the development process of cyber physical systems. In Proceedings of the REFSQ Workshops."},{"key":"e_1_2_1_102_1","volume-title":"Proceedings of the International Conference on Information Security. Springer, 99--113","author":"Shi Elaine","year":"2010","unstructured":"Elaine Shi , Yuan Niu , Markus Jakobsson , and Richard Chow . 2010 . Implicit authentication through learning user behavior . In Proceedings of the International Conference on Information Security. Springer, 99--113 . Elaine Shi, Yuan Niu, Markus Jakobsson, and Richard Chow. 2010. Implicit authentication through learning user behavior. In Proceedings of the International Conference on Information Security. Springer, 99--113."},{"key":"#cr-split#-e_1_2_1_103_1.1","doi-asserted-by":"crossref","unstructured":"Robert W. Shirey. 2007. Internet Security Glossary Version 2. RFC 4949. DOI:https:\/\/doi.org\/10.17487\/RFC4949 10.17487\/RFC4949","DOI":"10.17487\/rfc4949"},{"key":"#cr-split#-e_1_2_1_103_1.2","doi-asserted-by":"crossref","unstructured":"Robert W. Shirey. 2007. Internet Security Glossary Version 2. RFC 4949. DOI:https:\/\/doi.org\/10.17487\/RFC4949","DOI":"10.17487\/rfc4949"},{"key":"e_1_2_1_104_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2014.11.008"},{"key":"e_1_2_1_105_1","volume-title":"Proceedings of the IEEE 15th International Conference on Software Architecture Companion (ICSA-C\u201918)","author":"Sion Laurens","year":"2018","unstructured":"Laurens Sion , Dimitri Van Landuyt , Koen Yskout , and Wouter Joosen . 2018 . SPARTA: Security 8 privacy architecture through risk-driven threat assessment . In Proceedings of the IEEE 15th International Conference on Software Architecture Companion (ICSA-C\u201918) . 89--92. DOI:https:\/\/doi.org\/10.1109\/ICSA-C.2018.00032 10.1109\/ICSA-C.2018.00032 Laurens Sion, Dimitri Van Landuyt, Koen Yskout, and Wouter Joosen. 2018. SPARTA: Security 8 privacy architecture through risk-driven threat assessment. In Proceedings of the IEEE 15th International Conference on Software Architecture Companion (ICSA-C\u201918). 89--92. DOI:https:\/\/doi.org\/10.1109\/ICSA-C.2018.00032"},{"key":"e_1_2_1_106_1","volume-title":"Proceedings of the 3rd IEEE European Symposium on Security and Privacy Workshops. 79--86","author":"Sion Laurens","year":"2018","unstructured":"Laurens Sion , Kim Wuyts , Koen Yskout , Dimitri Van Landuyt , and Wouter Joosen . 2018 . Interaction-based privacy threat elicitation . In Proceedings of the 3rd IEEE European Symposium on Security and Privacy Workshops. 79--86 . DOI:https:\/\/doi.org\/10.1109\/EuroSPW.2018.00017 10.1109\/EuroSPW.2018.00017 Laurens Sion, Kim Wuyts, Koen Yskout, Dimitri Van Landuyt, and Wouter Joosen. 2018. Interaction-based privacy threat elicitation. In Proceedings of the 3rd IEEE European Symposium on Security and Privacy Workshops. 79--86. DOI:https:\/\/doi.org\/10.1109\/EuroSPW.2018.00017"},{"key":"e_1_2_1_107_1","volume-title":"Proceedings of the European Symposium on Research in Computer Security. LNCS","volume":"3679","author":"Sohr Karsten","year":"2005","unstructured":"Karsten Sohr , Gail-Joon Ahn , Martin Gogolla , and Lars Migge . 2005 . Specification and validation of authorisation constraints using UML and OCL . In Proceedings of the European Symposium on Research in Computer Security. LNCS , Vol. 3679 , 64--79. DOI:https:\/\/doi.org\/10.1007\/11555827_5 10.1007\/11555827_5 Karsten Sohr, Gail-Joon Ahn, Martin Gogolla, and Lars Migge. 2005. Specification and validation of authorisation constraints using UML and OCL. In Proceedings of the European Symposium on Research in Computer Security. LNCS, Vol. 3679, 64--79. DOI:https:\/\/doi.org\/10.1007\/11555827_5"},{"key":"e_1_2_1_108_1","volume-title":"Proceedings of the 2nd International Conference on Availability, Reliability and Security (ARES\u201907)","author":"Soler Emilio","year":"2007","unstructured":"Emilio Soler , Juan Trujillo , Eduardo Fernandez-Medina , and Mario Piattini . 2007 . Application of QVT for the development of secure data warehouses: A case study . In Proceedings of the 2nd International Conference on Availability, Reliability and Security (ARES\u201907) . IEEE, 829--836. Emilio Soler, Juan Trujillo, Eduardo Fernandez-Medina, and Mario Piattini. 2007. Application of QVT for the development of secure data warehouses: A case study. In Proceedings of the 2nd International Conference on Availability, Reliability and Security (ARES\u201907). IEEE, 829--836."},{"key":"e_1_2_1_109_1","volume-title":"Proceedings of the 4th IEEE International Symposium and Forum on Software Engineering Standards (ISESS\u201999)","author":"Suzuki Junichi","year":"1999","unstructured":"Junichi Suzuki and Yoshikazu Yamamoto . 1999 . Toward the interoperable software design models: Quartet of UML, XML, DOM and CORBA . In Proceedings of the 4th IEEE International Symposium and Forum on Software Engineering Standards (ISESS\u201999) . 163--172. DOI:https:\/\/doi.org\/10.1109\/SESS.1999.766591 10.1109\/SESS.1999.766591 Junichi Suzuki and Yoshikazu Yamamoto. 1999. Toward the interoperable software design models: Quartet of UML, XML, DOM and CORBA. In Proceedings of the 4th IEEE International Symposium and Forum on Software Engineering Standards (ISESS\u201999). 163--172. DOI:https:\/\/doi.org\/10.1109\/SESS.1999.766591"},{"key":"e_1_2_1_110_1","volume-title":"Proceedings of the 24th ACM SIGPLAN Conference Companion on Object Oriented Programming Systems Languages and Applications. 819--820","author":"Steven Kelly Tolvanen","year":"2009","unstructured":"Juha-pekka Tolvanen and Steven Kelly . 2009 . MetaEdit+: Defining and using integrated domain-specific modeling languages . In Proceedings of the 24th ACM SIGPLAN Conference Companion on Object Oriented Programming Systems Languages and Applications. 819--820 . Juha-pekka Tolvanen and Steven Kelly. 2009. MetaEdit+: Defining and using integrated domain-specific modeling languages. In Proceedings of the 24th ACM SIGPLAN Conference Companion on Object Oriented Programming Systems Languages and Applications. 819--820."},{"key":"e_1_2_1_111_1","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2008.19"},{"key":"e_1_2_1_112_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2015.7"},{"key":"e_1_2_1_113_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2008.12.003"},{"key":"e_1_2_1_114_1","volume-title":"George","author":"Valacich Joseph S.","year":"2017","unstructured":"Joseph S. Valacich and Joey F . George . 2017 . Modern Systems Analysis and Design. Pearson Education, Inc . Joseph S. Valacich and Joey F. George. 2017. Modern Systems Analysis and Design. Pearson Education, Inc."},{"key":"e_1_2_1_115_1","volume-title":"Proceedings of the IEEE\/ACM 5th International FME Workshop on Formal Methods in Software Engineering (FormaliSE\u201917)","author":"Berghe A. Van Den","year":"2017","unstructured":"A. Van Den Berghe , K. Yskout , W. Joosen , and R. Scandariato . 2017. A model for provably secure software design . In Proceedings of the IEEE\/ACM 5th International FME Workshop on Formal Methods in Software Engineering (FormaliSE\u201917) . Institute of Electrical and Electronics Engineers Inc., 3--9. DOI:https:\/\/doi.org\/10.1109\/FormaliSE. 2017 .6 10.1109\/FormaliSE.2017.6 A. Van Den Berghe, K. Yskout, W. Joosen, and R. Scandariato. 2017. A model for provably secure software design. In Proceedings of the IEEE\/ACM 5th International FME Workshop on Formal Methods in Software Engineering (FormaliSE\u201917). Institute of Electrical and Electronics Engineers Inc., 3--9. DOI:https:\/\/doi.org\/10.1109\/FormaliSE.2017.6"},{"key":"e_1_2_1_116_1","volume-title":"Will Be in Use in 2017, Up 31 Percent From","author":"van der Meulen Rob","year":"2016","unstructured":"Rob van der Meulen and Gartner. 2017. Gartner Says 8.4 Billion Connected \u201c Things \u201d Will Be in Use in 2017, Up 31 Percent From 2016 . Retrieved from https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2017-02-07-gartner-says-8-billion-connected-things-will-be-in-use-in-2017-up-31-percent-from-2016. Rob van der Meulen and Gartner. 2017. Gartner Says 8.4 Billion Connected \u201cThings\u201d Will Be in Use in 2017, Up 31 Percent From 2016. Retrieved from https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2017-02-07-gartner-says-8-billion-connected-things-will-be-in-use-in-2017-up-31-percent-from-2016."},{"key":"e_1_2_1_117_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10270-015-0486-9"},{"key":"e_1_2_1_118_1","volume-title":"A practical application of our MDD approach for modeling secure XML data warehouses. Dec. Supp. Syst. 52, 4","author":"Vela Bel\u00e9n","year":"2012","unstructured":"Bel\u00e9n Vela , Carlos Blanco , Eduardo Fern\u00e1ndez-Medina , and Esperanza Marcos . 2012. A practical application of our MDD approach for modeling secure XML data warehouses. Dec. Supp. Syst. 52, 4 ( 2012 ), 899--925. DOI:https:\/\/doi.org\/10.1016\/j.dss.2011.11.008 10.1016\/j.dss.2011.11.008 Bel\u00e9n Vela, Carlos Blanco, Eduardo Fern\u00e1ndez-Medina, and Esperanza Marcos. 2012. A practical application of our MDD approach for modeling secure XML data warehouses. Dec. Supp. Syst. 52, 4 (2012), 899--925. DOI:https:\/\/doi.org\/10.1016\/j.dss.2011.11.008"},{"key":"e_1_2_1_119_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.clsr.2009.11.008"},{"key":"e_1_2_1_120_1","volume-title":"Mattord","author":"Whitman Michael E.","year":"2011","unstructured":"Michael E. Whitman and Herbert J . Mattord . 2011 . Principles of Information Security. Cengage Learning . Michael E. Whitman and Herbert J. Mattord. 2011. Principles of Information Security. Cengage Learning."},{"key":"e_1_2_1_121_1","unstructured":"Wiki.owasp.org. [n.d.]. CISO AppSec Guide: Criteria for Managing Application Security Risks. Retrieved from https:\/\/wiki.owasp.org\/index.php\/CISO_AppSec_Guide:_Criteria_for_Managing_Application_Security_Risks.  Wiki.owasp.org. [n.d.]. CISO AppSec Guide: Criteria for Managing Application Security Risks. Retrieved from https:\/\/wiki.owasp.org\/index.php\/CISO_AppSec_Guide:_Criteria_for_Managing_Application_Security_Risks."},{"key":"e_1_2_1_122_1","doi-asserted-by":"publisher","DOI":"10.1145\/2601248.2601268"},{"key":"e_1_2_1_123_1","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2017.2781198"},{"key":"e_1_2_1_124_1","volume-title":"LINDDUN: A privacy threat analysis framework.","author":"Wuyts Kim","year":"2014","unstructured":"Kim Wuyts . 2014 . LINDDUN: A privacy threat analysis framework. Retrieved from https:\/\/people.cs.kuleuven.be\/~kim.wuyts\/LINDDUN\/LINDDUN.pdf. Kim Wuyts. 2014. LINDDUN: A privacy threat analysis framework. Retrieved from https:\/\/people.cs.kuleuven.be\/~kim.wuyts\/LINDDUN\/LINDDUN.pdf."},{"key":"e_1_2_1_126_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2006.40"},{"key":"e_1_2_1_127_1","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2017.2694844"},{"key":"e_1_2_1_128_1","volume-title":"Proceedings of the IEEE International Conference on Engineering of Complex Computer Systems (ICECCS\u201909)","author":"Yu Lijun","year":"2009","unstructured":"Lijun Yu , Robert France , Indrakshi Ray , and Sudipto Ghosh . 2009 . A rigorous approach to uncovering security policy violations in UML designs . In Proceedings of the IEEE International Conference on Engineering of Complex Computer Systems (ICECCS\u201909) . 126--135. DOI:https:\/\/doi.org\/10.1109\/ICECCS.2009.16 10.1109\/ICECCS.2009.16 Lijun Yu, Robert France, Indrakshi Ray, and Sudipto Ghosh. 2009. A rigorous approach to uncovering security policy violations in UML designs. In Proceedings of the IEEE International Conference on Engineering of Complex Computer Systems (ICECCS\u201909). 126--135. DOI:https:\/\/doi.org\/10.1109\/ICECCS.2009.16"},{"key":"e_1_2_1_129_1","doi-asserted-by":"publisher","DOI":"10.1109\/32.917521"},{"key":"e_1_2_1_130_1","volume-title":"Proceedings of the 9th International Conference on Computational Intelligence and Security. IEEE, 663--667","author":"Zhao Kai","year":"2013","unstructured":"Kai Zhao and Lina Ge . 2013 . A survey on the internet of things security . In Proceedings of the 9th International Conference on Computational Intelligence and Security. IEEE, 663--667 . Kai Zhao and Lina Ge. 2013. A survey on the internet of things security. In Proceedings of the 9th International Conference on Computational Intelligence and Security. IEEE, 663--667."}],"container-title":["ACM Transactions on Internet of Things"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3437537","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3437537","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:17:25Z","timestamp":1750191445000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3437537"}},"subtitle":["A Survey"],"short-title":[],"issued":{"date-parts":[[2021,2]]},"references-count":130,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2021,2,28]]}},"alternative-id":["10.1145\/3437537"],"URL":"https:\/\/doi.org\/10.1145\/3437537","relation":{},"ISSN":["2691-1914","2577-6207"],"issn-type":[{"value":"2691-1914","type":"print"},{"value":"2577-6207","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,2]]},"assertion":[{"value":"2019-10-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-10-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-02-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}