Print Email Facebook Twitter Security Requirements Engineering in medical IoT: comparing literature and developers’ practices Title Security Requirements Engineering in medical IoT: comparing literature and developers’ practices Author Guerra Veloz, Ana (TU Delft Technology, Policy and Management) Contributor Pieters, W. (mentor) de Reuver, G.A. (graduation committee) Roeser, S. (graduation committee) Fichtner, L.V.E. (graduation committee) Degree granting institution Delft University of Technology Programme Management of Technology (MoT) Date 2017-08-24 Abstract In the Internet of Things paradigm, everyday objects communicate with each other to form a worldwide dynamic network which provides opportunities for innovative services and applications in almost every field. Nevertheless, such a dynamic network also brings serious security issues to users, society, and even to the internet. Things that lack of basic security requirements turn out to be an attractive target for hackers and a doorway into the information technologies’ infrastructure and personal data. To reduce the impact of security failures and take advantage of the growing opportunities that the IoT brings to users and businesses, a secure development of the IoT must be encouraged. A secure system development can be achieved by disseminating knowledge of security and development among academy and industry. However, it seems that there is a gap between developers’ management of requirements and security requirements frameworks and methods. Based on a qualitative study, we collect data on developers’ practices to handle security requirements of IoT medical applications, and the context of development. Developers’ practices to manage security requirements are compared with recommended practices of the security requirements engineering field. Besides, factors that influence developer’s practices are identified. The results show that small companies do not have a distinctive process to handle security requirements. Moreover, practices, as described by the field of security requirements engineering, are partially adopted. Differences occur because of incorrect assumptions regarding developers’ motivations to address security, methods that do not match development approaches, and the dynamic nature of security. This research contributes to the security field by providing insights on how developers perceptions and practices to handle security requirements during the development of IoT medical applications. Subject IoTSecuritySecure developmentpractices To reference this document use: http://resolver.tudelft.nl/uuid:d7a89057-79bf-4fe9-a68a-cd5a7757f3e1 Embargo date 2017-08-24 Part of collection Student theses Document type master thesis Rights © 2017 Ana Guerra Veloz Files PDF Thesis_Final_Version_Ana_Guerra.pdf 2.17 MB Close viewer /islandora/object/uuid:d7a89057-79bf-4fe9-a68a-cd5a7757f3e1/datastream/OBJ/view