Towards a Collection of Security and Privacy Patterns
1
Institute of Computer Science, Foundation for Research and Technology, 700 13 Heraklion, Greece
2
Department of Computer Science, City University of London, London EC1V 0HB, UK
3
Sphynx Technology Solutions AG, 6300 Zug, Switzerland
*
Author to whom correspondence should be addressed.
Appl. Sci. 2021, 11(4), 1396; https://doi.org/10.3390/app11041396
Received: 22 December 2020
/
Revised: 28 January 2021
/
Accepted: 29 January 2021
/
Published: 4 February 2021
(This article belongs to the Special Issue Security management of 5G and IoT ecosystems)
Security and privacy (SP)-related challenges constitute a significant barrier to the wider adoption of Internet of Things (IoT)/Industrial IoT (IIoT) devices and the associated novel applications and services. In this context, patterns, which are constructs encoding re-usable solutions to common problems and building blocks to architectures, can be an asset in alleviating said barrier. More specifically, patterns can be used to encode dependencies between SP properties of individual smart objects and corresponding properties of orchestrations (compositions) involving them, facilitating the design of IoT solutions that are secure and privacy-aware by design. Motivated by the above, this work presents a survey and taxonomy of SP patterns towards the creation of a usable pattern collection. The aim is to enable decomposition of higher-level properties to more specific ones, matching them to relevant patterns, while also creating a comprehensive overview of security- and privacy-related properties and sub-properties that are of interest in IoT/IIoT environments. To this end, the identified patterns are organized using a hierarchical taxonomy that allows their classification based on provided property, context, and generality, while also showing the relationships between them. The two high-level properties, Security and Privacy, are decomposed to a first layer of lower-level sub-properties such as confidentiality and anonymity. The lower layers of the taxonomy, then, include implementation-level enablers. The coverage that these patterns offer in terms of the considered properties, data states (data in transit, at rest, and in process), and platform connectivity cases (within the same IoT platform and across different IoT platforms) is also highlighted. Furthermore, pointers to extensions of the pattern collection to include additional patterns and properties, including Dependability and Interoperability, are given. Finally, to showcase the use of the presented pattern collection, a practical application is detailed, involving the pattern-driven composition of IoT/IIoT orchestrations with SP property guarantees.
View Full-Text
Keywords:
pattern-based engineering; security patterns; privacy patterns; pattern taxonomy; Internet of Things (IoT); Industrial Internet of Things (IIoT); dependability; interoperability
▼
Show Figures
Figure 1
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
MDPI and ACS Style
Papoutsakis, M.; Fysarakis, K.; Spanoudakis, G.; Ioannidis, S.; Koloutsou, K. Towards a Collection of Security and Privacy Patterns. Appl. Sci. 2021, 11, 1396. https://doi.org/10.3390/app11041396
AMA Style
Papoutsakis M, Fysarakis K, Spanoudakis G, Ioannidis S, Koloutsou K. Towards a Collection of Security and Privacy Patterns. Applied Sciences. 2021; 11(4):1396. https://doi.org/10.3390/app11041396
Chicago/Turabian StylePapoutsakis, Manos, Konstantinos Fysarakis, George Spanoudakis, Sotiris Ioannidis, and Konstantina Koloutsou. 2021. "Towards a Collection of Security and Privacy Patterns" Applied Sciences 11, no. 4: 1396. https://doi.org/10.3390/app11041396
Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.
