Next Article in Journal
Nonlinear Dynamics and Stability Analysis of a Three-Cell Flying Capacitor DC-DC Converter
Next Article in Special Issue
CYRA: A Model-Driven CYber Range Assurance Platform
Previous Article in Journal
Effect of Pd Ions on the Generation of Ag and Au Heterogeneous Nanoparticles Using Laser Ablation in Liquid
Article

Towards a Collection of Security and Privacy Patterns

1
Institute of Computer Science, Foundation for Research and Technology, 700 13 Heraklion, Greece
2
Department of Computer Science, City University of London, London EC1V 0HB, UK
3
Sphynx Technology Solutions AG, 6300 Zug, Switzerland
*
Author to whom correspondence should be addressed.
Appl. Sci. 2021, 11(4), 1396; https://doi.org/10.3390/app11041396
Received: 22 December 2020 / Revised: 28 January 2021 / Accepted: 29 January 2021 / Published: 4 February 2021
(This article belongs to the Special Issue Security management of 5G and IoT ecosystems)
Security and privacy (SP)-related challenges constitute a significant barrier to the wider adoption of Internet of Things (IoT)/Industrial IoT (IIoT) devices and the associated novel applications and services. In this context, patterns, which are constructs encoding re-usable solutions to common problems and building blocks to architectures, can be an asset in alleviating said barrier. More specifically, patterns can be used to encode dependencies between SP properties of individual smart objects and corresponding properties of orchestrations (compositions) involving them, facilitating the design of IoT solutions that are secure and privacy-aware by design. Motivated by the above, this work presents a survey and taxonomy of SP patterns towards the creation of a usable pattern collection. The aim is to enable decomposition of higher-level properties to more specific ones, matching them to relevant patterns, while also creating a comprehensive overview of security- and privacy-related properties and sub-properties that are of interest in IoT/IIoT environments. To this end, the identified patterns are organized using a hierarchical taxonomy that allows their classification based on provided property, context, and generality, while also showing the relationships between them. The two high-level properties, Security and Privacy, are decomposed to a first layer of lower-level sub-properties such as confidentiality and anonymity. The lower layers of the taxonomy, then, include implementation-level enablers. The coverage that these patterns offer in terms of the considered properties, data states (data in transit, at rest, and in process), and platform connectivity cases (within the same IoT platform and across different IoT platforms) is also highlighted. Furthermore, pointers to extensions of the pattern collection to include additional patterns and properties, including Dependability and Interoperability, are given. Finally, to showcase the use of the presented pattern collection, a practical application is detailed, involving the pattern-driven composition of IoT/IIoT orchestrations with SP property guarantees. View Full-Text
Keywords: pattern-based engineering; security patterns; privacy patterns; pattern taxonomy; Internet of Things (IoT); Industrial Internet of Things (IIoT); dependability; interoperability pattern-based engineering; security patterns; privacy patterns; pattern taxonomy; Internet of Things (IoT); Industrial Internet of Things (IIoT); dependability; interoperability
Show Figures

Figure 1

MDPI and ACS Style

Papoutsakis, M.; Fysarakis, K.; Spanoudakis, G.; Ioannidis, S.; Koloutsou, K. Towards a Collection of Security and Privacy Patterns. Appl. Sci. 2021, 11, 1396. https://doi.org/10.3390/app11041396

AMA Style

Papoutsakis M, Fysarakis K, Spanoudakis G, Ioannidis S, Koloutsou K. Towards a Collection of Security and Privacy Patterns. Applied Sciences. 2021; 11(4):1396. https://doi.org/10.3390/app11041396

Chicago/Turabian Style

Papoutsakis, Manos, Konstantinos Fysarakis, George Spanoudakis, Sotiris Ioannidis, and Konstantina Koloutsou. 2021. "Towards a Collection of Security and Privacy Patterns" Applied Sciences 11, no. 4: 1396. https://doi.org/10.3390/app11041396

Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop