Semiotics: An Approach to Model Security Scenarios for IoT-Based Agriculture Software

Vista sencilla de ítem
dc.creatorHurtado, Julio Ariel
dc.creatorAntonelli, Leandro
dc.creatorLópez, Santiago
dc.creatorGómez, Adriana
dc.creatorDelle Ville, Juliana
dc.creatorMaltempo, Giuliana
dc.creatorZambrano, Frey Giovanny
dc.creatorSolis, Andrés
dc.creatorCamacho, Marta Cecilia
dc.creatorSolinas, Miguel
dc.creatorKaplan, Gladys
dc.creatorMuñoz, Freddy
dc.date2024-04-17
dc.date.accessioned2025-10-01T23:53:11Z
dc.descriptionAgriculture is a vital human activity that contributes to sustainable development. A few decades ago, the agricultural sector adopted the Internet of Things (IoT), which has played a relevant role in precision and smart farming. The IoT developments in agriculture require that numerous connected devices work cooperatively. This increases the vulnerability of IoT devices, mainly because they lack the necessary built-in security because of their context and computational capacity. Other security threats to these devices are related to data storage and processing connected to edge or cloud servers. To ensure that IoT-based solutions meet functional and non-functional requirements, particularly those concerning security, software companies should adopt a security-focused approach to their software requirements specification. This paper proposes a method for specifying security scenarios, integrating requirements and architecture viewpoints into the context of IoT for agricultural solutions. The method comprises four steps: (i) describe scenarios for the intended software, (ii) describe scenarios with incorrect uses of the system, (iii) translate these scenarios into security scenarios using a set of rules, and (iv) improve the security scenarios. This paper also describes a prototype application that employs the proposed algorithm to strengthen the incorrect use scenario based on the correct use scenario. Then, the expert can complete the information for the analysis and subsequent derivation of the security scenario. In addition, this paper describes a preliminary validation of our approach. The results show that the proposed approach enables software engineers to define and analyze security scenarios in the IoT and agricultural contexts with good results. A survey administered to five security experts found that the proposed security scenario method is generally useful for specifying agricultural IoT solutions but needs improvement in different areas.en-US
dc.descriptionLa agricultura es una actividad humana vital que contribuye al desarrollo sostenible. Hace unas décadas, el sector agrícola introdujo el Internet de las Cosas (IoT), desempeñando un papel relevante en la agricultura de precisión e inteligente. Los desarrollos IoT en agricultura requieren colaboración entre múltiples dispositivos, lo que incrementa su vulnerabilidad, debido principalmente a la falta de seguridad integrada por restricciones del contexto. Otras amenazas a estos dispositivos conciernen el almacenamiento y procesamiento de datos conectados a servidores periféricos o en nube. Para garantizar que las soluciones IoT cumplen los requisitos funcionales y no funcionales, especialmente los de seguridad, las empresas de software deberían adoptar un enfoque centrado en la seguridad para su especificación de requerimientos de software. El objetivo del artículo consistió en proponer un método ligero para especificar escenarios de seguridad integrando los puntos de vista de requisitos y arquitectura en el contexto del IoT en soluciones agrícolas. El método comprende cuatro actividades: (i) crear escenarios de buen uso, (ii) crear escenarios de uso incorrecto, (iii) traducir el escenario anterior en escenario de seguridad aplicando reglas y (iv) refinar el escenario de seguridad resultante. También se describe un prototipo de herramienta que utiliza el algoritmo propuesto para ayudar a reforzar el escenario de uso incorrecto basado en el escenario de uso correcto, dando al experto la posibilidad de completar la información para el análisis y posterior derivación del escenario de seguridad. Por último, se proporciona una evaluación preliminar del método propuesto. Los resultados de mostraron que el enfoque propuesto permite a los ingenieros de software definir y analizar escenarios de seguridad en los contextos de IoT y agricultura con buenos resultados. La encuesta, aplicada a cinco expertos en seguridad, encontró que el método de escenario de seguridad propuesto es generalmente útil, pero necesita mejoras en diferentes áreas.es-ES
dc.formatapplication/pdf
dc.formattext/xml
dc.formatapplication/zip
dc.formattext/html
dc.identifierhttps://revistas.itm.edu.co/index.php/tecnologicas/article/view/2923
dc.identifier10.22430/22565337.2923
dc.identifier.urihttps://hdl.handle.net/20.500.12622/7894
dc.languageeng
dc.publisherInstituto Tecnológico Metropolitano (ITM)es-ES
dc.relationhttps://revistas.itm.edu.co/index.php/tecnologicas/article/view/2923/3154
dc.relationhttps://revistas.itm.edu.co/index.php/tecnologicas/article/view/2923/3255
dc.relationhttps://revistas.itm.edu.co/index.php/tecnologicas/article/view/2923/3256
dc.relationhttps://revistas.itm.edu.co/index.php/tecnologicas/article/view/2923/3292
dc.relation/*ref*/ITU-T. “Overview of internet of things.” 2012. [Online]. Available: https://www.itu.int/rec/T-REC-Y.2060/en
dc.relation/*ref*/K. Ojo-Gonzalez, and B. Bonilla-Morales, “Requerimientos no funcionales para sistemas basados en el internet de las cosas (IoT): Una revisión,” I+D Tecnológico, vol. 17, no. 2, Jul. 2021. https://doi.org/10.33412/idt.v17.2.3303
dc.relation/*ref*/Berkeley CPS Publications. “Cyber-Physical Systems (CPS).” Berkeley.edu. Accessed: Sep. 20, 2023. [Online]. Available: https://ptolemy.berkeley.edu/projects/cps/
dc.relation/*ref*/P. Shankar, B. Morkos, D. Yadav, and J. D. Summers, “Towards the formalization of non-functional requirements in conceptual design,” Res. Eng. Des., vol. 31, no. 4, pp. 449–469, Oct. 2020. https://doi.org/10.1007/s00163-020-00345-6
dc.relation/*ref*/E. Serna M., and A. Serna A., “Process and progress of requirement formalization in software engineering,” Ingeniare, Rev. Chil. Ing., vol. 28, no. 3, pp. 411–423, Sep. 2020. https://doi.org/10.4067/S0718-33052020000300411
dc.relation/*ref*/U. Ahmed, “A review on khowledge management in requirements engineering,” in International Conference on Engineering and Emerging Technologies (ICEET), Lahore, Pakistan, 2018, pp. 1-5. https://doi.org/10.1109/ICEET1.2018.8338650
dc.relation/*ref*/C. Potts, “Using schematic scenarios to understand user needs,” in Proceedings of the conference on Designing interactive systems processes, practices, methods, & techniques - DIS ’95, New York, Aug. 1995, pp. 247–256. https://doi.org/10.1145/225434.225462
dc.relation/*ref*/J. Patton, and P. Economy, User Story Mapping: Discover the Whole Story, Build the Right Product, 1st Ed. Sebastopol, CA, United States of America: O’Reilly Media, 2014.
dc.relation/*ref*/J. R. Price, Write a Use Case: Gathering Requirements that Users Understand, The Communication Circle, 2020.
dc.relation/*ref*/J. M. Carroll, “Five reasons for scenario-based design,” in Proceedings of the 32nd Annual Hawaii International Conference on Systems Sciences. 1999. HICSS-32. Abstracts and CD-ROM of Full Papers, Maui, HI, USA, Jan. 1999, pp. 11. https://doi.org/10.1109/hicss.1999.772890
dc.relation/*ref*/S. Hofer, and H. Schwentner, Domain Storytelling: A Collaborative, Visual, and Agile Way to Build Domain-Driven Software (Addison-Wesley Signature Series (Vernon)), 1st Ed. Massachusetts, United States Of America: Addison-Wesley Professional, 2021.
dc.relation/*ref*/S. Pal, M. Hitchens, T. Rabehaja, and S. Mukhopadhyay, “Security requirements for the internet of things: A systematic approach,” Sensors, vol. 20, no. 20, p. 5897, Oct. 2020. https://doi.org/10.3390/s20205897
dc.relation/*ref*/S. Myagmar, A. J. Lee, and W. Yurcik, “Threat Modeling as a Basis for Security Requirements,” ResearchGate, Aug. 2005. [Online]. Available: https://www.researchgate.net/publication/228634178_Threat_Modeling_as_a_Basis_for_Security_Requirements
dc.relation/*ref*/B. Schneier, “Cryptography Is Harder than It Looks,” IEEE Secur. Priv., vol. 14, no. 1, pp. 87–88, Jan.-Feb. 2016. https://doi.org/10.1109/MSP.2016.7
dc.relation/*ref*/T. Martin, D. Geneiatakis, I. Kounelis, S. Kerckhof, and I. N. Fovino, “Towards a formal lot security model,” Symmetry, vol. 12, no. 8, p. 1305, Aug. 2020. https://doi.org/10.3390/sym12081305
dc.relation/*ref*/M. Dhanaraju, P. Chenniappan, K. Ramalingam, S. Pazhanivelan, and R. Kaliaperumal, “Smart Farming: Internet of Things (IoT)-Based Sustainable Agriculture,” Agriculture, vol. 12, no. 10, p. 1745, Oct. 2022. https://doi.org/10.3390/agriculture12101745
dc.relation/*ref*/N. Khan, R. L. Ray, G. R. Sargani, M. Ihtisham, M. Khayyam, and S. Ismail, “Current progress and future prospects of agriculture technology: Gateway to sustainable agriculture,” Sustainability, vol. 13, no. 9, p. 4883, Apr. 2021. https://doi.org/10.3390/su13094883
dc.relation/*ref*/D. C. Rose, R. Wheeler, M. Winter, M. Lobley, and C. Charlotte-Anne, “Agriculture 4.0: Making it work for people, production, and the planet,” Land use policy, vol. 100, p. 104933, Jan. 2021. https://doi.org/10.1016/j.landusepol.2020.104933
dc.relation/*ref*/S. El-Gendy, and M. A. Azer, “Security Framework for Internet of Things (IoT),” in 2020 15th International Conference on Computer Engineering and Systems (ICCES), Cairo, Egypt, 2020, pp. 1-6. https://doi.org/10.1109/ICCES51560.2020.9334589
dc.relation/*ref*/A. Rettore de Araujo Zanella, E. da Silva, and L. C. Pessoa Albini, “Security challenges to smart agriculture: Current state, key issues, and future directions,” Array, vol. 8, p. 100048, Dec. 2020. https://doi.org/10.1016/j.array.2020.100048
dc.relation/*ref*/A. Yazdinejad et al., “A review on security of smart farming and precision agriculture: Security aspects, attacks, threats and countermeasures,” Applied Sciences, vol. 11, no. 16, Aug. 2021. https://doi.org/10.3390/app11167518
dc.relation/*ref*/K. Demestichas, N. Peppes, and T. Alexakis, “Survey on Security Threats in Agricultural IoT and Smart Farming,” sensors, vol. 20, no. 22, p. 6458, Nov. 2020. https://doi.org/10.3390/s20226458
dc.relation/*ref*/J. C. Sampaio Do Prado Leite, G. D. S. Hadad, J. H. Doorn, and G. N. Kaplan, “A scenario construction process,” Requir. Eng., vol. 5, no. 1, pp. 38–61, Jul. 2000. https://doi.org/10.1007/pl00010342
dc.relation/*ref*/S. Khamaiseh, and D. Xu, “Software security testing via misuse case modeling,” in 2017 IEEE 15th Intl Conf on Dependable, Autonomic and Secure Computing, 15th Intl Conf on Pervasive Intelligence and Computing, 3rd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress, Orlando, FL, USA, 2017, pp. 534-541. https://doi.org/10.1109/DASC-PICom-DataCom-CyberSciTec.2017.98
dc.relation/*ref*/X. T. Nguyen, H. T. Tran, H. Baraki, and K. Geihs, “Frasad: A Framework for Model-driven IoT Application Development Xuan,” in 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT), Milan, Italy, 2015, pp. 387-392. https://doi.org/10.1109/WF-IoT.2015.7389085
dc.relation/*ref*/B. Karaduman, S. Mustafiz, and M. Challenger, “FTG+PM for the Model-Driven Development of Wireless Sensor Network based IoT Systems,” in 2021 ACM/IEEE International Conference on Model Driven Engineering Languages and Systems Companion (MODELS-C), Fukuoka, Japan, 2021, pp. 306-316. https://doi.org/10.1109/MODELS-C53483.2021.00052
dc.relation/*ref*/H. Cardenas, R. Zimmerman, A. R. Viesca, M. Al Lail, and A. J. Perez, "Formal UML-based Modeling and Analysis for Securing Location-based IoT Applications," in 2022 IEEE 19th International Conference on Mobile Ad Hoc and Smart Systems (MASS), Denver, CO, USA, 2022, pp. 722-723. https://doi.org/10.1109/MASS56207.2022.00109
dc.relation/*ref*/K. Slovenec, M. Vuković, D. Salopek, and M. Mikuc, "Securing IoT Services Based on Security Requirement Categories," in 2022 International Conference on Software, Telecommunications and Computer Networks (SoftCOM), Split, Croatia, 2022, pp. 1-6. https://doi.org/10.23919/SoftCOM55329.2022.9911319
dc.relation/*ref*/S. Sotoudeh, S. Hashemi, and H. G. Garakani, Security Framework of IoT-Based Smart Home," in 2020 10th International Symposium on Telecommunications (IST), Tehran, Iran, 2020, pp. 251-256. https://doi.org/10.1109/IST50524.2020.9345886
dc.relation/*ref*/W. Iqbal, H. Abbas, M. Daneshmand, B. Rauf, and Y. A. Bangash, “An In-Depth Analysis of IoT Security Requirements, Challenges, and Their Countermeasures via Software-Defined Security,” IEEE Internet Things J., vol. 7, no. 10, pp. 10250–10276, Oct. 2020. https://doi.org/10.1109/JIOT.2020.2997651
dc.relation/*ref*/Ö. Özkaya, and B. Örs, "Model based node design methodology for secure IoT applications," in 2018 26th Signal Processing and Communications Applications Conference (SIU), Izmir, Turkey, 2018, pp. 1-4. https://doi.org/10.1109/SIU.2018.8404490
dc.relation/*ref*/R. M. Carvalho, "Dealing with Conflicts Between Non-functional Requirements of UbiComp and IoT Applications," in 2017 IEEE 25th International Requirements Engineering Conference (RE), Lisbon, Portugal, 2017, pp. 544-549. https://doi.org/10.1109/RE.2017.51
dc.relation/*ref*/F. Kammuller, J. C. Augusto, and S. Jones, “Security and privacy requirements engineering for human centric IoT systems using eFRIEND and Isabelle,” in 2017 IEEE 15th International Conference on Software Engineering Research, Management and Applications (SERA), London, UK, 2017, pp. 401-406. https://doi.org/10.1109/SERA.2017.7965758
dc.relation/*ref*/M. Gupta, M. Abdelsalam, S. Khorsandroo, and S. Mittal, “Security and Privacy in Smart Farming: Challenges and Opportunities,” IEEE Access, vol. 8, pp. 34564–34584, Feb. 2020. https://doi.org/10.1109/ACCESS.2020.2975142
dc.relation/*ref*/F. Davis, “User Acceptance of Information Systems: Technology acceptance model (TAM),” University of Michigan, Ann Arbor, Michigan. [Online]. Available: https://deepblue.lib.umich.edu/bitstream/handle/2027.42/35547/b1409190.0001.001.pdf?seque
dc.relation/*ref*/N. Marangunić, and A. Granić, “Technology acceptance model: a literature review from 1986 to 2013,” Univers. Access Inf. Soc., vol. 14, pp. 81–95, Mar. 2015. https://doi.org/10.1007/s10209-014-0348-1
dc.relation/*ref*/Python. (1995). Netherlands. Accessed: Sep. 20, 2023. [Online]. Available: https://www.python.org/
dc.relation/*ref*/Spacy. Industrial-Strength Natural Language Processing. (2016). Accessed: Sep. 20, 2023. [Online]. Available: https://spacy.io/
dc.relation/*ref*/S. Loria. Textblob (Python). (2023). Accessed: Sep. 23, 2023. [Online]. Available: https://pypi.org/project/textblob/
dc.relation/*ref*/S. Aurangzeb, M. Aleem, M. Azhar Iqbal, and M. Arshad Islam, “Ransomware: A Survey and Trends,” Journal of Information Assurance and Security, vol. 12, Jun. 2017. https://www.researchgate.net/publication/317380115_Ransomware_A_Survey_and_Trends
dc.relation/*ref*/S. G. Abbas et al., “Identifying and mitigating phishing attack threats in IoT use cases using a threat modelling approach,” Sensors, vol. 21, no. 14, p. 4816, Jul. 2021. https://doi.org/10.3390/s21144816
dc.relation/*ref*/L. Chang, “A Proactive Approach to Detect IoT Based Flooding Attacks by Using Software Defined Networks and Manufacturer Usage Descriptions,” M.S thesis, Arizona State University Tempe Campus, EE. UU. 2018. [Online]. Available: https://core.ac.uk/download/pdf/161995314.pdf
dc.relation/*ref*/J. Liu, Y. Xiao, and C. L. P. Chen, "Authentication and Access Control in the Internet of Things," in 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 2012, pp. 588-592. https://doi.org/10.1109/ICDCSW.2012.23
dc.relation/*ref*/Q. M. Ashraf, and M. H. Habaebi, “Autonomic schemes for threat mitigation in Internet of Things,” J. Netw. Comput. Appl., vol. 49, pp. 112–127, 2015. https://doi.org/10.1016/j.jnca.2014.11.011
dc.relation/*ref*/J. Deogirikar, and A. Vidhate, “Security attacks in IoT: A survey,” in 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), Palladam, India, 2017, pp. 32-37. https://doi.org/10.1109/I-SMAC.2017.8058363
dc.relation/*ref*/Decisioning, “The second workshop on Collaboration in knowledge discovery and decision making.” unicauca.edu.co. Accessed: Sep. 23, 2023. [Online]. Available: https://www.unicauca.edu.co/versionP/eventos/conversatorio/decisioning-2023-second-workshop-collaboration-knowledge-discovery-and-decision-making
dc.relation/*ref*/
dc.rightsDerechos de autor 2024 TecnoLógicases-ES
dc.rightshttps://creativecommons.org/licenses/by-nc-sa/4.0es-ES
dc.sourceTecnoLógicas; Vol. 27 No. 59 (2024); e2923en-US
dc.sourceTecnoLógicas; Vol. 27 Núm. 59 (2024); e2923es-ES
dc.source2256-5337
dc.source0123-7799
dc.subjectIoTen-US
dc.subjectQuality Scenarioen-US
dc.subjectIoT Requirementsen-US
dc.subjectSmart Farmingen-US
dc.subjectIndustry 4.0en-US
dc.subjectIntelligent Systemsen-US
dc.subjectIoTes-ES
dc.subjectEscenario de Calidades-ES
dc.subjectRequerimientos de IoTes-ES
dc.subjectAgricultura Inteligentees-ES
dc.subjectIndustria 4.0es-ES
dc.subjectSistemas Inteligenteses-ES
dc.titleSemiotics: An Approach to Model Security Scenarios for IoT-Based Agriculture Softwareen-US
dc.titleSemiótica: un enfoque para modelar escenarios de seguridad para software de agricultura basado en IoTes-ES
dc.typeinfo:eu-repo/semantics/article
dc.typeinfo:eu-repo/semantics/publishedVersion
dc.typeResearch Papersen-US
dc.typeArtículos de investigaciónes-ES

Archivos

Bloque original

Mostrando 1 - 4 de 4
Miniatura
Nombre:
2923-MPU-VF.pdf
Tamaño:
500.66 KB
Formato:
Adobe Portable Document Format
Descargar
Miniatura
Nombre:
344276634005.xml
Tamaño:
122.07 KB
Formato:
Extensible Markup Language
Descargar
Miniatura
Nombre:
344276634005_1.epub
Tamaño:
768.79 KB
Formato:
Electronic publishing
Descargar
Miniatura
Nombre:
3292.html
Tamaño:
177.08 KB
Formato:
Hypertext Markup Language
Descargar

Colecciones

Revista TecnoLógicas - Cosecha Portal de Revistas