SafeSecRETS: integrated support for safety and security requirements engineering in Critical IoT Systems

Abstract

[Context] The autonomy and connectivity characteristics inherent to critical IoT systems have required the joint treatment of safety and security from the early stages of design in order to prevent potential losses. [Problem] However, despite the growing attention in the literature to the integrated treatment of these requirements, there are still few research efforts that systematically address the activities and tasks of the Requirements Engineer-ing (RE) process for safety and security, aiming to produce the documentation needed to guide subsequent phases of the development life cycle. [Objective] To address this gap, this research proposes artifacts to support the RE process for safety and security in critical IoT systems, covering project planning, elicitation, analysis, and specification of require-ments. The proposal enables a co-analysis of safety and security requirements, allowing their interrelations to be addressed from the early stages of design. [Methods] The study followed the Design Science Research (DSR) methodology, which guided the design, con-struction, and evaluation of the artifacts, including: (i) a model for planning critical IoT projects (SafeSecIoT Canvas), instantiated from a metamodel for methodological support to the construction of canvas-based artifacts (MM4Canvas); (ii) a method that extends the System Theoretic Process Analysis (STPA) to enable the joint analysis of safety and security (STPA-SafeSecIoT); and (iii) a tool that integrates artifacts (i) and (ii) to sup-port the activities and tasks of the RE process (SafeSecRETS). [Results] The evaluations conducted indicate that the proposed artifacts effectively support the execution of RE ac-tivities and tasks for safety and security, demonstrating high perceived usefulness and ease of use, and contributing to the efficiency of specifying critical IoT systems.