Privacy-by-Design Framework for Internet of Things Systems



Recent DDoS attacks on key internet services, like the attack that affected the Dyn domain name service, highlighted the security challenges associated with the proliferation of insecure Internet of Things (IoT) systems.  This attack exploited common vulnerabilities like the use of default administration passwords on IoT devices such as internet-enabled CCTV cameras, internet-enabled appliances and smart home devices, to recruit over hundreds of thousands of nodes into a botnet.   This capability highlights the cyber security threats associated with the IoT and brings into sharp relief the importance of considering both security and privacy when designing these systems.

In recent work, presented at the Internet of Things Conference, we describe a privacy-by-design framework for assessing the privacy capabilities of IoT applications and platforms.  Building on more general design strategies for privacy in informaiton systems, our framework proposes a set of more specific guidelines for privacy capabilities that designers should consider for different stages of the flow of data through an IoT system.  The slides above provide an overview of the framework and the full paper is available below.

Perera, Charith; Mccormick, Ciaran; Bandara, Arosha; Price, Blaine and Nuseibeh, Bashar (2016). Privacy-by-Design Framework for Assessing Internet of Things Applications and Platforms. In: International Conference on the Internet of Things (IOT 2016), 7-9 November 2016, Stuttgart, Germany.

Popular posts from this blog

Visual programming for 'wiring' the Internet of Things

Are we losing the Internet Security battle?