A decade of research on patterns and architectures for IoT security

作     者：Tanusan Rajmohan Phu H.Nguyen Nicolas Ferry Tanusan Rajmohan;Phu H.Nguyen;Nicolas Ferry

作者机构：CapgeminiOsloNorway SINTEFOsloNorway UniversitéCôte d’AzurI3S/INRIA KairosSophia AntipolisFrance 

出 版 物：《Cybersecurity》 (网络空间安全科学与技术（英文）)

年 卷 期：2022年第5卷第2期

页      面：27-55页

核心收录：

学科分类：0810[工学-信息与通信工程] 1205[管理学-图书情报与档案管理] 12[管理学] 1201[管理学-管理科学与工程(可授管理学、工学学位)] 0839[工学-网络空间安全] 08[工学] 0835[工学-软件工程] 081001[工学-通信与信息系统] 0811[工学-控制科学与工程] 081201[工学-计算机系统结构] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：The research leading to these results has partially received funding from the European Commission's H2020 Programme under the grant agreement numbers 958363(Dat4.ZERO) 958357(InterQ) 

主　　题：Internet of Things IoT Security Privacy Architecture Pattern Review SLR 

摘      要：Security of the Internet of Things (IoT)-based Smart Systems involving sensors, actuators and distributed control loop is of paramount importance but very difficult to address. Security patterns consist of domain-independent time-proven security knowledge and expertise. How are they useful for developing secure IoT-based smart systems? Are there architectures that support IoT security? We aim to systematically review the research work published on patterns and architectures for IoT security (and privacy). Then, we want to provide an analysis on that research landscape to answer our research questions. We follow the well-known guidelines for conducting systematic literature reviews. From thousands of candidate papers initially found in our search process, we have systematically distinguished and analyzed thirty-six (36) papers that have been peer-reviewed and published around patterns and architectures for IoT security and privacy in the last decade (January 2010–December 2020). Our analysis shows that there is a rise in the number of publications tending to patterns and architectures for IoT security in the last three years. We have not seen any approach of applying systematically architectures and patterns together that can address security (and privacy) concerns not only at the architectural level, but also at the network or IoT devices level. We also explored how the research contributions in the primary studies handle the different issues from the OWASP Internet of Things (IoT) top ten vulnerabilities list. Finally, we discuss the current gaps in this research area and how to fill in the gaps for promoting the utilization of patterns for IoT security and privacy by design.