Framework conceptual de ciberseguridad para aplicaciones de internet de las cosas

El internet de las cosas – IoT, es uno paradigmas tecnológicos con rápido crecimiento en los últimos años, en el que objetos inteligentes o cosas, interactúan entre sí y con recursos físicos y/o virtuales a través de Internet. Junto con este crecimiento hace resonancia uno de los retos que presenta...

Full description

Autores:
Rueda Rueda, Johan Smith
Tipo de recurso:
Fecha de publicación:
2018
Institución:
Universidad Autónoma de Bucaramanga - UNAB
Repositorio:
Repositorio UNAB
Idioma:
spa
OAI Identifier:
oai:repository.unab.edu.co:20.500.12749/3552
Acceso en línea:
http://hdl.handle.net/20.500.12749/3552
Palabra clave:
Systems engineering
Conceptual framework
Conceptual model
Cybersecurity model
LoT applications
Telematics
Software Engineering
Computer security
Informatic security
Computer networks
Information storage systems
Information retrieval systems
Security measures
Research
Analysis
Ingeniería de sistemas
Telemática
Ingeniería de software
Seguridad en computadores
Seguridad informática
Redes de computadores
Sistemas de almacenamiento de información
Sistemas de recuperación de información
Medidas de seguridad
Investigaciones
Análisis
Framework conceptual
Modelo conceptual
Modelo de ciberseguridad
Aplicaciones LoT
Rights
openAccess
License
http://creativecommons.org/licenses/by-nc-nd/2.5/co/
id UNAB2_daca60da6aa3c684de61d1e9df95ac4e
oai_identifier_str oai:repository.unab.edu.co:20.500.12749/3552
network_acronym_str UNAB2
network_name_str Repositorio UNAB
repository_id_str
dc.title.spa.fl_str_mv Framework conceptual de ciberseguridad para aplicaciones de internet de las cosas
dc.title.translated.eng.fl_str_mv Conceptual framework of cybersecurity for internet of things applications
title Framework conceptual de ciberseguridad para aplicaciones de internet de las cosas
spellingShingle Framework conceptual de ciberseguridad para aplicaciones de internet de las cosas
Systems engineering
Conceptual framework
Conceptual model
Cybersecurity model
LoT applications
Telematics
Software Engineering
Computer security
Informatic security
Computer networks
Information storage systems
Information retrieval systems
Security measures
Research
Analysis
Ingeniería de sistemas
Telemática
Ingeniería de software
Seguridad en computadores
Seguridad informática
Redes de computadores
Sistemas de almacenamiento de información
Sistemas de recuperación de información
Medidas de seguridad
Investigaciones
Análisis
Framework conceptual
Modelo conceptual
Modelo de ciberseguridad
Aplicaciones LoT
title_short Framework conceptual de ciberseguridad para aplicaciones de internet de las cosas
title_full Framework conceptual de ciberseguridad para aplicaciones de internet de las cosas
title_fullStr Framework conceptual de ciberseguridad para aplicaciones de internet de las cosas
title_full_unstemmed Framework conceptual de ciberseguridad para aplicaciones de internet de las cosas
title_sort Framework conceptual de ciberseguridad para aplicaciones de internet de las cosas
dc.creator.fl_str_mv Rueda Rueda, Johan Smith
dc.contributor.advisor.spa.fl_str_mv Talavera Portocarrero, Jesús Martín
Cabrera Cruz, José Daniel
dc.contributor.author.spa.fl_str_mv Rueda Rueda, Johan Smith
dc.contributor.cvlac.*.fl_str_mv https://scienti.minciencias.gov.co/cvlac/visualizador/generarCurriculoCv.do?cod_rh=0000069035
https://scienti.minciencias.gov.co/cvlac/visualizador/generarCurriculoCv.do?cod_rh=0000084238
dc.contributor.cvlac.none.fl_str_mv Cabrera Cruz, José Daniel [0000069035]
dc.contributor.googlescholar.*.fl_str_mv https://scholar.google.es/citations?hl=es#user=hses_w0AAAAJ
dc.contributor.googlescholar.none.fl_str_mv Cabrera Cruz, José Daniel [0000069035]
dc.contributor.orcid.*.fl_str_mv https://orcid.org/0000-0002-1815-5057
dc.contributor.orcid.none.fl_str_mv Cabrera Cruz, José Daniel [0000-0002-1815-5057]
dc.contributor.researchgate.*.fl_str_mv https://www.researchgate.net/profile/Jose_Cabrera_Cruz
dc.contributor.researchgate.none.fl_str_mv Cabrera Cruz, José Daniel [Jose_Cabrera_Cruz]
dc.contributor.researchgroup.spa.fl_str_mv Grupo de Investigación Pensamiento Sistémico - GPS
Grupo de Investigaciones Clínicas
dc.contributor.apolounab.none.fl_str_mv Cabrera Cruz, José Daniel [josé-daniel-cabrera-cruz]
dc.contributor.linkedin.none.fl_str_mv Cabrera Cruz, José Daniel [josé-daniel-cabrera-cruz-23900b10]
dc.subject.keywords.eng.fl_str_mv Systems engineering
Conceptual framework
Conceptual model
Cybersecurity model
LoT applications
Telematics
Software Engineering
Computer security
Informatic security
Computer networks
Information storage systems
Information retrieval systems
Security measures
Research
Analysis
topic Systems engineering
Conceptual framework
Conceptual model
Cybersecurity model
LoT applications
Telematics
Software Engineering
Computer security
Informatic security
Computer networks
Information storage systems
Information retrieval systems
Security measures
Research
Analysis
Ingeniería de sistemas
Telemática
Ingeniería de software
Seguridad en computadores
Seguridad informática
Redes de computadores
Sistemas de almacenamiento de información
Sistemas de recuperación de información
Medidas de seguridad
Investigaciones
Análisis
Framework conceptual
Modelo conceptual
Modelo de ciberseguridad
Aplicaciones LoT
dc.subject.lemb.spa.fl_str_mv Ingeniería de sistemas
Telemática
Ingeniería de software
Seguridad en computadores
Seguridad informática
Redes de computadores
Sistemas de almacenamiento de información
Sistemas de recuperación de información
Medidas de seguridad
Investigaciones
Análisis
dc.subject.proposal.spa.fl_str_mv Framework conceptual
Modelo conceptual
Modelo de ciberseguridad
Aplicaciones LoT
description El internet de las cosas – IoT, es uno paradigmas tecnológicos con rápido crecimiento en los últimos años, en el que objetos inteligentes o cosas, interactúan entre sí y con recursos físicos y/o virtuales a través de Internet. Junto con este crecimiento hace resonancia uno de los retos que presenta este paradigma, la seguridad de aplicaciones IoT. Este trabajo de investigación parte del problema que existen aplicaciones IoT inseguras por la falta de guías que orienten a los desarrolladores en la implementación del dominio de la ciberseguridad en la fase de diseño y la evaluación de estas. La hipótesis planeada es que, mediante un framework, compuesto por diferentes tipos de modelos, se puede orientar al equipo de desarrollo sobre cómo considerar ciberseguridad en las aplicaciones IoT. Desde este punto de partida, en este trabajo se propone un framework conceptual de ciberseguridad para aplicaciones IoT, llamado SMITH Framework. Este framework está compuesto por dos modelos: el primero, un modelo de gestión de la ciberseguridad cuyo propósito es orientar a los desarrolladores de aplicaciones IoT las consideraciones de ciberseguridad que deben tenerse en cuenta desde la fase de diseño de una solución IoT ; el segundo, un modelo conceptual del dominio de la ciberseguridad en el que se presenten seis componentes de seguridad y su relación con el dominio de IoT. Para verificar la hipótesis planteada, se hizo una validación del SMITH Framework basada en el método ATAM, en el que se diseñó una aplicación IoT orientada por elementos del framework propuesto. Los resultados arrojados permitieron conocer que sí es posible orientar al equipo de desarrollo en la implementación de la ciberseguridad en la fase de diseño de una aplicación IoT, confirmando la hipótesis planteada
publishDate 2018
dc.date.issued.none.fl_str_mv 2018
dc.date.accessioned.none.fl_str_mv 2020-06-26T21:35:50Z
dc.date.available.none.fl_str_mv 2020-06-26T21:35:50Z
dc.type.driver.none.fl_str_mv info:eu-repo/semantics/masterThesis
dc.type.local.spa.fl_str_mv Tesis
dc.type.redcol.none.fl_str_mv http://purl.org/redcol/resource_type/TM
dc.identifier.uri.none.fl_str_mv http://hdl.handle.net/20.500.12749/3552
dc.identifier.instname.spa.fl_str_mv instname:Universidad Autónoma de Bucaramanga - UNAB
dc.identifier.reponame.spa.fl_str_mv reponame:Repositorio Institucional UNAB
url http://hdl.handle.net/20.500.12749/3552
identifier_str_mv instname:Universidad Autónoma de Bucaramanga - UNAB
reponame:Repositorio Institucional UNAB
dc.language.iso.spa.fl_str_mv spa
language spa
dc.relation.references.spa.fl_str_mv Rueda Rueda, Johan Smith (2018). Framework conceptual de ciberseguridad para aplicaciones de internet de las cosas. Bucaramanga (Colombia) : Universidad Autónoma de Bucaramanga UNAB
Abdmeziem, M. R., Tandjaoui, D., & Romdhani, I. (2016). Architecting the internet of things: state of the art. In Robots and Sensor Clouds (pp. 55–75). Springer.
Abrahamsson, P., Salo, O., Ronkainen, J., & Warsta, J. (2017). Agile Software Development Methods: Review and Analysis. CoRR, 478, 107. Retrieved from http://arxiv.org/abs/1709.08439
Abreu, D. P., Velasquez, K., Curado, M., & Monteiro, E. (2017). A resilient Internet of Things architecture for smart cities. Annals of Telecommunications, 72(1–2), 19–30.
Adams, K. (2015). Non-functional Requirements in Systems Analysis and Design. Springer.
Addo, I. D., Ahamed, S. I., Yau, S. S., & Buduru, A. (2014). A reference architecture for improving security and privacy in Internet of Things applications. InM obile Services (MS), 2014 IEEE International Conference on (pp. 108–115).
Aldosari, H. M. (2015). A Proposed Security Layer for the Internet of Things Communication Reference Model.P rocedia Computer Science, 65, 95–98.
Alhamedi, A. H., Snasel, V., Aldosari, H. M., & Abraham, A. (2014). Internet of things communication reference model. In Computational Aspects of Social Networks (CASoN), 2014 6th International Conference on (pp. 61–66).
Andolfi, F., Aquilani, F., Balsamo, S., & Inverardi, P. (2000). Deriving QNM from MSCs for performance evaluation of SA. In ACM Workshop on Software Performance (pp. 220–229).
Aquilani, F., Balsamo, S., & Inverardi, P. (2001). Performance analysis at the software architectural design level.P erformance Evaluation, 45(2–3), 147–178.
Ashton, K. (2009). That “Internet of Things” Thing. RFID Journal, 1. Retrieved from www.rfidjournal.com/articles/pdf?4986
Atamli, A. W., & Martin, A. (2014). Threat-Based Security Analysis for the Internet of Things. In 2014 International Workshop on Secure Internet of Things (pp. 35–43). IEEE. https://doi.org/10.1109/SIoT.2014.10
Atzori, L., Iera, A., & Morabito, G. (2010). The internet of things: a survey. Computer Networks, 54, 2787–2805. https://doi.org/10.1007/s10796-014-9492-7
Atzori, L., Iera, A., & Morabito, G. (2017). Understanding the Internet of Things: definition, potentials, and societal role of a fast evolving paradigmA. d Hoc Networks, 56, 122–140. https://doi.org/10.1016/j.adhoc.2016.12.004
Babar, M. A., & Gorton, I. (2004). Comparison of scenario-based software architecture evaluation methods. In 11th Asia-Pacific Software Engineering Conference, 2004.
Balsamo, S., Inverardi, P., & Mangano, C. (1998). An approach to performance evaluation of software architectures. In Proceedings of the 1st international workshop on Software and performance (pp. 178–190).
Banda, G., Chaitanya, K., & Mohan, H. (2015). An IoT protocol and framework for OEMs to make IoT-enabled devices forward compatible. In Signal-Image Technology & Internet-Based Systems (SITIS), 2015 11th International Conference on (pp. 824–832).
Barker, E. (2016). Recommendation for Key Management Part 1: General. Gaithersburg, MD. https://doi.org/10.6028/NIST.SP.800-57pt1r4
Barker, E., Smid, M., Branstad, D., & Chokhani, S. (2013). A Framework for Designing Cryptographic Key Management Systems. Gaithersburg, MD. https://doi.org/10.6028/NIST.SP.800-130
Bassi, A., Bauer, M., Fiedler, M., Kramp, T., van Kranenburg, R., Lange, S., & Meissner, S. (Eds.). (2013). Enabling Things to Talk. Berlin, Heidelberg: Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-40403-0
Bauer, M., Boussard, M., Bui, N., Carrez, F., Jardak, C., De Loof, J., … Salinas, A. (2013).D eliverable D1.5 – Final architectural reference model for the IoT v3.0.
Bauer, M., Boussard, M., Bui, N., De Loof, J., Magerkurth, C., Meissner, S., … Walewski, J. W. (2013). IoT Reference Architecture. In A. Bassi, M. Bauer, M. Fiedler, T. Kramp, R. van Kranenburg, S. Lange, & S. Meissner (Eds.), Enabling Things to Talk: Designing IoT solutions with the IoT Architectural Reference Model (pp. 163–211). Berlin, Heidelberg: Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-40403-0_8
Bauer, M., Bui, N., De Loof, J., Magerkurth, C., Nettsträter, A., Stefa, J., & Walewski, J. W. (2013). IoT Reference Model. In Enabling Things to Talk (pp. 113–162). Berlin, Heidelberg: Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-40403-0_7
Bayuk, J. L., Healey, J., Rohmeyer, P., Sachs, M. H., Schmidt, J., & Weiss, J. (2012).C yber Security Policy Guidebook. Wiley Publishing.
Beltrán G., Ó. A. (2005). Revisiones sistemáticas de la literatura. Revista Colombiana de Gastroenterología, 20(1), 10.
Bengtsson, P., & Bosch, J. (1998). Scenario-based software architecture reengineering. In Fifth International Conference on oftware Reuse, 1998 (pp. 308–317). IEEE.
Bengtsson, P., & Bosch, J. (1999). Architecture level prediction of software maintenance. In Software Maintenance and Reengineering, 1999. Proceedings of the Third European Conference on (pp. 139–147).
Bengtsson, P., Lassing, N., Bosch, J., & van Vliet, H. (2004). Architecture-level modifiability analysis (ALMA). Journal of Systems and Software, 69(1–2), 129–147.
Bergner, K., Rausch, A., Sihling, M., & Ternité, T. (2005). DoSAM--domain-specific software architecture comparison model. In Quality of Software Architectures and Software Quality (pp. 4–20). Springer.
Bernabe, J. B., Hernández, J. L., Moreno, M. V., & Gomez, A. F. S. (2014). Privacy-preserving security framework for a social-aware internet of things. In International conference on ubiquitous computing and ambient intelligence (pp. 408–415).
Biolchini, J., Gomes Mian, P., Cruz Natali, A. C., & Horta Travassos, G. (2005). Systematic Review in Software Engineering. Rio de Jainero.
Boehm, B. (n.d.). Evaluating a Software Architecture (pp. 19–42).
Boehm, B. W., Brown, J. R., & Kaspar, H. (1978). Characteristics of Software Quality.
Bohli, J.-M., Skarmeta, A., Moreno, M. V., García, D., & Langendörfer, P. (2015). SMARTIE project: Secure IoT data management for smart cities. In Recent Advances in Internet of Things (RIoT), 2015 International Conference on (pp. 1–6).
Borgia, E. (2014). The internet of things vision: Key features, applications and open issues. Computer Communications, 54, 1–31. https://doi.org/10.1016/j.comcom.2014.09.008
Boroojeni, K. G., Amini, M. H., & Iyengar, S. S. (2016). Smart Grids: Security and Privacy Issues. Springer.
Boussard, M., Meissner, S., Nettsträter, A., Olivereau, A., Segura, A. S., Thoma, M., & Walewski, J. W. (2013). A Process for Generating Concrete Architectures. In Enabling Things to Talk (pp. 45–111). Springer.
Brooks, F. (1987). No Silver Bullet: Essence and Accidents of Software Engineering.I EEE Computer, 20(4), 10–19.
Caltum, E., & Segal, O. (2016). Exploitation of IoT devices for Launching Mass-Scale Attack Campaigns.
Capgemini. (2018). Cybersecurity talent — The big gap in cyber protection
Caracciolo, A., Lungu, M. F., & Nierstrasz, O. (2014). How Do Software Architects Specify and Validate Quality Requirements? In European Conference on Software Architecture (pp. 374–389). Springer.
CASAGRAS Project. (2009). RFID and the Inclusive Model for the Internet of Things.
Cavalcante, E., Alves, M. P., Batista, T., Delicato, F. C., & Pires, P. F. (2015). An analysis of reference architectures for the internet of things. In Proceedings of the 1st International Workshop on Exploring Component-based Techniques for Constructing Reference Architectures (pp. 13–16).
Cavalcante, E., Pereira, J., Alves, M. P., Maia, P., Moura, R., Batista, T., … Pires, P. F. (2016). On the interplay of Internet of Things and Cloud Computing: A systematic mapping study. Computer Communications, 89–90, 17–33. https://doi.org/10.1016/j.comcom.2016.03.012
Chant, I. (2017). The Cybersecurity Talent Shortage Is Here, and It’s a Big Threat to Companies. Retrieved January 10, 2018, from http://theinstitute.ieee.org/ieeeroundup/ blogs/blog/the-cybersecurity-talent-shortage-is-here-and-its-a-big-threat-to-companies
Chen, Q., Abdelwahed, S., & Erradi, A. (2014). A model-based validated autonomic approach to self-protect computing systems. IEEE Internet of Things Journal, 1(5), 446– 460.
Cheung, R. C. (1980). A user-oriented software reliability model. IEEE Transactions on Software Engineering, (2), 118–125.
Chung, L., & do Prado Leite, J. C. S. (2009). On Non-Functional Requirements in Software Engineering. In Conceptual Modeling: Foundations and Applications (pp. 363–379). Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-02463-4_19
Chung, L., Nixon, B. A., Yu, E., & Mylopoulos, J. (2012). Non-functional Requirements in Software Engineering. Springer Science & Business Media.
Cimpanu, C. (2016). Problems Reappear for IoT Device Owners with Discovery of New DDoS Trojan.
Cirani, S., Ferrari, G., & Veltri, L. (2013). Enforcing Security Mechanisms in the IP-Based Internet of Things: An Algorithmic Overview. Algorithms, 6(2), 197–226. https://doi.org/10.3390/a6020197
Cisco. (2015). Mitigating the Cybersecurity Skills Shortage: Top Insights and Actions from Cisco Security Advisory Services
Cisco. (2016a). Internet of Things at a Glance
Cisco. (2016b). The Internet of Things. It’s not about things. It’s about service. Retrieved from https://www.jasper.com/sites/default/files/pdf/IoT_Infographic.pdf%7D
Cisco. (2017). Cisco 2017 Annual Cybersecurity Report.
CISCO. The Internet of Things Reference Model (2014). Retrieved from http://cdn.iotwf.com/resources/71/IoT_Reference_Model_White_Paper_June_4_2014.pdf
Clements, P., Garlan, D., Little, R., Nord, R., & Stafford, J. (2003). Documenting software architectures: views and beyond. InP roceedings of the 25th International Conference on Software Engineering (pp. 740--741). ACM. Retrieved from http://delivery.acm.org/10.1145/780000/776928/p740-clements.pdf? ip=200.69.124.106&id=776928&acc=ACTIVE SERVICE&key=4D9619BEF5D5941F.D0AFA4C1BA803950.4D4702B0C3E38B35.4D4702B0C3E38B35&__acm__=1520370891_ece2c328b7de31eaf77e2c65c0fa3758
CNSS. (2010). National Information Assurance (IA) Glossary. Committee on National Security Systems.
Cobb, S. (2016a). Cybersecurity skills gap: It’s big and it’s bad for security. Retrieved from https://www.welivesecurity.com/2016/12/16/cybersecurity-skills-gap-big-and-bad/
Cobb, S. (2016b). Jackware: When connected cars meet ransomware.
Cobb, S. (2017). RoT: Ransomware of Things.
Colciencias. (2016). Tipología de proyectos calificados como de carácter cientifíco, tecnológico e innovación (Vol. 4). https://doi.org/10.1007/s13398-014-0173-7.2
Condry, M. W., & Nelson, C. B. (2016). Using Smart Edge IoT Devices for Safer, Rapid Response With Industry IoT Control Operations. Proceedings of the IEEE, 104(5), 938–946.
Cortellessa, V., & Mirandola, R. (2000). Deriving a queueing network based performance model from UML diagrams. In Proceedings of the 2nd international workshop on Software and performance (pp. 58–70).
Currie, R. (2016). Developments in Car Hacking. SANS Institute InfoSec Reading Room, 1–34.
CyberX. (2016). Radiation IoT Cyber Security Campaign.
Da Xu, L., He, W., & Li, S. (2014). Internet of things in industries: A survey. IEEE Transactions on Industrial Informatics, 10(4), 2233–2243.
Dalipi, F., & Yayilgan, S. Y. (2016). Security and Privacy Considerations for IoT Application on Smart Grids: Survey and Research Challenges. In 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW) (pp. 63–68). IEEE. https://doi.org/10.1109/W-FiCloud.2016.28
Davis, A. M. (1993). Software Requirements: Objects, Functions and States. Prentice-Hall, Inc.
De, S., Carrez, F., Reetz, E., Tönjes, R., & Wang, W. (2013). Test-Enabled Architecture for IoT Service Creation and Provisioning. In The Future Internet Assembly (pp. 233–245). https://doi.org/10.1007/978-3-642-38082-2_20
Deloitte. (2018). The cybersecurity talent shortage: An emerging challenge for consumer products companies
Dobre, C., Mavromoustakis, C. X., Garcia, N., Ivanova Goleva, R., & Mastorakis, G. (Eds.).( 2017). Glossary. In Ambient Assisted Living and Enhanced Living Environments (pp. xliii–xliv). Elsevier. https://doi.org/10.1016/B978-0-12-805195-5.00028-4
Dykstra, J. (2015). Essential Cybersecurity Science: Build, Test, and Evaluate Secure Systems (First Edit). O’Reilly Media.
Edwards, S., & Profetis, I. (2016). Hajime: Analysis of a decentralized internet worm for IoT devices.
Elmaghraby, A. S., & Losavio, M. M. (2014). Cyber security challenges in Smart Cities: Safety, security and privacy. Journal of Advanced Research, 5(4), 491–497. https://doi.org/10.1016/j.jare.2014.02.006
Emm, D., Unuchek, R., & Kruglov, K. (2016). Kaspersky Security Bulletin 2016. Review of the Year.
Essery, Michael. (2016). Today 65% of Enterprises Already Using Internet of Things; Business Value found in Optimizing Operations and Reducing Risk.
Fernandes, J., Nati, M., Loumis, N. S., Nikoletseas, S., Raptis, T. P., Krco, S., … Ziegler, S. (2015). IoT Lab: Towards co-design and IoT solution testing using the crowd. In Recent Advances in Internet of Things (RIoT), 2015 International Conference on (pp. 1–6).
Finkle, J. (2016). J&J warns diabetic patients: Insulin pump vulnerable to hacking. Reuters.
Fiutem, R., & Antoniol, G. (1998). Identifying design-code inconsistencies in object-oriented software: A case study. InS oftware Maintenance, 1998. Proceedings., International Conference on (pp. 94–102).
Folmer, E., Van Gurp, J., & Bosch, J. (2004). Software architecture analysis of usability. In International Workshop on Design, Specification, and Verification of Interactive Systems (pp. 38–58).
ForeScout Technologies. (2016). IoT Enterprise Risk Report.
Formisano, C., Pavia, D., Gurgen, L., Yonezawa, T., Galache, J. A., Doguchi, K., & Matranga, I. (2015). The advantages of IoT and cloud applied to smart cities. In Future Internet of Things and Cloud (FiCloud), 2015 3rd International Conference on (pp. 325–332).
Forrester. (2017). Predictions 2018: IoT Moves From Experimentation To Business Scale.
Fowler, K. (2016). Cybersecurity. In Enterprise Risk Management (pp. 91–108). Elsevier. https://doi.org/10.1016/B978-0-12-800633-7.00007-9
Fox-Brewster, T. (2016). How Hacked Cameras Are Helping Launch The Biggest Attacks The Internet Has Ever Seen.F orbes.
Fundación Telefónica. (2016). Ciberseguridad, la protección de la información en un mundo digital. Fundación Telefónica, Editorial Ariel S.A.
Gartner Inc. (2015). Gartner Says 6.4 Billion Connected “Things” Will Be in Use in 2016, Up 30 Percent From 2015.
Gartner Inc. (2016a). Gartner’s 2016 Hype Cycle for Emerging Technologies Identifies Three Key Trends That Organizations Must Track to Gain Competitive Advantage. Retrieved from www.gartner.com/newsroom/id/3412017
Gartner Inc. (2016b). Gartner Says By 2020, More Than Half of Major New Business Processes and Systems Will Incorporate Some Element of the Internet of Things.
Gartner Inc. (2016c). Gartner Says Worldwide IoT Security Spending to Reach $348 Million in 2016.
Gartner Inc. (2016d). Top 10 Strategic Technology Trends for 2017.
Ge, M., & Kim, D. S. (2015). A framework for modeling and assessing security of the internet of things. InP arallel and Distributed Systems (ICPADS), 2015 IEEE 21st International Conference on (pp. 776–781).
Gibbs, S. (2015). Hackers can hijack Wi-Fi Hello Barbie to spy on your children. The Guardian.
Gilchrist, A. (2016). IIoT Reference Architecture. In Industry 4.0 (pp. 65–86). Springer.
Gluhak, A., Hauswirth, M., Krco, S., Stojanovic, N., Bauer, M., Nielsen, R. H., … Corcho, O. (2011). An Architectural Blueprint for a Real-World Internet. InF uture Internet Assembly (pp. 67–80).
Gluhak, A., Munoz, L., Sotres, P., Sanchez, L., Roux, P., Sanchez, B., … Hernandez, A. L. (2013). Third Cycle Architecture Specification.
Gokhale, S. S., & Trivedi, K. S. (2002). Reliability prediction and sensitivity analysis based on software architecture. InS oftware Reliability Engineering, 2002. ISSRE 2003. Proceedings. 13th International Symposium on (pp. 64-75).
Gómez Vargas, M., Galeano Higuita, C., & Jaramillo Muñoz, D. A. (2015). El estado del arte: una metodología de investigación.R evista Colombiana de Ciencias Sociales, 6(2), 423–442.
Grant, M. J., & Booth, A. (2009). A typology of reviews: an analysis of 14 review types and associated methodologies.H ealth Information & Libraries Journal, 26(2), 91–108. https://doi.org/10.1111/j.1471-1842.2009.00848.x
Green, P. E. J. (2016). Introduction to Risk Management Principles. In Enterprise Risk Management (pp. 1–13). Elsevier. https://doi.org/10.1016/B978-0-12-800633- 7.00001-8
Gubbi, J., Buyya, R., Marusic, S., & Palaniswami, M. (2013). Internet of Things (IoT): A vision, architectural elements, and future directions.F uture Generation Computer Systems, 29(7), 1645–1660.
Guo, B., Zhang, D., Wang, Z., Yu, Z., & Zhou, X. (2013). Opportunistic IoT: Exploring the harmonious interaction between human and the internet of things. Journal of Network and Computer Applications, 36(6), 1531–1539.
Hayashi, K. (2014). IoT Worm Used to Mine Cryptocurrency.
Heer, T., Garcia-Morchon, O., Hummen, R., Keoh, S. L., Kumar, S. S., & Wehrle, K. (2011). Security Challenges in the IP-based Internet of Things.W ireless Personal Communications, 61(3), 527–542. https://doi.org/10.1007/s11277-011-0385-5
Hellaoui, H., Bouabdallah, A., & Koudil, M. (2016). TAS-IoT: Trust-Based Adaptive Security in the IoT. In Local Computer Networks (LCN), 2016 IEEE 41st Conference on (pp. 599–602).
Herjavec Group. (2017). 2017 Cybersecurity Jobs Report.
Hernandez-Ramos, J. L., Pawlowski, M. P., Jara, A. J., Skarmeta, A. F., & Ladid, L. (2015). Toward a lightweight authentication and authorization framework for smart objects. IEEE Journal on Selected Areas in Communications, 33(4), 690–702.
Hernandez Sampieri, R., Fernández Collado, C., & Baptista Lucio, M. del P. (2010). Metodología de la investigación (Quinta edi). McGraw-Hill, Inc.
Hewlett Packard Enterprise. (2015). Internet Of things research study.
Hioureas, V. (2015, May). Does CCTV put the public at risk of cyberattack? Kaspersky Labs.
Höller, J., Tsiatsis, V., Mulligan, C., Karnouskos, S., Avesand, S., & Boyle, D. (2014a). Architecture Reference Model. In From Machine-To-Machine to the Internet of Things (pp. 167–197). Elsevier. https://doi.org/10.1016/B978-0-12-407684-6.00007-3
Höller, J., Tsiatsis, V., Mulligan, C., Karnouskos, S., Avesand, S., & Boyle, D. (2014b). IoT Architecture – State of the Art. In From Machine-To-Machine to the Internet of Things (pp. 145–165). Elsevier. https://doi.org/10.1016/B978-0-12-407684-6.00006-1
Höller, J., Tsiatsis, V., Mulligan, C., Karnouskos, S., Avesand, S., & Boyle, D. (2014c). IoT Reference Architecture. In From Machine-To-Machine to the Internet of Things (pp. 199–223). Elsevier. https://doi.org/10.1016/B978-0-12-407684-6.00008-5
Hopkin, P. (2017). Fundamentals of Risk Management: Understanding, evaluating and implementing effective risk management
Huang, X., Craig, P., Lin, H., & Yan, Z. (2015). SecIoT: a security framework for the Internet of Things. Security and Communication Networks, 9, 3083–3095. https://doi.org/10.1002/sec.1259
Hussein, N. H., & Khalid, A. (2016). A survey of Cloud Computing Security challenges and solutions.I nternational Journal of Computer Science and Information Security, 14(1), 52.
Hwang, H., & Park, Y. B. (2017). Safety - Critical Software Quality Improvement Using Requirement Analysis. In2 017 International Conference on Platform Technology and Service (PlatCon) (pp. 1–4). IEEE. https://doi.org/10.1109/PlatCon.2017.7883725
IEEE. (1990). IEEE Standard Glossary of Software Engineering Terminology.
IEEE Computer Society. (2014). Guide to the Software Engineering - Body of Knowledge. (P. Bourque & R. E. Fairley, Eds.), IEEE Computer Society (V3 ed.). https://doi.org/10.1234/12345678
Intel. (2016). A Guide to the Internet of Things. How billion of online objects are making the web wiser.
Intel Security, & CSIS. (2016). Hacking the Skills Shortage: A study of the international shortage in cybersecurity skills
Internet of Things Guide. (2016). Glossary Term.
Ionita, M. T., Hammer, D., & Obbink, H. (2002). Scenario-Based Software Architecture Evaluation Methods: An Overview.T echnical University, 1–10.
Iorga, M., Feldman, L., Barton, R., Martin, M. J., Goren, N., & Mahmoudi, C. (2017). The NIST Definition of Fog Computing.
IoT-A Project. (2016). Requirements — IOT-A: Internet of Things Architecture. Retrieved from http://www.iot-a.eu/public/requirements/copy_of_requirements
ISACA. (2013). A simple definition of cybersecurity.
ISACA. (2016a). 2016 Cybersecurity Skills Gap. Retrieved from https://isaca.org.ar/2016/12/07/cybersecurity-skills-gap/
ISACA. (2016b). Cybersecurity Fundamentals Glossary
ISACA. (2018). State of Cybersecurity Study: Security Budgets Increasing, But Qualified Cybertalent Remains Hard to Find. Retrieved May 31, 2018, from http://www.isaca.org/About-ISACA/Press-room/News-Releases/2018/Pages/State-of-Cybersecurity-Study-Security-Budgets-Increasing-But-Qualified-Cybertalent- Remains-Hard-to-Find.aspx
ISO/IEC/IEEE. (2010). ISO/IEC/IEEE 24765:2010 Systems and software engineering - Vocabulary.
ISO/IEC/IEEE. (2011). ISO/IEC/IEEE 42010:2011, Systems and software engineering — Architecture description.
ISO/IEC. (2012). ISO/IEC 27032:2012, Information technology -- Security techniques -- Guidelines for cybersecurity. Retrieved from https://www.iso.org/standard/44375.html
ISO/IEC. (2013). ISO/IEC 27001:2013, Information technology -- Security techniques -- Information security management systems -- Requirements.
ISO/IEC. (2015). ISO/IEC/IEEE 27017:2015, Information technology -- Security techniques -- Code of practice for information security controls based on ISO/IEC 27002 for cloud services.
ITU-T. (2012). Overview of the Internet of things. Series Y: Global information infrastructure, internet protocol aspects and next-generation networks - Frameworks and functional architecture models.
ITU-T. (2014a). F.748.0: Common requirements for Internet of things (IoT) applications.
ITU-T. (2014b). Y.2066: Common requirements of the Internet of things.
Jiménez, J. A., Russo, M., Krco, S., Bezanilla, R., Munoz, L., Galache, J. A., …K outsoubelias, M. (2012). Second Cycle Architecture Specification.
Jóźwiak, L. (2017a). Advanced mobile and wearable systems. Microprocessors and Microsystems, 50, 202–221. https://doi.org/10.1016/j.micpro.2017.03.008
Jóźwiak, L. (2017b). Advanced mobile and wearable systems. Microprocessors and Microsystems, 50, 202–221. https://doi.org/10.1016/j.micpro.2017.03.008
Kaspersky Lab. (2016). Kaspersky Security Bulletin 2016.
Kaspersky Labs. (2015a). Damage Control: The Cost of Security Breaches. It Security Risk Special Report Series.
Kaspersky Labs. (2015b). Global IT Security Risks Survey.
Kazman, R., Bass, L., Abowd, G., & Webb, M. (1994). SAAM: A method for analyzing the properties of software architectures. InS oftware Engineering, 1994. Proceedings. ICSE-16., 16th International Conference on (pp. 81–90).
Kazman, R., Klein, M., Barbacci, M., Longstaff, T., Lipson, H., & Carriere, J. (1998).T he Architecture Tradeoff Analysis Method.
Kim, D., & Solomon, M. G. (2016). Fundamentals of Information Systems Security. Jones & Bartlett Learning. Retrieved from https://books.google.com.co/books? id=Yb4eDQAAQBAJ
Kitchenham, B., & Charters, S. (2007). Guidelines for performing systematic literature reviews in software engineering version 2.3.
Kotonya, G., & Sommerville, I. (1998). Requirements Engineering: Processes and Techniques (1st ed.). Wiley Publishing.
Krco, S., Pokric, B., & Carrez, F. (2014). Designing IoT architecture (s): A European perspective. InI nternet of Things (WF-IoT), 2014 IEEE World Forum on (pp. 79–84).
Krishnamurthy, S., & Mathur, A. P. (1997). On the estimation of reliability of a software system using reliabilities of its components. InS oftware Reliability Engineering, 1997. Proceedings., The Eighth International Symposium on (pp. 146–155).
Kubat, P. (1989). Assessing reliability of modular software. Operations Research Letters, 8(1), 35–41.
Laprie, J.-C. (1984). Dependability evaluation of software systems in operation. IEEE Transactions on Software Engineering, (6), 701–714.
Lassing, N. H., Rijsenbrij, D. B. B., & van Vliet, H. (1999). On software architecture analysis of flexibility, complexity of changes: Size isn’t everything.
Lee, C., Zappaterra, L., Kwanghee Choi, & Hyeong-Ah Choi. (2014). Securing smart home: Technologies, security challenges, and security requirements. In2 014 IEEE Conference on Communications and Network Security (pp. 67–72). IEEE. https://doi.org/10.1109/CNS.2014.6997467
Lee, G. M., Crespi, N., Choi, J. K., & Boussard, M. (2013). Internet of things. InE volution of Telecommunication Services (pp. 257–282). Springer.
Lee, I., & Lee, K. (2015). The Internet of Things (IoT): Applications, investments, and challenges for enterprises.B usiness Horizons, 58(4), 431–440.
Lee, S., & Kim, S. (2013). Hacking, surveilling, and deceiving victims on Smart TV. Black Hat.
Leyden, J. (2016). One Ring to pwn them all: IoT doorbell can reveal your Wi-Fi key. The Register.
Li, S., Xu, L. Da, & Zhao, S. (2015). The internet of things: a survey. Information Systems Frontiers, 17(2), 243–259. https://doi.org/10.1007/s10796-014-9492-7
Lindvall, M., Tvedt, R. T., & Costa, P. (2003). An empirically-based process for software architecture evaluation. Empirical Software Engineering, 8(1), 83–108.
Liu, L., Yin, L., Guo, Y., & Fang, B. (2014). EAC: a framework of authentication property for the IoTs. In Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2014 International Conference on (pp. 102–105).
Lize, G., Jingpei, W., & Bin, S. (2014). Trust management mechanism for Internet of Things.C hina Communications, 11(2), 148–156.
Lloyd’s. (2017). Counting the cost Cyber exposure decoded.
Lloyd, W., & Connie, S. (2002). PASA: A Method for the Performance Assessment of Software Architectures. In Proceedings of the Third International Workshop on Software and Performance (WOSP’2002), July (pp. 24–26).
Loucopoulus, P., & Karakostas, V. (1995). System Requirements Engineering. McGraw-Hill, Inc.
Ma, M., Wang, P., & Chu, C.-H. (2013). Data management for internet of things: challenges, approaches and opportunities. In Green Computing and Communications (GreenCom), 2013 IEEE and Internet of Things (iThings/CPSCom), IEEE International Conference on and IEEE Cyber, Physical and Social Computing (pp. 1144– 1151).
Mahalank, S. N., Malagund, K. B., & Banakar, R. M. (2016). Non Functional Requirement Analysis in IoT based smart traffic management system. In 2016 International Conference on Computing Communication Control and automation (ICCUBEA) (pp. 1–6). IEEE. https://doi.org/10.1109/ICCUBEA.2016.7860147
Mahalle, P. N., Anggorojati, B., Prasad, N. R., & Prasad, R. (2013). Identity authentication and capability based access control (iacac) for the internet of things.J ournal of Cyber Security and Mobility, 1(4), 309--348.
Malware Must Die. (2016). MMD-0058-2016 - Linux/NyaDrop - a linux MIPS IoT bad news.
Manrique, J. A., Rueda-Rueda, J. S., & Portocarrero, J. M. T. (2016). Contrasting Internet of Things and Wireless Sensor Network from a Conceptual Overview. In 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData) (pp. 252–257). IEEE. https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData.2016.66
Maxwell, J. A. (2005). Conceptual framework: What do you think is going on. Qualitative Research Design: An Interactive Approach, 41, 33–63.
Mead, N. R., & Stehney, T. (2005). Security quality requirements engineering (SQUARE) methodology. ACM SIGSOFT Software Engineering Notes, 30(4), 1. https://doi.org/10.1145/1082983.1083214
Mell, P., & Grance, T. (2011). The NIST Definition of Cloud Computing.
Microsoft Colombia. (2016). Principales tendencias de seguridad en IoT.
Miles, M. B., & Huberman, A. M. (1994). Qualitative data analysis: An expanded sourcebook. sage.
Miller, C., & Valasek, C. (2015). Remote Exploitation of an Unaltered Passenger Vehicle.
Miorandi, D., Sicari, S., De Pellegrini, F., & Chlamtac, I. (2012). Internet of things: Vision, applications and research challenges. Ad Hoc Networks, 10(7), 1497–1516.
Miranda, J., Mäkitalo, N., Garcia-Alonso, J., Berrocal, J., Mikkonen, T., Canal, C., & Murillo, J. M. (2015).F rom the Internet of Things to the Internet of People.I EEE Internet Computing, 19(2), 40–47.
Moher, D., Liberati, A., Tetzlaff, J., & Altman, D. G. (2009). Preferred Reporting Items for Systematic Reviews and Meta-Analyses: The PRISMA Statement. PLoS Medicine, 6(7), e1000097. https://doi.org/10.1371/journal.pmed.1000097
Molter, G. (1999). Integrating SAAM in domain-centric and reuse-based development processes. In Proceedings of the 2nd Nordic Workshop on Software Architecture, Ronneby (pp. 1–10).
Monteiro, C., Oliveira, M., Bastos, J., Ramrekha, T., & Rodriguez, J. (2014). Social Networks and Internet of Things, an Overview of the SITAC Project. In International Wireless Internet Conference (pp. 191–196).
Moore, B. J. (1994). Achieving software quality through requirements analysis. InP roceedings of 1994 IEEE International Engineering Management Conference - IEMC ’94 (pp. 78–83). IEEE. https://doi.org/10.1109/IEMC.1994.379948
Morán Delgado, G., & Alvarado Cervantes, D. G. (2010). Métodos de investigación (Primera ed). Pearson Education.
Mossburg, E., Gelinne, J., & Calzada, H. (2016). Beneath the surface of a cyberattack: A deeper look at business impacts.
Mostow, J. (1985). Towards Better Models of the Design Process. AI Magazine, 6(1), 44–57.
Mozzaquatro, B. A., Jardim-Goncalves, R., Melo, R., & Agostinho, C. (2016). The application of security adaptive framework for sensor in industrial systems. InS ensors Applications Symposium (SAS), 2016 IEEE (pp. 1–6).
Muñoz, L., Sanchez, L., Galache, J. A., Gutierrez, V., Garcia, R., Poyato, P., … Ramdhany, R. (2011).F irst Cycle Architecture Specification.
Murphy, G. C., Notkin, D., & Sullivan, K. (1995). Software reflexion models: Bridging the gap between source and high-level models.A CM SIGSOFT Software Engineering Notes, 20(4), 18–28.
Nakagawa, E. Y., Oquendo, F., & Becker, M. (2012). RAModel: A Reference Model for Reference Architectures. In Software Architecture (WICSA) and European Conference on Software Architecture (ECSA), 2012 Joint Working IEEE/IFIP Conference on (pp. 297–301). IEEE. https://doi.org/10.1109/WICSA-ECSA.212.49
Namal, S., Gamaarachchi, H., MyoungLee, G., & Um, T.-W. (2015). Autonomic trust management in cloud-based and highly dynamic IoT applications. In ITU Kaleidoscope: Trust in the Information Society (K-2015), 2015 (pp. 1–8).
Naur, P., & Randell, B. (1969). Software Engineering: Report of a conference sponsored by the NATO Science Committee, Garmisch, Germany, 7-11 Oct. 1968, Brussels, Scientific Affairs Division, NATO.
Neisse, R., Fovino, I. N., Baldini, G., Stavroulaki, V., Vlacheas, P., & Giaffreda, R. (2014). A model-based security toolkit for the internet of things. InA vailability, Reliability and Security (ARES), 2014 Ninth International Conference on (pp. 78–87).
Nia, A. M., & Jha, N. K. (2016). A comprehensive study of security of internet-of-things. IEEE Transactions on Emerging Topics in Computing.
NIST. (2011). ISO/IEC 25010:2011 - Systems and software engineering -- Systems and software Quality Requirements and Evaluation (SQuaRE) -- System and software quality models.
NIST. (2013). Glossary of Key Information Security Terms.
NowSecure. (2016). 2016 NowSecure Mobile Security Report.
Object Management Group. (2005). Introducction to OMG’s Unified Modeling Language. Retrieved from http://www.uml.org/what-is-uml.htm
Object Management Group. (2017). About the Unified Modeling Language Specification Versión 2.5.1. Retrieved from https://www.omg.org/spec/UML/About-UML/
Oficina Nacional de Seguridad. (2016). Normas de la Autoridad Nacional para la Protección de la Información Clasificada. Retrieved from http://www.buenjuicio.com/wpcontent/ uploads/2015/07/Normas_de_la_Autoridad_Nacional_para_la_Proteccion_de_la_Informacion_Clasificada.pdf
Oltski, J. (2017). The Life and Times of Cybersecurity Professionals.
OWASP. (2016a). IoT Framework Assessment. Retrieved November 29, 2017, from https://www.owasp.org/index.php/IoT_Framework_Assessment
OWASP. (2016b). Principles of IoT Security. Retrieved November 4, 2017, from https://www.owasp.org/index.php/Principles_of_IoT_Security
OWASP. (2017a). About The Open Web Application Security Project. Retrieved from www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project
OWASP. (2017b). OWASP Internet of Things (IoT) Project.
OWASP. (2017c). Password Storage Cheat Sheet. Retrieved November 29, 2017, from https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
Owens, D. (2005). Documenting Software Architectures: Views and Beyond. Technical Communication, 52(1), 75–77.
Pacheco, J., & Hariri, S. (2016). IoT Security Framework for Smart Cyber Infrastructures. In Foundations and Applications of Self* Systems, IEEE International Workshops on (pp. 242–247).
Pacheco, J., Satam, S., Hariri, S., Grijalva, C., & Berkenbrock, H. (2016). IoT Security Development Framework for building trustworthy Smart car services. In Intelligence and Security Informatics (ISI), 2016 IEEE Conference on (pp. 237–242).
Pastrana, S., Rodriguez-Canseco, J., & Calleja, A. (n.d.). ArduWorm: A Functional Malware Targeting Arduino Devices.
Patel, P., & Cassou, D. (2015). Enabling high-level application development for the internet of things. Journal of Systems and Software, 103, 62–84.
Patiño, R. G. (2016). El estado del arte en la investigación: ¿Análisis de los conocimientos acumulados o indagación por nuevos sentidos?R evista Folios, 2(44).
Pawar, M. V, & Anuradha, J. (2015). Network Security and Types of Attacks in Network. Procedia Computer Science, 48, 503–506.
Picco, G. Pietro. (2010). Software engineering and wireless sensor networks. In Proceedings of the FSE/SDP workshop on Future of software engineering research - FoSER ’10 (p. 283). New York, New York, USA: ACM Press. https://doi.org/10.1145/1882362.1882421
Pohl, K. (2010). Requirements Engineering: Fundamentals, Principles, and Techniques (1st Editio). Springer Publishing Company.
Pressman, R. S. (2010). Ingeniería del Software: un enfoque práctico (Séptima ed). The McGraw-Hill.
Radomirovic, S. (2010). Towards a Model for Security and Privacy in the Internet of Things. InP roc. First Int’l Workshop on Security of the Internet of Things (p. 6).
Ratkowski, A. (2016). Architecture for Internet of Things Analytical Ecosystem. InD ependability Engineering and Complex Systems (pp. 385–393). Springer.
Refsdal, A., Solhaug, B., & Stølen, K. (2015). Cyber-Risk Management. Cham: Springer International Publishing. https://doi.org/10.1007/978-3-319-23570-7
Riazul Islam, S. M., Daehan Kwak, Humaun Kabir, M., Hossain, M., & Kyung-Sup Kwak. (2015). The Internet of Things for Health Care: A Comprehensive Survey. IEEE Access, 3, 678–708. https://doi.org/10.1109/ACCESS.2015.2437951
Robles, T., Alcarria, R., de Andrés, D. M., Navarro, M., Calero, R., Iglesias, S., & López, M. (2015). An IoT based reference architecture for smart water management processes. JoWUA, 6(1), 4–23.
Roman, G.-C. (1985). A taxonomy of current issues in requirements engineering.I EEE Computer, 18(4), 14–23.
Ross, E. (2016). Baby monitors “hacked”: Parents warned to be vigilant after voices heard coming from speakers. Independent.
Roy, B., & Graham, N. (2008). Methods for Evaluating Software Architecture: A Survey. Ontario, Canada.
Rozanski, N., & Woods, E. (2005). Applying Viewpoints and Views to Software Architecture.
RSA. (2016). 2016: Current State of Cybercrime.
Rueda R., J. S., & TalaveraP., J. M. (2017). Similitudes y diferencias entre Redes de Sensores Inalámbricas e Internet de las Cosas: Hacia una postura clarificadora Similarities and differences between Wireless Sensor Networks and the Internet of Things: Towards a clarifying position. Revista Colombiana de Computación, 18(2), 58–74. https://doi.org/10.29375/25392115.3218
Ruparelia, N. B. (2010). Software development lifecycle models. ACM SIGSOFT Software Engineering Notes, 35(3), 8–13. https://doi.org/10.1145/1764810.1764814
Sadeghi, A.-R., Wachsmann, C., & Waidner, M. (2015). Security and privacy challenges in industrial internet of things. InP roceedings of the 52nd Annual Design Automation Conference on - DAC ’15 (pp. 1–6). New York, New York, USA: ACM Press. https://doi.org/10.1145/2744769.2747942
Sanchez, L., Muñoz, L., Galache, J. A., Sotres, P., Santana, J. R., Gutierrez, V., … others. (2014). SmartSantander: IoT experimentation over a smart city testbed. Computer Networks, 61, 217–238.
Sanchez, S., Angel Sicilia, M., & Rodriguez, D. (2012). Ingeniería del Sofware. Un enfoque desde la guía SWEBOK. Alfaomega.
Schauer, P., & Debita, G. (2015). Internet of Things Service Systems Architecture.
Schrott, U. (2017). Austrian hotel experiences ‘ransomware of things attack.’
Sefika, M., Sane, A., & Campbell, R. H. (1996). Monitoring compliance of a software system with its high-level design models. InP roceedings of the 18th international conference on Software engineering (pp. 387–396).
Seo, S., Kim, J., Yun, S., Huh, J., & Maeng, S. (2015). HePA: Hexagonal Platform Architecture for Smart Home Things. In Parallel and Distributed Systems (ICPADS), 2015 IEEE 21st International Conference on (pp. 181–189).
Serbanati, A., Salinas Segura, A., Olivereau, A., Ben Saied, Y., Gruschka, N., Gessner, D., & Gomez-Marmol, F. (2012). Project Deliverable D4.2 - Concepts and Solutions for Privacy and Security in the Resolution Infrastructure.
Serna, J., Morales, R., Medina, M., & Luna, J. (2014). Trustworthy communications in Vehicular Ad Hoc NETworks. In Internet of Things (WF-IoT), 2014 IEEE World Forum on (pp. 247–252).
Shaw, M. (1989). Larger Scale Systems Require Higher-Level Abstractions. ACM Sigsoft Software Engineering Notes, 14(3), 143–146.
Shen, S., & Carugi, M. (2014). Standardizing the Internet of Things in an evolutionary way. In ITU Kaleidoscope Academic Conference: Living in a converged world- Impossible without standards?, Proceedings of the 2014 (pp. 249–254).
Shirey, R. (2007). Internet Security Glossary, Version 2.
Shooman, M. L. (1976). Structural models for software reliability prediction. In Proceedings of the 2nd international conference on Software engineering (pp. 268–280).
Shrouf, F., Ordieres, J., & Miragliotta, G. (2014). Smart factories in Industry 4.0: A review of the concept and of energy management approached in production based on the Internet of Things paradigm. In Industrial Engineering and Engineering Management (IEEM), 2014 IEEE International Conference on (pp. 697–701).
Sicari, S., Rizzardi, A., Grieco, L. A., & Coen-Porisini, A. (2015). Security, privacy and trust in Internet of Things: The road ahead. Computer Networks, 76, 146–164.
Singh, M., & Bhandari, P. (2016). Building a framework for network security situation awareness. In Computing for Sustainable Global Development (INDIACom), 2016 3rd International Conference on (pp. 2578–2583).
Singh, S., & Singh, N. (2015). Internet of Things (IoT): Security challenges, business opportunities & reference architecture for E-commerce. In Green Computing and Internet of Things (ICGCIoT), 2015 International Conference on (pp. 1577–1581).
Skala, K., Davidovic, D., Afgan, E., Sovic, I., & Sojat, Z. (2015). Scalable Distributed Computing Hierarchy: Cloud, Fog and Dew Computing.O pen Journal of Cloud Computing (OJCC), 2(1), 16–24.
Smartex. (2016). Glossary of terms and expressions used in connection with The Internet of Things with a final section of related ‘Standards.’ Retrieved from http://www.smartex.com/wp-content/uploads/2016/04/Internet-of-Things-Glossary-of-Terms-V8-draft.pdf
Smith, C. U. (1990). Performance engineering of software systems. Addison-Wesley Longman Publishing Co., Inc.
Software Engineering Institute. (2016). Software Engineering Institute Glossary.
Sommerville, I. (2011). Ingeniería del Software. PEARSON.
Sommerville, I., & Sawyer, P. (1997). Requirements Engineering: A Good Practice Guide. John Wiley & Sons, Inc.
Souza, R., & Cardozo, E. (2016). A Resource-Oriented Architecture for the Internet of Things (IoT). InC onnectivity Frameworks for Smart Devices (pp. 99–116). Springer.
Statista. (2018). Number of Internet of Things (IoT) devices connected worldwide in 2017 and 2018, by type (in millions).
Stoermer, C., Bachmann, F., & Verhoef, C. (2003). SACAM: The software architecture comparison analysis method.
Stojmenovic, I., Wen, S., Huang, X., & Luan, H. (2015). An overview of Fog computing and its security issues. Concurrency and Computation: Practice and Experience.
Stoneburner, G., Goguen, A. Y., & Feringa, A. (2002). SP 800-30. risk management guide for information technology systems.
Stravoskoufos, K., Sotiriadis, S., & Petrakis, E. (2016). IoT-A and FIWARE: bridging the barriers between the cloud and IoT systems design and implementation. In Proc. 6th Int’l Conf. Cloud Computing and Services Science (pp. 146–153).
Subramani, K. S., Antonopoulos, A., Nosratinia, A., & Makris, Y. (2016). Hardware-Induced Security & Privacy Vulnerabilities in the Internet of Things.
Supriya, S., & Padaki, S. (2016). Data Security and Privacy Challenges in Adopting Solutions for IOT. In 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData) (pp. 410–415). IEEE. https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData.2016.97
Tahir, R., Tahir, H., McDonald-Maier, K., & Fernando, A. (2016). A novel ICMetric based framework for securing the Internet of Things. In Consumer Electronics (ICCE), 2016 IEEE International Conference on (pp. 469–470).
Talavera Portocarrero, J. M. (2016). RAMSES: Reference Architectue of Self-Adaptative Middleware for Wireless Sensor Networks. Universidade Federal fo Rio de Janeiro.
Techopedia. (2017). What is Modeling Language? Retrieved November 2, 2017, from https://www.techopedia.com/definition/20810/modeling-language
Tekinerdogan, B. (2004). ASAAM: Aspectual software architecture analysis method. In Software Architecture, 2004. WICSA 2004. Proceedings. Fourth Working IEEE/IFIP Conference on (pp. 5–14).
Thierer, A. D. (2014). The Internet of Things & Wearable Technology: Addressing Privacy & Security Concerns Without Derailing Innovation.S SRN Electronic Journal. https://doi.org/10.2139/ssrn.2494382
Touhill, G. J., & Touhill, J. (2014). Cybersecurity for Executives: A Practical Guide. John Wiley & Sons, Inc.
Townsend Security. (2016). Definitive Guide to Encryption Key Management Fundamentals. Retrieved from https://info.townsendsecurity.com/definitive-guide-to-encryptionkey- management-fundamentals
Trend Micro. (2015). Trend Micro Glossary: Ransomware.
Tuck, M. (2016). Internet of Things: Are We There Yet? (The 2016 IoT Landscape) – Matt Turck. Retrieved July 2, 2017, from http://mattturck.com/2016-iot-landscape/
Tuck, M. (2018). Growing Pains: The 2018 Internet of Things Landscape. Retrieved from http://mattturck.com/iot2018/
Tvedt, R. T., Lindvall, M., & Costa, P. (2002). A process for software architecture evaluation using metrics. In Software Engineering Workshop, 2002. Proceedings. 27th Annual NASA Goddard/IEEE (pp. 191–196).
US-CERT. (2016). Alert (TA16-288A) Heightened DDoS Threat Posed by Mirai and Other Botnets.
Usländer, T., & Epple, U. (2015). Reference model of industrie 4.0 service architectures. At-Automatisierungstechnik, 63(10), 858–866.
Van Kranenburg, R. (2008). The Internet og Things. A critique of ambient technology and the all-seeing network of RFID. Amsterdam.
Vaquero, L. M., Rodero-Merino, L., Caceres, J., & Lindner, M. (2008). A break in the clouds: Towards a Cloud Definition. ACM SIGCOMM Computer Communication Review, 39(1), 50. https://doi.org/10.1145/1496091.1496100
Verdouw, C. N., Robbemond, R. M., Verwaart, T., Wolfert, J., & Beulens, A. J. M. (2015). A reference architecture for IoT-based logistic information systems in agri-food supply chains. Enterprise Information Systems, 1–25.
Weyrich, M., & Ebert, C. (2016). Reference architectures for the internet of things. IEEE Software, 33(1), 112–116.
Williams, L. G., & Smith, C. U. (1998). Performance Engineering of Software Architectures. InP roceeding on Workshop Software and Performance (pp. 164–177).
WSO2. (2015). A Reference Architecture for the Internet of Things.
Xu, B., Zhang, D., & Yang, W. (2012). Research on architecture of the Internet of Things for grain monitoring in storage. InI nternet of Things (pp. 431–438). Springer.
Yacoub, S. M., Cukic, B., & Ammar, H. H. (1999). Scenario-based reliability analysis of component-based software. In Software Reliability Engineering, 1999. Proceedings. 10th International Symposium on (pp. 22–31).
Yamamoto, Y., Morris, R. V., Hartsough, C., & Callender, E. D. (1982). The role of requirements analysis in the system life cycle. In Proceedings of the June 7-10, 1982, national computer conference on - AFIPS ’82 (p. 381). New York, New York, USA: ACM Press. https://doi.org/10.1145/1500774.1500821
Yang, J., & Fang, B.-X. (2011). Security model and key technologies for the Internet of things. The Journal of China Universities of Posts and Telecommunications, 18(2), 109–112.
Yi, S., Li, C., & Li, Q. (2015). A Survey of Fog Computing: Concepts, Applications and Issues. In Mobidata ’15 Proceedings of the 2015 Workshop on Mobile Big Data (pp. 37–42). ACM. https://doi.org/10.1145/2757384.2757397
York Risk Services Group. (2015). No Business is too small for a cyber-attack.
Zegzhda, D., & Stepanova, T. (2015). Achieving Internet of Things security via providing topological sustainability. In Science and Information Conference (SAI), 2015 (pp. 269–276).
Zhang, K., Ni, J., Yang, K., Liang, X., Ren, J., & Shen, X. S. (2017). Security and Privacy in Smart City Applications: Challenges and Solutions. IEEE Communications Magazine, 55(1), 122–129. https://doi.org/10.1109/MCOM.2017.1600267CM
Zhang, Q., Cheng, L., & Boutaba, R. (2010). Cloud computing: state-of-the-art and research challenges. Journal of Internet Services and Applications, 1(1), 7–18. https://doi.org/10.1007/s13174-010-0007-6
dc.rights.uri.*.fl_str_mv http://creativecommons.org/licenses/by-nc-nd/2.5/co/
dc.rights.local.spa.fl_str_mv Abierto (Texto Completo)
dc.rights.accessrights.spa.fl_str_mv info:eu-repo/semantics/openAccess
http://purl.org/coar/access_right/c_abf2
dc.rights.creativecommons.*.fl_str_mv Atribución-NoComercial-SinDerivadas 2.5 Colombia
rights_invalid_str_mv http://creativecommons.org/licenses/by-nc-nd/2.5/co/
Abierto (Texto Completo)
http://purl.org/coar/access_right/c_abf2
Atribución-NoComercial-SinDerivadas 2.5 Colombia
eu_rights_str_mv openAccess
dc.format.mimetype.spa.fl_str_mv application/pdf
dc.coverage.spa.fl_str_mv Bucaramanga (Colombia)
dc.coverage.campus.spa.fl_str_mv UNAB Campus Bucaramanga
dc.publisher.grantor.spa.fl_str_mv Universidad Autónoma de Bucaramanga UNAB
dc.publisher.faculty.spa.fl_str_mv Facultad Ingeniería
dc.publisher.program.spa.fl_str_mv Maestría en Telemática
institution Universidad Autónoma de Bucaramanga - UNAB
bitstream.url.fl_str_mv https://repository.unab.edu.co/bitstream/20.500.12749/3552/5/2018_Tesis_Johan_Smith_Rueda_Rueda.pdf
https://repository.unab.edu.co/bitstream/20.500.12749/3552/2/2018_Articulo_Johan_Smith_Rueda_Rueda.pdf
https://repository.unab.edu.co/bitstream/20.500.12749/3552/4/2018_Articulo_Johan_Smith_Rueda_Rueda.pdf.jpg
https://repository.unab.edu.co/bitstream/20.500.12749/3552/6/2018_Tesis_Johan_Smith_Rueda_Rueda.pdf.jpg
bitstream.checksum.fl_str_mv 8524367e1df4cb90193ea7b2305cb424
1b5363a045c7c25a056c913897904ad0
020504d13ceba3faf793812f5c5efd29
fd1efd985a57827f4cdbd2abdf464298
bitstream.checksumAlgorithm.fl_str_mv MD5
MD5
MD5
MD5
repository.name.fl_str_mv Repositorio Institucional | Universidad Autónoma de Bucaramanga - UNAB
repository.mail.fl_str_mv repositorio@unab.edu.co
_version_ 1814277291602083840
spelling Talavera Portocarrero, Jesús Martínf210e4ef-3f25-4517-8c74-c0d4c40188f9-1Cabrera Cruz, José Daniel15e242b3-32d0-4e32-95f6-2b6ca1abd623-1Rueda Rueda, Johan Smith55581a1c-a923-47a0-bb00-b632cd9aafbb-1https://scienti.minciencias.gov.co/cvlac/visualizador/generarCurriculoCv.do?cod_rh=0000069035https://scienti.minciencias.gov.co/cvlac/visualizador/generarCurriculoCv.do?cod_rh=0000084238Cabrera Cruz, José Daniel [0000069035]https://scholar.google.es/citations?hl=es#user=hses_w0AAAAJCabrera Cruz, José Daniel [0000069035]https://orcid.org/0000-0002-1815-5057Cabrera Cruz, José Daniel [0000-0002-1815-5057]https://www.researchgate.net/profile/Jose_Cabrera_CruzCabrera Cruz, José Daniel [Jose_Cabrera_Cruz]Grupo de Investigación Pensamiento Sistémico - GPSGrupo de Investigaciones ClínicasCabrera Cruz, José Daniel [josé-daniel-cabrera-cruz]Cabrera Cruz, José Daniel [josé-daniel-cabrera-cruz-23900b10]2020-06-26T21:35:50Z2020-06-26T21:35:50Z2018http://hdl.handle.net/20.500.12749/3552instname:Universidad Autónoma de Bucaramanga - UNABreponame:Repositorio Institucional UNABEl internet de las cosas – IoT, es uno paradigmas tecnológicos con rápido crecimiento en los últimos años, en el que objetos inteligentes o cosas, interactúan entre sí y con recursos físicos y/o virtuales a través de Internet. Junto con este crecimiento hace resonancia uno de los retos que presenta este paradigma, la seguridad de aplicaciones IoT. Este trabajo de investigación parte del problema que existen aplicaciones IoT inseguras por la falta de guías que orienten a los desarrolladores en la implementación del dominio de la ciberseguridad en la fase de diseño y la evaluación de estas. La hipótesis planeada es que, mediante un framework, compuesto por diferentes tipos de modelos, se puede orientar al equipo de desarrollo sobre cómo considerar ciberseguridad en las aplicaciones IoT. Desde este punto de partida, en este trabajo se propone un framework conceptual de ciberseguridad para aplicaciones IoT, llamado SMITH Framework. Este framework está compuesto por dos modelos: el primero, un modelo de gestión de la ciberseguridad cuyo propósito es orientar a los desarrolladores de aplicaciones IoT las consideraciones de ciberseguridad que deben tenerse en cuenta desde la fase de diseño de una solución IoT ; el segundo, un modelo conceptual del dominio de la ciberseguridad en el que se presenten seis componentes de seguridad y su relación con el dominio de IoT. Para verificar la hipótesis planteada, se hizo una validación del SMITH Framework basada en el método ATAM, en el que se diseñó una aplicación IoT orientada por elementos del framework propuesto. Los resultados arrojados permitieron conocer que sí es posible orientar al equipo de desarrollo en la implementación de la ciberseguridad en la fase de diseño de una aplicación IoT, confirmando la hipótesis planteadaINTRODUCCIÓN 1. DESCRIPCIÓN GENERAL DEL PROYECTO 1.1. PROBLEMA DE INVESTIGACIÓN 1.1.1 Contexto 1.1.2 Problema 1.2. MOTIVACIÓN 1.2.1 Modelamiento del dominio de la ciberseguridad 1.2.2 Buenas prácticas de la ingeniería del software en proyectos telemáticos 1. 3 PREGUNTA DE INVESTIGACIÓN 1.4 HIPÓTESIS 1.5 OBJETIVOS 1.6 CONTRIBUCIONES. 2. MARCO REFERENCIAL 2.1 MARCO CONCEPTUAL 2.1.1 Ingeniería del software 2.1.1.1 Arquitectura de referencia 2.1.1.2 Arquitectura de software 2.1.1.3 Framework 2.1.1.4 Framework conceptual 2.1.1.4 Modelo de referencia 2.1.1.5 Requisito de calidad 2.1.2 Ciberseguridad 2.1.2.1 Ciberespacio 2.1.2.2 Ciberincidente 2.1.2.3 Incidente de seguridad 2.1.2.4 Ingeniería de seguridad 2.1.3 Telemática 2.1.4 Internet de las cosas 2.1.5 Modelamiento 2.1.5.1 Dominio 2.1.5.2 Lenguajes de modelamiento 2.1.5.3 Modelo 2.2 MARCO TEÓRICO 2.2.1 Ingeniería del software 2.2.1.1 Proceso de desarrollo de software 2.2.1.2 Ingeniería de requisitos 2.2.1.3 Importancia de los requisitos en el desarrollo de software 2.2.1.4 Evaluación de arquitecturas 2.2.2 Ciberseguridad 2.2.3 Internet de las cosas 2.2.3.1 Dominios de aplicación 2.2.3.2 Construcción de aplicaciones IoT 2.2.3.3 Roles en el desarrollo de aplicaciones IoT 2.2.4 Computación distribuida 2.2.4.1 Cloud computing 2.2.4.2 Fog computing 2.2.4.3 Dew computing 2.3 ESTADO DEL ARTE 2.3.1 Frameworks de seguridad para aplicaciones IoT 2.3.1.1 Modelos de seguridad para IoT 2.3.1.2 Frameworks de seguridad para IoT 2.3.1.3 Tendencias de construcción 2.3.1.4 Recursos IoT que protegen 2.3.1.5 Propiedades de seguridad de la información que protegen 2.3.1.6 Conclusiones y brecha de investigación 2.3.2 Estado actual de la ciberseguridad en IoT 2.3.2.1 Malware en IoT 2.3.2.2 Dispositivos IoT 2.3.2.3 Conclusiones del estado del arte 2.4 MARCO NORMATIVO Y ESTÁNDARES 2.4.1 Estándar ISO/IEC 25.010:2011 2.4.2 Estándar ISO/IEC 27.001:2013 2.4.3 Estándar ISO/IEC/IEEE 27017:2015 2.4.5 Estándar ISO/IEC/IEEE 42010:2011 2.4.5 Aportes de la normatividad a este trabajo 2.5 MARCO CONTEXTUAL Y ANTECEDENTES 2.5.1 Centro de Excelencia y Apropiación en Internet de las Cosas 2.5.2 Fundación OWASP 2.6 CONSIDERACIONES FINALES DEL CAPÍTULO 3. ASPECTOS METODOLÓGICOS 3.1 TIPO Y ENFOQUE DE INVESTIGACIÓN 3.2 UNIVERSO Y MUESTRA 3.3 TÉCNICAS E INSTRUMENTOS 3.3.1 Técnicas 3.3.2 Instrumentos 3.4 ACTIVIDADES REALIZADAS 3.4.1 Fase 1: Formulación del modelo de gestión de ciberseguridad para aplicaciones IoT 3.4.1.1 Selección de arquitecturas de referencia (AR) de aplicaciones IoT que serán analizadas 3.4.1.2 Identificación de los niveles arquitecturales de una aplicación IoT genérica 3.4.1.3 Análisis de los requisitos de ciberseguridad que debe cumplir una aplicación IoT 3.4.1.4 Construcción del modelo de gestión para la ciberseguridad para aplicaciones IoT 3.4.2 Fase 2: Representación del dominio de la seguridad para IoT 3.4.2.1 Selección de lenguaje y herramientas de modelado 3.4.2.2 Modelamiento del dominio de ciberseguridad para IoT 3.4.3 Fase 3: Validación del framework propuesto 3.4.3.1 Diseño de la técnica de validación del framework 3.4.3.2 Evaluación del framework 3.4.3.3 Plan de mejoramiento del framework 4 MODELO PROPUESTO DE GESTIÓN DE LA CIBERSEGURIDAD EN APLIACIONES IOT 4.1 METODOLOGÍA PARA EL DESARROLLO DE SMITH MODEL 4.2 ARQUITECTURAS DE REFERENCIA PARA IOT 4.2.1 Revisión sistemática de la literatura 4.2.1.1 Planificación 4.2.1.2 Conducción 4.2.1.3 Reporte 4.2.2 Arquitecturas de referencia seleccionadas 4.3 ARQUITECTURA GENÉRICA PROPUESTA PARA APLICACIONES IOT 4.3.1 Capas y componentes identificadas 4.3.1.1 Análisis del modelo de referencia de la ITU-T 4.3.1.2 Análisis de la arquitectura de referencia del IoT Project 4.3.1.3 Análisis de la arquitectura de SmartSantander 4.3.1.4 Análisis de la arquitectura de referencia de WSO2 4.3.2 Componentes y funcionalidades genéricas de aplicaciones IoT 4.3.3 Análisis de funcionalidades 4.3.4 Diseño de arquitectura genérica de IoT 4.3.4.1 Cloud Layer 4.3.4.2 Fog Layer 4.3.4.3 Dew Layer 4.4 REQUISITOS DE SEGURIDAD PARA APLICACIONES IOT 4.4.1 Grupo de requisitos para la confidencialidad de la información 4.4.1.1 Requisitos de seguridad 4.4.1.2 Requisitos de privacidad 4.4.1.3 Requisitos de autenticación y autorización 4.4.2 Grupo de requisitos para la integridad de la información 4.4.3 Grupo de requisitos para la disponibilidad de la información 4.4.4 Grupo de requisitos para el no repudio 4.5 MODELO DE GESTIÓN DE CIBERSEGURIDAD PROPUESTO 4.5.1 SMITH Model 4.5.1.1 Diseño del SMITH Model 4.5.1.2 Descripción del SMITH Model 4.5.2 Guía de buenas prácticas ciberseguridad para el aseguramiento de aplicaciones IoT 4.5.2.1 Buenas prácticas de ciberseguridad para Cloud Layer 4.5.2.2 Buenas prácticas de ciberseguridad para Fog Layer 4.5.2.3 Buenas prácticas de ciberseguridad para Dew Layer 4.5.3 Instrumento de evaluación 5. MODELO CONCEPTUAL DEL DOMINIO DE LA CIBERSEGURIDAD PARA APLICACIONES IOT 5.1 MODELO DEL DOMINIO IOT 5.1.1 Concepto claves del dominio IoT 5.1.1.1 Servicios 5.1.1.2 Entidades 5.1.1.3 Recursos 5.1.1.4 Dispositivos 5.1.1.5 Usuarios 5.1.2 Representación del dominio IoT 5.2 REPRESENTACIÓN DEL DOMINIO DE CIBERSERGURIDAD 5.2.1 Componentes de ciberseguridad para IoT 5.2.2 Modelo del dominio de ciberseguridad para IoT 5.2.2.1 Autenticación (AuthN) 5.2.22 Autorización (AuthZ) 5.2.2.3 Gestión de claves criptográficas (CEM) 5.2.2.4 Gestión de identidad (IDM) 5.2.2.5 Disponibilidad (AVBL) 5.2.2.6 No repudio (NRP) 6. VALIDACIÓN DEL FRAMEWORK PROPUESTO 6.1 CASO DE ESTUDIO 6.1.1 Alcance y limitaciones del caso de uso 6.1.2 Arquitectura conceptual del sistema 6.1.3 Requisitos del sistema 6.1.3.1 Requisitos funcionales 6.1.3.2 Requisitos de calidad 6.1.4 Presentación arquitectural del sistema 6.1.4.1 Vista conceptual 6.1.4.2 Vista funcional 6.1.4.3 Vista de servicios del sistema 6.2 VALIDACIÓN DE LA ARQUITECTURA 6.2.1 Fase 1: Presentación 6.2.1.1 Paso 1: Presentación de ATAM 6.2.1.2 Paso 2: Presentación de los objetivos del negocio 6.2.1.3 Paso 3: Presentación de la arquitectura 6.2.2 Fase 2: Investigación y análisis 6.2.2.1 Paso 4: Identificar las aproximaciones arquitecturales 6.2.2.2 Paso 5: Generar el árbol de utilidad de atributos de calidad 6.2.2.3 Paso 6: Analizar las aproximaciones arquitecturales 6.2.3 Fase 3: Pruebas 6.2.3.1 Paso 7: Lluvia de ideas y priorización de escenarios 6.2.3.2 Paso 8: Analizar las aproximaciones arquitecturales 6.2.4 Fase 4: Presentación de informe 6.3 INTEGRACIÓN DEL FRAMEWORK 7. CONCLUSIONES Y TRABAJO FUTURO 7.1 CONCLUSIONES 7.2 REVISIÓN DE LAS CONTRIBUCIONES REALIZADAS 7.3 TRABAJO FUTURO REFERENCIAS Anexo A – Evaluación de arquitecturas de referencia. Anexo B – Modelo de gestión de la ciberseguridad para aplicaciones IoTMaestríaThe Internet of Things - IoT, is one of the fastest growing technological paradigms in recent years, in which smart objects or things interact with each other and with physical and / or virtual resources through the Internet. Along with this growth, one of the challenges presented by this paradigm resonates, the security of IoT applications. This research work starts from the problem that there are insecure IoT applications due to the lack of guides that guide developers in the implementation of the cybersecurity domain in the design phase and their evaluation. The planned hypothesis is that, through a framework, made up of different types of models, the development team can be guided on how to consider cybersecurity in IoT applications. From this starting point, this work proposes a conceptual cybersecurity framework for IoT applications, called SMITH Framework. This framework is made up of two models: the first, a cybersecurity management model whose purpose is to guide IoT application developers on the cybersecurity considerations that must be taken into account from the design phase of an IoT solution; the second, a conceptual model of the cybersecurity domain in which six security components and their relationship with the IoT domain are presented. To verify the hypothesis raised, a validation of the SMITH Framework based on the ATAM method was carried out, in which an IoT application was designed based on elements of the proposed framework. The results obtained allowed us to know that it is possible to guide the development team in the implementation of cybersecurity in the design phase of an IoT application, confirming the hypothesis raisedModalidad Presencialapplication/pdfspahttp://creativecommons.org/licenses/by-nc-nd/2.5/co/Abierto (Texto Completo)info:eu-repo/semantics/openAccesshttp://purl.org/coar/access_right/c_abf2Atribución-NoComercial-SinDerivadas 2.5 ColombiaFramework conceptual de ciberseguridad para aplicaciones de internet de las cosasConceptual framework of cybersecurity for internet of things applicationsMagíster en TelemáticaBucaramanga (Colombia)UNAB Campus BucaramangaUniversidad Autónoma de Bucaramanga UNABFacultad IngenieríaMaestría en Telemáticainfo:eu-repo/semantics/masterThesisTesishttp://purl.org/redcol/resource_type/TMSystems engineeringConceptual frameworkConceptual modelCybersecurity modelLoT applicationsTelematicsSoftware EngineeringComputer securityInformatic securityComputer networksInformation storage systemsInformation retrieval systemsSecurity measuresResearchAnalysisIngeniería de sistemasTelemáticaIngeniería de softwareSeguridad en computadoresSeguridad informáticaRedes de computadoresSistemas de almacenamiento de informaciónSistemas de recuperación de informaciónMedidas de seguridadInvestigacionesAnálisisFramework conceptualModelo conceptualModelo de ciberseguridadAplicaciones LoTRueda Rueda, Johan Smith (2018). Framework conceptual de ciberseguridad para aplicaciones de internet de las cosas. Bucaramanga (Colombia) : Universidad Autónoma de Bucaramanga UNABAbdmeziem, M. R., Tandjaoui, D., & Romdhani, I. (2016). Architecting the internet of things: state of the art. In Robots and Sensor Clouds (pp. 55–75). Springer.Abrahamsson, P., Salo, O., Ronkainen, J., & Warsta, J. (2017). Agile Software Development Methods: Review and Analysis. CoRR, 478, 107. Retrieved from http://arxiv.org/abs/1709.08439Abreu, D. P., Velasquez, K., Curado, M., & Monteiro, E. (2017). A resilient Internet of Things architecture for smart cities. Annals of Telecommunications, 72(1–2), 19–30.Adams, K. (2015). Non-functional Requirements in Systems Analysis and Design. Springer.Addo, I. D., Ahamed, S. I., Yau, S. S., & Buduru, A. (2014). A reference architecture for improving security and privacy in Internet of Things applications. InM obile Services (MS), 2014 IEEE International Conference on (pp. 108–115).Aldosari, H. M. (2015). A Proposed Security Layer for the Internet of Things Communication Reference Model.P rocedia Computer Science, 65, 95–98.Alhamedi, A. H., Snasel, V., Aldosari, H. M., & Abraham, A. (2014). Internet of things communication reference model. In Computational Aspects of Social Networks (CASoN), 2014 6th International Conference on (pp. 61–66).Andolfi, F., Aquilani, F., Balsamo, S., & Inverardi, P. (2000). Deriving QNM from MSCs for performance evaluation of SA. In ACM Workshop on Software Performance (pp. 220–229).Aquilani, F., Balsamo, S., & Inverardi, P. (2001). Performance analysis at the software architectural design level.P erformance Evaluation, 45(2–3), 147–178.Ashton, K. (2009). That “Internet of Things” Thing. RFID Journal, 1. Retrieved from www.rfidjournal.com/articles/pdf?4986Atamli, A. W., & Martin, A. (2014). Threat-Based Security Analysis for the Internet of Things. In 2014 International Workshop on Secure Internet of Things (pp. 35–43). IEEE. https://doi.org/10.1109/SIoT.2014.10Atzori, L., Iera, A., & Morabito, G. (2010). The internet of things: a survey. Computer Networks, 54, 2787–2805. https://doi.org/10.1007/s10796-014-9492-7Atzori, L., Iera, A., & Morabito, G. (2017). Understanding the Internet of Things: definition, potentials, and societal role of a fast evolving paradigmA. d Hoc Networks, 56, 122–140. https://doi.org/10.1016/j.adhoc.2016.12.004Babar, M. A., & Gorton, I. (2004). Comparison of scenario-based software architecture evaluation methods. In 11th Asia-Pacific Software Engineering Conference, 2004.Balsamo, S., Inverardi, P., & Mangano, C. (1998). An approach to performance evaluation of software architectures. In Proceedings of the 1st international workshop on Software and performance (pp. 178–190).Banda, G., Chaitanya, K., & Mohan, H. (2015). An IoT protocol and framework for OEMs to make IoT-enabled devices forward compatible. In Signal-Image Technology & Internet-Based Systems (SITIS), 2015 11th International Conference on (pp. 824–832).Barker, E. (2016). Recommendation for Key Management Part 1: General. Gaithersburg, MD. https://doi.org/10.6028/NIST.SP.800-57pt1r4Barker, E., Smid, M., Branstad, D., & Chokhani, S. (2013). A Framework for Designing Cryptographic Key Management Systems. Gaithersburg, MD. https://doi.org/10.6028/NIST.SP.800-130Bassi, A., Bauer, M., Fiedler, M., Kramp, T., van Kranenburg, R., Lange, S., & Meissner, S. (Eds.). (2013). Enabling Things to Talk. Berlin, Heidelberg: Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-40403-0Bauer, M., Boussard, M., Bui, N., Carrez, F., Jardak, C., De Loof, J., … Salinas, A. (2013).D eliverable D1.5 – Final architectural reference model for the IoT v3.0.Bauer, M., Boussard, M., Bui, N., De Loof, J., Magerkurth, C., Meissner, S., … Walewski, J. W. (2013). IoT Reference Architecture. In A. Bassi, M. Bauer, M. Fiedler, T. Kramp, R. van Kranenburg, S. Lange, & S. Meissner (Eds.), Enabling Things to Talk: Designing IoT solutions with the IoT Architectural Reference Model (pp. 163–211). Berlin, Heidelberg: Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-40403-0_8Bauer, M., Bui, N., De Loof, J., Magerkurth, C., Nettsträter, A., Stefa, J., & Walewski, J. W. (2013). IoT Reference Model. In Enabling Things to Talk (pp. 113–162). Berlin, Heidelberg: Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-40403-0_7Bayuk, J. L., Healey, J., Rohmeyer, P., Sachs, M. H., Schmidt, J., & Weiss, J. (2012).C yber Security Policy Guidebook. Wiley Publishing.Beltrán G., Ó. A. (2005). Revisiones sistemáticas de la literatura. Revista Colombiana de Gastroenterología, 20(1), 10.Bengtsson, P., & Bosch, J. (1998). Scenario-based software architecture reengineering. In Fifth International Conference on oftware Reuse, 1998 (pp. 308–317). IEEE.Bengtsson, P., & Bosch, J. (1999). Architecture level prediction of software maintenance. In Software Maintenance and Reengineering, 1999. Proceedings of the Third European Conference on (pp. 139–147).Bengtsson, P., Lassing, N., Bosch, J., & van Vliet, H. (2004). Architecture-level modifiability analysis (ALMA). Journal of Systems and Software, 69(1–2), 129–147.Bergner, K., Rausch, A., Sihling, M., & Ternité, T. (2005). DoSAM--domain-specific software architecture comparison model. In Quality of Software Architectures and Software Quality (pp. 4–20). Springer.Bernabe, J. B., Hernández, J. L., Moreno, M. V., & Gomez, A. F. S. (2014). Privacy-preserving security framework for a social-aware internet of things. In International conference on ubiquitous computing and ambient intelligence (pp. 408–415).Biolchini, J., Gomes Mian, P., Cruz Natali, A. C., & Horta Travassos, G. (2005). Systematic Review in Software Engineering. Rio de Jainero.Boehm, B. (n.d.). Evaluating a Software Architecture (pp. 19–42).Boehm, B. W., Brown, J. R., & Kaspar, H. (1978). Characteristics of Software Quality.Bohli, J.-M., Skarmeta, A., Moreno, M. V., García, D., & Langendörfer, P. (2015). SMARTIE project: Secure IoT data management for smart cities. In Recent Advances in Internet of Things (RIoT), 2015 International Conference on (pp. 1–6).Borgia, E. (2014). The internet of things vision: Key features, applications and open issues. Computer Communications, 54, 1–31. https://doi.org/10.1016/j.comcom.2014.09.008Boroojeni, K. G., Amini, M. H., & Iyengar, S. S. (2016). Smart Grids: Security and Privacy Issues. Springer.Boussard, M., Meissner, S., Nettsträter, A., Olivereau, A., Segura, A. S., Thoma, M., & Walewski, J. W. (2013). A Process for Generating Concrete Architectures. In Enabling Things to Talk (pp. 45–111). Springer.Brooks, F. (1987). No Silver Bullet: Essence and Accidents of Software Engineering.I EEE Computer, 20(4), 10–19.Caltum, E., & Segal, O. (2016). Exploitation of IoT devices for Launching Mass-Scale Attack Campaigns.Capgemini. (2018). Cybersecurity talent — The big gap in cyber protectionCaracciolo, A., Lungu, M. F., & Nierstrasz, O. (2014). How Do Software Architects Specify and Validate Quality Requirements? In European Conference on Software Architecture (pp. 374–389). Springer.CASAGRAS Project. (2009). RFID and the Inclusive Model for the Internet of Things.Cavalcante, E., Alves, M. P., Batista, T., Delicato, F. C., & Pires, P. F. (2015). An analysis of reference architectures for the internet of things. In Proceedings of the 1st International Workshop on Exploring Component-based Techniques for Constructing Reference Architectures (pp. 13–16).Cavalcante, E., Pereira, J., Alves, M. P., Maia, P., Moura, R., Batista, T., … Pires, P. F. (2016). On the interplay of Internet of Things and Cloud Computing: A systematic mapping study. Computer Communications, 89–90, 17–33. https://doi.org/10.1016/j.comcom.2016.03.012Chant, I. (2017). The Cybersecurity Talent Shortage Is Here, and It’s a Big Threat to Companies. Retrieved January 10, 2018, from http://theinstitute.ieee.org/ieeeroundup/ blogs/blog/the-cybersecurity-talent-shortage-is-here-and-its-a-big-threat-to-companiesChen, Q., Abdelwahed, S., & Erradi, A. (2014). A model-based validated autonomic approach to self-protect computing systems. IEEE Internet of Things Journal, 1(5), 446– 460.Cheung, R. C. (1980). A user-oriented software reliability model. IEEE Transactions on Software Engineering, (2), 118–125.Chung, L., & do Prado Leite, J. C. S. (2009). On Non-Functional Requirements in Software Engineering. In Conceptual Modeling: Foundations and Applications (pp. 363–379). Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-02463-4_19Chung, L., Nixon, B. A., Yu, E., & Mylopoulos, J. (2012). Non-functional Requirements in Software Engineering. Springer Science & Business Media.Cimpanu, C. (2016). Problems Reappear for IoT Device Owners with Discovery of New DDoS Trojan.Cirani, S., Ferrari, G., & Veltri, L. (2013). Enforcing Security Mechanisms in the IP-Based Internet of Things: An Algorithmic Overview. Algorithms, 6(2), 197–226. https://doi.org/10.3390/a6020197Cisco. (2015). Mitigating the Cybersecurity Skills Shortage: Top Insights and Actions from Cisco Security Advisory ServicesCisco. (2016a). Internet of Things at a GlanceCisco. (2016b). The Internet of Things. It’s not about things. It’s about service. Retrieved from https://www.jasper.com/sites/default/files/pdf/IoT_Infographic.pdf%7DCisco. (2017). Cisco 2017 Annual Cybersecurity Report.CISCO. The Internet of Things Reference Model (2014). Retrieved from http://cdn.iotwf.com/resources/71/IoT_Reference_Model_White_Paper_June_4_2014.pdfClements, P., Garlan, D., Little, R., Nord, R., & Stafford, J. (2003). Documenting software architectures: views and beyond. InP roceedings of the 25th International Conference on Software Engineering (pp. 740--741). ACM. Retrieved from http://delivery.acm.org/10.1145/780000/776928/p740-clements.pdf? ip=200.69.124.106&id=776928&acc=ACTIVE SERVICE&key=4D9619BEF5D5941F.D0AFA4C1BA803950.4D4702B0C3E38B35.4D4702B0C3E38B35&__acm__=1520370891_ece2c328b7de31eaf77e2c65c0fa3758CNSS. (2010). National Information Assurance (IA) Glossary. Committee on National Security Systems.Cobb, S. (2016a). Cybersecurity skills gap: It’s big and it’s bad for security. Retrieved from https://www.welivesecurity.com/2016/12/16/cybersecurity-skills-gap-big-and-bad/Cobb, S. (2016b). Jackware: When connected cars meet ransomware.Cobb, S. (2017). RoT: Ransomware of Things.Colciencias. (2016). Tipología de proyectos calificados como de carácter cientifíco, tecnológico e innovación (Vol. 4). https://doi.org/10.1007/s13398-014-0173-7.2Condry, M. W., & Nelson, C. B. (2016). Using Smart Edge IoT Devices for Safer, Rapid Response With Industry IoT Control Operations. Proceedings of the IEEE, 104(5), 938–946.Cortellessa, V., & Mirandola, R. (2000). Deriving a queueing network based performance model from UML diagrams. In Proceedings of the 2nd international workshop on Software and performance (pp. 58–70).Currie, R. (2016). Developments in Car Hacking. SANS Institute InfoSec Reading Room, 1–34.CyberX. (2016). Radiation IoT Cyber Security Campaign.Da Xu, L., He, W., & Li, S. (2014). Internet of things in industries: A survey. IEEE Transactions on Industrial Informatics, 10(4), 2233–2243.Dalipi, F., & Yayilgan, S. Y. (2016). Security and Privacy Considerations for IoT Application on Smart Grids: Survey and Research Challenges. In 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW) (pp. 63–68). IEEE. https://doi.org/10.1109/W-FiCloud.2016.28Davis, A. M. (1993). Software Requirements: Objects, Functions and States. Prentice-Hall, Inc.De, S., Carrez, F., Reetz, E., Tönjes, R., & Wang, W. (2013). Test-Enabled Architecture for IoT Service Creation and Provisioning. In The Future Internet Assembly (pp. 233–245). https://doi.org/10.1007/978-3-642-38082-2_20Deloitte. (2018). The cybersecurity talent shortage: An emerging challenge for consumer products companiesDobre, C., Mavromoustakis, C. X., Garcia, N., Ivanova Goleva, R., & Mastorakis, G. (Eds.).( 2017). Glossary. In Ambient Assisted Living and Enhanced Living Environments (pp. xliii–xliv). Elsevier. https://doi.org/10.1016/B978-0-12-805195-5.00028-4Dykstra, J. (2015). Essential Cybersecurity Science: Build, Test, and Evaluate Secure Systems (First Edit). O’Reilly Media.Edwards, S., & Profetis, I. (2016). Hajime: Analysis of a decentralized internet worm for IoT devices.Elmaghraby, A. S., & Losavio, M. M. (2014). Cyber security challenges in Smart Cities: Safety, security and privacy. Journal of Advanced Research, 5(4), 491–497. https://doi.org/10.1016/j.jare.2014.02.006Emm, D., Unuchek, R., & Kruglov, K. (2016). Kaspersky Security Bulletin 2016. Review of the Year.Essery, Michael. (2016). Today 65% of Enterprises Already Using Internet of Things; Business Value found in Optimizing Operations and Reducing Risk.Fernandes, J., Nati, M., Loumis, N. S., Nikoletseas, S., Raptis, T. P., Krco, S., … Ziegler, S. (2015). IoT Lab: Towards co-design and IoT solution testing using the crowd. In Recent Advances in Internet of Things (RIoT), 2015 International Conference on (pp. 1–6).Finkle, J. (2016). J&J warns diabetic patients: Insulin pump vulnerable to hacking. Reuters.Fiutem, R., & Antoniol, G. (1998). Identifying design-code inconsistencies in object-oriented software: A case study. InS oftware Maintenance, 1998. Proceedings., International Conference on (pp. 94–102).Folmer, E., Van Gurp, J., & Bosch, J. (2004). Software architecture analysis of usability. In International Workshop on Design, Specification, and Verification of Interactive Systems (pp. 38–58).ForeScout Technologies. (2016). IoT Enterprise Risk Report.Formisano, C., Pavia, D., Gurgen, L., Yonezawa, T., Galache, J. A., Doguchi, K., & Matranga, I. (2015). The advantages of IoT and cloud applied to smart cities. In Future Internet of Things and Cloud (FiCloud), 2015 3rd International Conference on (pp. 325–332).Forrester. (2017). Predictions 2018: IoT Moves From Experimentation To Business Scale.Fowler, K. (2016). Cybersecurity. In Enterprise Risk Management (pp. 91–108). Elsevier. https://doi.org/10.1016/B978-0-12-800633-7.00007-9Fox-Brewster, T. (2016). How Hacked Cameras Are Helping Launch The Biggest Attacks The Internet Has Ever Seen.F orbes.Fundación Telefónica. (2016). Ciberseguridad, la protección de la información en un mundo digital. Fundación Telefónica, Editorial Ariel S.A.Gartner Inc. (2015). Gartner Says 6.4 Billion Connected “Things” Will Be in Use in 2016, Up 30 Percent From 2015.Gartner Inc. (2016a). Gartner’s 2016 Hype Cycle for Emerging Technologies Identifies Three Key Trends That Organizations Must Track to Gain Competitive Advantage. Retrieved from www.gartner.com/newsroom/id/3412017Gartner Inc. (2016b). Gartner Says By 2020, More Than Half of Major New Business Processes and Systems Will Incorporate Some Element of the Internet of Things.Gartner Inc. (2016c). Gartner Says Worldwide IoT Security Spending to Reach $348 Million in 2016.Gartner Inc. (2016d). Top 10 Strategic Technology Trends for 2017.Ge, M., & Kim, D. S. (2015). A framework for modeling and assessing security of the internet of things. InP arallel and Distributed Systems (ICPADS), 2015 IEEE 21st International Conference on (pp. 776–781).Gibbs, S. (2015). Hackers can hijack Wi-Fi Hello Barbie to spy on your children. The Guardian.Gilchrist, A. (2016). IIoT Reference Architecture. In Industry 4.0 (pp. 65–86). Springer.Gluhak, A., Hauswirth, M., Krco, S., Stojanovic, N., Bauer, M., Nielsen, R. H., … Corcho, O. (2011). An Architectural Blueprint for a Real-World Internet. InF uture Internet Assembly (pp. 67–80).Gluhak, A., Munoz, L., Sotres, P., Sanchez, L., Roux, P., Sanchez, B., … Hernandez, A. L. (2013). Third Cycle Architecture Specification.Gokhale, S. S., & Trivedi, K. S. (2002). Reliability prediction and sensitivity analysis based on software architecture. InS oftware Reliability Engineering, 2002. ISSRE 2003. Proceedings. 13th International Symposium on (pp. 64-75).Gómez Vargas, M., Galeano Higuita, C., & Jaramillo Muñoz, D. A. (2015). El estado del arte: una metodología de investigación.R evista Colombiana de Ciencias Sociales, 6(2), 423–442.Grant, M. J., & Booth, A. (2009). A typology of reviews: an analysis of 14 review types and associated methodologies.H ealth Information & Libraries Journal, 26(2), 91–108. https://doi.org/10.1111/j.1471-1842.2009.00848.xGreen, P. E. J. (2016). Introduction to Risk Management Principles. In Enterprise Risk Management (pp. 1–13). Elsevier. https://doi.org/10.1016/B978-0-12-800633- 7.00001-8Gubbi, J., Buyya, R., Marusic, S., & Palaniswami, M. (2013). Internet of Things (IoT): A vision, architectural elements, and future directions.F uture Generation Computer Systems, 29(7), 1645–1660.Guo, B., Zhang, D., Wang, Z., Yu, Z., & Zhou, X. (2013). Opportunistic IoT: Exploring the harmonious interaction between human and the internet of things. Journal of Network and Computer Applications, 36(6), 1531–1539.Hayashi, K. (2014). IoT Worm Used to Mine Cryptocurrency.Heer, T., Garcia-Morchon, O., Hummen, R., Keoh, S. L., Kumar, S. S., & Wehrle, K. (2011). Security Challenges in the IP-based Internet of Things.W ireless Personal Communications, 61(3), 527–542. https://doi.org/10.1007/s11277-011-0385-5Hellaoui, H., Bouabdallah, A., & Koudil, M. (2016). TAS-IoT: Trust-Based Adaptive Security in the IoT. In Local Computer Networks (LCN), 2016 IEEE 41st Conference on (pp. 599–602).Herjavec Group. (2017). 2017 Cybersecurity Jobs Report.Hernandez-Ramos, J. L., Pawlowski, M. P., Jara, A. J., Skarmeta, A. F., & Ladid, L. (2015). Toward a lightweight authentication and authorization framework for smart objects. IEEE Journal on Selected Areas in Communications, 33(4), 690–702.Hernandez Sampieri, R., Fernández Collado, C., & Baptista Lucio, M. del P. (2010). Metodología de la investigación (Quinta edi). McGraw-Hill, Inc.Hewlett Packard Enterprise. (2015). Internet Of things research study.Hioureas, V. (2015, May). Does CCTV put the public at risk of cyberattack? Kaspersky Labs.Höller, J., Tsiatsis, V., Mulligan, C., Karnouskos, S., Avesand, S., & Boyle, D. (2014a). Architecture Reference Model. In From Machine-To-Machine to the Internet of Things (pp. 167–197). Elsevier. https://doi.org/10.1016/B978-0-12-407684-6.00007-3Höller, J., Tsiatsis, V., Mulligan, C., Karnouskos, S., Avesand, S., & Boyle, D. (2014b). IoT Architecture – State of the Art. In From Machine-To-Machine to the Internet of Things (pp. 145–165). Elsevier. https://doi.org/10.1016/B978-0-12-407684-6.00006-1Höller, J., Tsiatsis, V., Mulligan, C., Karnouskos, S., Avesand, S., & Boyle, D. (2014c). IoT Reference Architecture. In From Machine-To-Machine to the Internet of Things (pp. 199–223). Elsevier. https://doi.org/10.1016/B978-0-12-407684-6.00008-5Hopkin, P. (2017). Fundamentals of Risk Management: Understanding, evaluating and implementing effective risk managementHuang, X., Craig, P., Lin, H., & Yan, Z. (2015). SecIoT: a security framework for the Internet of Things. Security and Communication Networks, 9, 3083–3095. https://doi.org/10.1002/sec.1259Hussein, N. H., & Khalid, A. (2016). A survey of Cloud Computing Security challenges and solutions.I nternational Journal of Computer Science and Information Security, 14(1), 52.Hwang, H., & Park, Y. B. (2017). Safety - Critical Software Quality Improvement Using Requirement Analysis. In2 017 International Conference on Platform Technology and Service (PlatCon) (pp. 1–4). IEEE. https://doi.org/10.1109/PlatCon.2017.7883725IEEE. (1990). IEEE Standard Glossary of Software Engineering Terminology.IEEE Computer Society. (2014). Guide to the Software Engineering - Body of Knowledge. (P. Bourque & R. E. Fairley, Eds.), IEEE Computer Society (V3 ed.). https://doi.org/10.1234/12345678Intel. (2016). A Guide to the Internet of Things. How billion of online objects are making the web wiser.Intel Security, & CSIS. (2016). Hacking the Skills Shortage: A study of the international shortage in cybersecurity skillsInternet of Things Guide. (2016). Glossary Term.Ionita, M. T., Hammer, D., & Obbink, H. (2002). Scenario-Based Software Architecture Evaluation Methods: An Overview.T echnical University, 1–10.Iorga, M., Feldman, L., Barton, R., Martin, M. J., Goren, N., & Mahmoudi, C. (2017). The NIST Definition of Fog Computing.IoT-A Project. (2016). Requirements — IOT-A: Internet of Things Architecture. Retrieved from http://www.iot-a.eu/public/requirements/copy_of_requirementsISACA. (2013). A simple definition of cybersecurity.ISACA. (2016a). 2016 Cybersecurity Skills Gap. Retrieved from https://isaca.org.ar/2016/12/07/cybersecurity-skills-gap/ISACA. (2016b). Cybersecurity Fundamentals GlossaryISACA. (2018). State of Cybersecurity Study: Security Budgets Increasing, But Qualified Cybertalent Remains Hard to Find. Retrieved May 31, 2018, from http://www.isaca.org/About-ISACA/Press-room/News-Releases/2018/Pages/State-of-Cybersecurity-Study-Security-Budgets-Increasing-But-Qualified-Cybertalent- Remains-Hard-to-Find.aspxISO/IEC/IEEE. (2010). ISO/IEC/IEEE 24765:2010 Systems and software engineering - Vocabulary.ISO/IEC/IEEE. (2011). ISO/IEC/IEEE 42010:2011, Systems and software engineering — Architecture description.ISO/IEC. (2012). ISO/IEC 27032:2012, Information technology -- Security techniques -- Guidelines for cybersecurity. Retrieved from https://www.iso.org/standard/44375.htmlISO/IEC. (2013). ISO/IEC 27001:2013, Information technology -- Security techniques -- Information security management systems -- Requirements.ISO/IEC. (2015). ISO/IEC/IEEE 27017:2015, Information technology -- Security techniques -- Code of practice for information security controls based on ISO/IEC 27002 for cloud services.ITU-T. (2012). Overview of the Internet of things. Series Y: Global information infrastructure, internet protocol aspects and next-generation networks - Frameworks and functional architecture models.ITU-T. (2014a). F.748.0: Common requirements for Internet of things (IoT) applications.ITU-T. (2014b). Y.2066: Common requirements of the Internet of things.Jiménez, J. A., Russo, M., Krco, S., Bezanilla, R., Munoz, L., Galache, J. A., …K outsoubelias, M. (2012). Second Cycle Architecture Specification.Jóźwiak, L. (2017a). Advanced mobile and wearable systems. Microprocessors and Microsystems, 50, 202–221. https://doi.org/10.1016/j.micpro.2017.03.008Jóźwiak, L. (2017b). Advanced mobile and wearable systems. Microprocessors and Microsystems, 50, 202–221. https://doi.org/10.1016/j.micpro.2017.03.008Kaspersky Lab. (2016). Kaspersky Security Bulletin 2016.Kaspersky Labs. (2015a). Damage Control: The Cost of Security Breaches. It Security Risk Special Report Series.Kaspersky Labs. (2015b). Global IT Security Risks Survey.Kazman, R., Bass, L., Abowd, G., & Webb, M. (1994). SAAM: A method for analyzing the properties of software architectures. InS oftware Engineering, 1994. Proceedings. ICSE-16., 16th International Conference on (pp. 81–90).Kazman, R., Klein, M., Barbacci, M., Longstaff, T., Lipson, H., & Carriere, J. (1998).T he Architecture Tradeoff Analysis Method.Kim, D., & Solomon, M. G. (2016). Fundamentals of Information Systems Security. Jones & Bartlett Learning. Retrieved from https://books.google.com.co/books? id=Yb4eDQAAQBAJKitchenham, B., & Charters, S. (2007). Guidelines for performing systematic literature reviews in software engineering version 2.3.Kotonya, G., & Sommerville, I. (1998). Requirements Engineering: Processes and Techniques (1st ed.). Wiley Publishing.Krco, S., Pokric, B., & Carrez, F. (2014). Designing IoT architecture (s): A European perspective. InI nternet of Things (WF-IoT), 2014 IEEE World Forum on (pp. 79–84).Krishnamurthy, S., & Mathur, A. P. (1997). On the estimation of reliability of a software system using reliabilities of its components. InS oftware Reliability Engineering, 1997. Proceedings., The Eighth International Symposium on (pp. 146–155).Kubat, P. (1989). Assessing reliability of modular software. Operations Research Letters, 8(1), 35–41.Laprie, J.-C. (1984). Dependability evaluation of software systems in operation. IEEE Transactions on Software Engineering, (6), 701–714.Lassing, N. H., Rijsenbrij, D. B. B., & van Vliet, H. (1999). On software architecture analysis of flexibility, complexity of changes: Size isn’t everything.Lee, C., Zappaterra, L., Kwanghee Choi, & Hyeong-Ah Choi. (2014). Securing smart home: Technologies, security challenges, and security requirements. In2 014 IEEE Conference on Communications and Network Security (pp. 67–72). IEEE. https://doi.org/10.1109/CNS.2014.6997467Lee, G. M., Crespi, N., Choi, J. K., & Boussard, M. (2013). Internet of things. InE volution of Telecommunication Services (pp. 257–282). Springer.Lee, I., & Lee, K. (2015). The Internet of Things (IoT): Applications, investments, and challenges for enterprises.B usiness Horizons, 58(4), 431–440.Lee, S., & Kim, S. (2013). Hacking, surveilling, and deceiving victims on Smart TV. Black Hat.Leyden, J. (2016). One Ring to pwn them all: IoT doorbell can reveal your Wi-Fi key. The Register.Li, S., Xu, L. Da, & Zhao, S. (2015). The internet of things: a survey. Information Systems Frontiers, 17(2), 243–259. https://doi.org/10.1007/s10796-014-9492-7Lindvall, M., Tvedt, R. T., & Costa, P. (2003). An empirically-based process for software architecture evaluation. Empirical Software Engineering, 8(1), 83–108.Liu, L., Yin, L., Guo, Y., & Fang, B. (2014). EAC: a framework of authentication property for the IoTs. In Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2014 International Conference on (pp. 102–105).Lize, G., Jingpei, W., & Bin, S. (2014). Trust management mechanism for Internet of Things.C hina Communications, 11(2), 148–156.Lloyd’s. (2017). Counting the cost Cyber exposure decoded.Lloyd, W., & Connie, S. (2002). PASA: A Method for the Performance Assessment of Software Architectures. In Proceedings of the Third International Workshop on Software and Performance (WOSP’2002), July (pp. 24–26).Loucopoulus, P., & Karakostas, V. (1995). System Requirements Engineering. McGraw-Hill, Inc.Ma, M., Wang, P., & Chu, C.-H. (2013). Data management for internet of things: challenges, approaches and opportunities. In Green Computing and Communications (GreenCom), 2013 IEEE and Internet of Things (iThings/CPSCom), IEEE International Conference on and IEEE Cyber, Physical and Social Computing (pp. 1144– 1151).Mahalank, S. N., Malagund, K. B., & Banakar, R. M. (2016). Non Functional Requirement Analysis in IoT based smart traffic management system. In 2016 International Conference on Computing Communication Control and automation (ICCUBEA) (pp. 1–6). IEEE. https://doi.org/10.1109/ICCUBEA.2016.7860147Mahalle, P. N., Anggorojati, B., Prasad, N. R., & Prasad, R. (2013). Identity authentication and capability based access control (iacac) for the internet of things.J ournal of Cyber Security and Mobility, 1(4), 309--348.Malware Must Die. (2016). MMD-0058-2016 - Linux/NyaDrop - a linux MIPS IoT bad news.Manrique, J. A., Rueda-Rueda, J. S., & Portocarrero, J. M. T. (2016). Contrasting Internet of Things and Wireless Sensor Network from a Conceptual Overview. In 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData) (pp. 252–257). IEEE. https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData.2016.66Maxwell, J. A. (2005). Conceptual framework: What do you think is going on. Qualitative Research Design: An Interactive Approach, 41, 33–63.Mead, N. R., & Stehney, T. (2005). Security quality requirements engineering (SQUARE) methodology. ACM SIGSOFT Software Engineering Notes, 30(4), 1. https://doi.org/10.1145/1082983.1083214Mell, P., & Grance, T. (2011). The NIST Definition of Cloud Computing.Microsoft Colombia. (2016). Principales tendencias de seguridad en IoT.Miles, M. B., & Huberman, A. M. (1994). Qualitative data analysis: An expanded sourcebook. sage.Miller, C., & Valasek, C. (2015). Remote Exploitation of an Unaltered Passenger Vehicle.Miorandi, D., Sicari, S., De Pellegrini, F., & Chlamtac, I. (2012). Internet of things: Vision, applications and research challenges. Ad Hoc Networks, 10(7), 1497–1516.Miranda, J., Mäkitalo, N., Garcia-Alonso, J., Berrocal, J., Mikkonen, T., Canal, C., & Murillo, J. M. (2015).F rom the Internet of Things to the Internet of People.I EEE Internet Computing, 19(2), 40–47.Moher, D., Liberati, A., Tetzlaff, J., & Altman, D. G. (2009). Preferred Reporting Items for Systematic Reviews and Meta-Analyses: The PRISMA Statement. PLoS Medicine, 6(7), e1000097. https://doi.org/10.1371/journal.pmed.1000097Molter, G. (1999). Integrating SAAM in domain-centric and reuse-based development processes. In Proceedings of the 2nd Nordic Workshop on Software Architecture, Ronneby (pp. 1–10).Monteiro, C., Oliveira, M., Bastos, J., Ramrekha, T., & Rodriguez, J. (2014). Social Networks and Internet of Things, an Overview of the SITAC Project. In International Wireless Internet Conference (pp. 191–196).Moore, B. J. (1994). Achieving software quality through requirements analysis. InP roceedings of 1994 IEEE International Engineering Management Conference - IEMC ’94 (pp. 78–83). IEEE. https://doi.org/10.1109/IEMC.1994.379948Morán Delgado, G., & Alvarado Cervantes, D. G. (2010). Métodos de investigación (Primera ed). Pearson Education.Mossburg, E., Gelinne, J., & Calzada, H. (2016). Beneath the surface of a cyberattack: A deeper look at business impacts.Mostow, J. (1985). Towards Better Models of the Design Process. AI Magazine, 6(1), 44–57.Mozzaquatro, B. A., Jardim-Goncalves, R., Melo, R., & Agostinho, C. (2016). The application of security adaptive framework for sensor in industrial systems. InS ensors Applications Symposium (SAS), 2016 IEEE (pp. 1–6).Muñoz, L., Sanchez, L., Galache, J. A., Gutierrez, V., Garcia, R., Poyato, P., … Ramdhany, R. (2011).F irst Cycle Architecture Specification.Murphy, G. C., Notkin, D., & Sullivan, K. (1995). Software reflexion models: Bridging the gap between source and high-level models.A CM SIGSOFT Software Engineering Notes, 20(4), 18–28.Nakagawa, E. Y., Oquendo, F., & Becker, M. (2012). RAModel: A Reference Model for Reference Architectures. In Software Architecture (WICSA) and European Conference on Software Architecture (ECSA), 2012 Joint Working IEEE/IFIP Conference on (pp. 297–301). IEEE. https://doi.org/10.1109/WICSA-ECSA.212.49Namal, S., Gamaarachchi, H., MyoungLee, G., & Um, T.-W. (2015). Autonomic trust management in cloud-based and highly dynamic IoT applications. In ITU Kaleidoscope: Trust in the Information Society (K-2015), 2015 (pp. 1–8).Naur, P., & Randell, B. (1969). Software Engineering: Report of a conference sponsored by the NATO Science Committee, Garmisch, Germany, 7-11 Oct. 1968, Brussels, Scientific Affairs Division, NATO.Neisse, R., Fovino, I. N., Baldini, G., Stavroulaki, V., Vlacheas, P., & Giaffreda, R. (2014). A model-based security toolkit for the internet of things. InA vailability, Reliability and Security (ARES), 2014 Ninth International Conference on (pp. 78–87).Nia, A. M., & Jha, N. K. (2016). A comprehensive study of security of internet-of-things. IEEE Transactions on Emerging Topics in Computing.NIST. (2011). ISO/IEC 25010:2011 - Systems and software engineering -- Systems and software Quality Requirements and Evaluation (SQuaRE) -- System and software quality models.NIST. (2013). Glossary of Key Information Security Terms.NowSecure. (2016). 2016 NowSecure Mobile Security Report.Object Management Group. (2005). Introducction to OMG’s Unified Modeling Language. Retrieved from http://www.uml.org/what-is-uml.htmObject Management Group. (2017). About the Unified Modeling Language Specification Versión 2.5.1. Retrieved from https://www.omg.org/spec/UML/About-UML/Oficina Nacional de Seguridad. (2016). Normas de la Autoridad Nacional para la Protección de la Información Clasificada. Retrieved from http://www.buenjuicio.com/wpcontent/ uploads/2015/07/Normas_de_la_Autoridad_Nacional_para_la_Proteccion_de_la_Informacion_Clasificada.pdfOltski, J. (2017). The Life and Times of Cybersecurity Professionals.OWASP. (2016a). IoT Framework Assessment. Retrieved November 29, 2017, from https://www.owasp.org/index.php/IoT_Framework_AssessmentOWASP. (2016b). Principles of IoT Security. Retrieved November 4, 2017, from https://www.owasp.org/index.php/Principles_of_IoT_SecurityOWASP. (2017a). About The Open Web Application Security Project. Retrieved from www.owasp.org/index.php/About_The_Open_Web_Application_Security_ProjectOWASP. (2017b). OWASP Internet of Things (IoT) Project.OWASP. (2017c). Password Storage Cheat Sheet. Retrieved November 29, 2017, from https://www.owasp.org/index.php/Password_Storage_Cheat_SheetOwens, D. (2005). Documenting Software Architectures: Views and Beyond. Technical Communication, 52(1), 75–77.Pacheco, J., & Hariri, S. (2016). IoT Security Framework for Smart Cyber Infrastructures. In Foundations and Applications of Self* Systems, IEEE International Workshops on (pp. 242–247).Pacheco, J., Satam, S., Hariri, S., Grijalva, C., & Berkenbrock, H. (2016). IoT Security Development Framework for building trustworthy Smart car services. In Intelligence and Security Informatics (ISI), 2016 IEEE Conference on (pp. 237–242).Pastrana, S., Rodriguez-Canseco, J., & Calleja, A. (n.d.). ArduWorm: A Functional Malware Targeting Arduino Devices.Patel, P., & Cassou, D. (2015). Enabling high-level application development for the internet of things. Journal of Systems and Software, 103, 62–84.Patiño, R. G. (2016). El estado del arte en la investigación: ¿Análisis de los conocimientos acumulados o indagación por nuevos sentidos?R evista Folios, 2(44).Pawar, M. V, & Anuradha, J. (2015). Network Security and Types of Attacks in Network. Procedia Computer Science, 48, 503–506.Picco, G. Pietro. (2010). Software engineering and wireless sensor networks. In Proceedings of the FSE/SDP workshop on Future of software engineering research - FoSER ’10 (p. 283). New York, New York, USA: ACM Press. https://doi.org/10.1145/1882362.1882421Pohl, K. (2010). Requirements Engineering: Fundamentals, Principles, and Techniques (1st Editio). Springer Publishing Company.Pressman, R. S. (2010). Ingeniería del Software: un enfoque práctico (Séptima ed). The McGraw-Hill.Radomirovic, S. (2010). Towards a Model for Security and Privacy in the Internet of Things. InP roc. First Int’l Workshop on Security of the Internet of Things (p. 6).Ratkowski, A. (2016). Architecture for Internet of Things Analytical Ecosystem. InD ependability Engineering and Complex Systems (pp. 385–393). Springer.Refsdal, A., Solhaug, B., & Stølen, K. (2015). Cyber-Risk Management. Cham: Springer International Publishing. https://doi.org/10.1007/978-3-319-23570-7Riazul Islam, S. M., Daehan Kwak, Humaun Kabir, M., Hossain, M., & Kyung-Sup Kwak. (2015). The Internet of Things for Health Care: A Comprehensive Survey. IEEE Access, 3, 678–708. https://doi.org/10.1109/ACCESS.2015.2437951Robles, T., Alcarria, R., de Andrés, D. M., Navarro, M., Calero, R., Iglesias, S., & López, M. (2015). An IoT based reference architecture for smart water management processes. JoWUA, 6(1), 4–23.Roman, G.-C. (1985). A taxonomy of current issues in requirements engineering.I EEE Computer, 18(4), 14–23.Ross, E. (2016). Baby monitors “hacked”: Parents warned to be vigilant after voices heard coming from speakers. Independent.Roy, B., & Graham, N. (2008). Methods for Evaluating Software Architecture: A Survey. Ontario, Canada.Rozanski, N., & Woods, E. (2005). Applying Viewpoints and Views to Software Architecture.RSA. (2016). 2016: Current State of Cybercrime.Rueda R., J. S., & TalaveraP., J. M. (2017). Similitudes y diferencias entre Redes de Sensores Inalámbricas e Internet de las Cosas: Hacia una postura clarificadora Similarities and differences between Wireless Sensor Networks and the Internet of Things: Towards a clarifying position. Revista Colombiana de Computación, 18(2), 58–74. https://doi.org/10.29375/25392115.3218Ruparelia, N. B. (2010). Software development lifecycle models. ACM SIGSOFT Software Engineering Notes, 35(3), 8–13. https://doi.org/10.1145/1764810.1764814Sadeghi, A.-R., Wachsmann, C., & Waidner, M. (2015). Security and privacy challenges in industrial internet of things. InP roceedings of the 52nd Annual Design Automation Conference on - DAC ’15 (pp. 1–6). New York, New York, USA: ACM Press. https://doi.org/10.1145/2744769.2747942Sanchez, L., Muñoz, L., Galache, J. A., Sotres, P., Santana, J. R., Gutierrez, V., … others. (2014). SmartSantander: IoT experimentation over a smart city testbed. Computer Networks, 61, 217–238.Sanchez, S., Angel Sicilia, M., & Rodriguez, D. (2012). Ingeniería del Sofware. Un enfoque desde la guía SWEBOK. Alfaomega.Schauer, P., & Debita, G. (2015). Internet of Things Service Systems Architecture.Schrott, U. (2017). Austrian hotel experiences ‘ransomware of things attack.’Sefika, M., Sane, A., & Campbell, R. H. (1996). Monitoring compliance of a software system with its high-level design models. InP roceedings of the 18th international conference on Software engineering (pp. 387–396).Seo, S., Kim, J., Yun, S., Huh, J., & Maeng, S. (2015). HePA: Hexagonal Platform Architecture for Smart Home Things. In Parallel and Distributed Systems (ICPADS), 2015 IEEE 21st International Conference on (pp. 181–189).Serbanati, A., Salinas Segura, A., Olivereau, A., Ben Saied, Y., Gruschka, N., Gessner, D., & Gomez-Marmol, F. (2012). Project Deliverable D4.2 - Concepts and Solutions for Privacy and Security in the Resolution Infrastructure.Serna, J., Morales, R., Medina, M., & Luna, J. (2014). Trustworthy communications in Vehicular Ad Hoc NETworks. In Internet of Things (WF-IoT), 2014 IEEE World Forum on (pp. 247–252).Shaw, M. (1989). Larger Scale Systems Require Higher-Level Abstractions. ACM Sigsoft Software Engineering Notes, 14(3), 143–146.Shen, S., & Carugi, M. (2014). Standardizing the Internet of Things in an evolutionary way. In ITU Kaleidoscope Academic Conference: Living in a converged world- Impossible without standards?, Proceedings of the 2014 (pp. 249–254).Shirey, R. (2007). Internet Security Glossary, Version 2.Shooman, M. L. (1976). Structural models for software reliability prediction. In Proceedings of the 2nd international conference on Software engineering (pp. 268–280).Shrouf, F., Ordieres, J., & Miragliotta, G. (2014). Smart factories in Industry 4.0: A review of the concept and of energy management approached in production based on the Internet of Things paradigm. In Industrial Engineering and Engineering Management (IEEM), 2014 IEEE International Conference on (pp. 697–701).Sicari, S., Rizzardi, A., Grieco, L. A., & Coen-Porisini, A. (2015). Security, privacy and trust in Internet of Things: The road ahead. Computer Networks, 76, 146–164.Singh, M., & Bhandari, P. (2016). Building a framework for network security situation awareness. In Computing for Sustainable Global Development (INDIACom), 2016 3rd International Conference on (pp. 2578–2583).Singh, S., & Singh, N. (2015). Internet of Things (IoT): Security challenges, business opportunities & reference architecture for E-commerce. In Green Computing and Internet of Things (ICGCIoT), 2015 International Conference on (pp. 1577–1581).Skala, K., Davidovic, D., Afgan, E., Sovic, I., & Sojat, Z. (2015). Scalable Distributed Computing Hierarchy: Cloud, Fog and Dew Computing.O pen Journal of Cloud Computing (OJCC), 2(1), 16–24.Smartex. (2016). Glossary of terms and expressions used in connection with The Internet of Things with a final section of related ‘Standards.’ Retrieved from http://www.smartex.com/wp-content/uploads/2016/04/Internet-of-Things-Glossary-of-Terms-V8-draft.pdfSmith, C. U. (1990). Performance engineering of software systems. Addison-Wesley Longman Publishing Co., Inc.Software Engineering Institute. (2016). Software Engineering Institute Glossary.Sommerville, I. (2011). Ingeniería del Software. PEARSON.Sommerville, I., & Sawyer, P. (1997). Requirements Engineering: A Good Practice Guide. John Wiley & Sons, Inc.Souza, R., & Cardozo, E. (2016). A Resource-Oriented Architecture for the Internet of Things (IoT). InC onnectivity Frameworks for Smart Devices (pp. 99–116). Springer.Statista. (2018). Number of Internet of Things (IoT) devices connected worldwide in 2017 and 2018, by type (in millions).Stoermer, C., Bachmann, F., & Verhoef, C. (2003). SACAM: The software architecture comparison analysis method.Stojmenovic, I., Wen, S., Huang, X., & Luan, H. (2015). An overview of Fog computing and its security issues. Concurrency and Computation: Practice and Experience.Stoneburner, G., Goguen, A. Y., & Feringa, A. (2002). SP 800-30. risk management guide for information technology systems.Stravoskoufos, K., Sotiriadis, S., & Petrakis, E. (2016). IoT-A and FIWARE: bridging the barriers between the cloud and IoT systems design and implementation. In Proc. 6th Int’l Conf. Cloud Computing and Services Science (pp. 146–153).Subramani, K. S., Antonopoulos, A., Nosratinia, A., & Makris, Y. (2016). Hardware-Induced Security & Privacy Vulnerabilities in the Internet of Things.Supriya, S., & Padaki, S. (2016). Data Security and Privacy Challenges in Adopting Solutions for IOT. In 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData) (pp. 410–415). IEEE. https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData.2016.97Tahir, R., Tahir, H., McDonald-Maier, K., & Fernando, A. (2016). A novel ICMetric based framework for securing the Internet of Things. In Consumer Electronics (ICCE), 2016 IEEE International Conference on (pp. 469–470).Talavera Portocarrero, J. M. (2016). RAMSES: Reference Architectue of Self-Adaptative Middleware for Wireless Sensor Networks. Universidade Federal fo Rio de Janeiro.Techopedia. (2017). What is Modeling Language? Retrieved November 2, 2017, from https://www.techopedia.com/definition/20810/modeling-languageTekinerdogan, B. (2004). ASAAM: Aspectual software architecture analysis method. In Software Architecture, 2004. WICSA 2004. Proceedings. Fourth Working IEEE/IFIP Conference on (pp. 5–14).Thierer, A. D. (2014). The Internet of Things & Wearable Technology: Addressing Privacy & Security Concerns Without Derailing Innovation.S SRN Electronic Journal. https://doi.org/10.2139/ssrn.2494382Touhill, G. J., & Touhill, J. (2014). Cybersecurity for Executives: A Practical Guide. John Wiley & Sons, Inc.Townsend Security. (2016). Definitive Guide to Encryption Key Management Fundamentals. Retrieved from https://info.townsendsecurity.com/definitive-guide-to-encryptionkey- management-fundamentalsTrend Micro. (2015). Trend Micro Glossary: Ransomware.Tuck, M. (2016). Internet of Things: Are We There Yet? (The 2016 IoT Landscape) – Matt Turck. Retrieved July 2, 2017, from http://mattturck.com/2016-iot-landscape/Tuck, M. (2018). Growing Pains: The 2018 Internet of Things Landscape. Retrieved from http://mattturck.com/iot2018/Tvedt, R. T., Lindvall, M., & Costa, P. (2002). A process for software architecture evaluation using metrics. In Software Engineering Workshop, 2002. Proceedings. 27th Annual NASA Goddard/IEEE (pp. 191–196).US-CERT. (2016). Alert (TA16-288A) Heightened DDoS Threat Posed by Mirai and Other Botnets.Usländer, T., & Epple, U. (2015). Reference model of industrie 4.0 service architectures. At-Automatisierungstechnik, 63(10), 858–866.Van Kranenburg, R. (2008). The Internet og Things. A critique of ambient technology and the all-seeing network of RFID. Amsterdam.Vaquero, L. M., Rodero-Merino, L., Caceres, J., & Lindner, M. (2008). A break in the clouds: Towards a Cloud Definition. ACM SIGCOMM Computer Communication Review, 39(1), 50. https://doi.org/10.1145/1496091.1496100Verdouw, C. N., Robbemond, R. M., Verwaart, T., Wolfert, J., & Beulens, A. J. M. (2015). A reference architecture for IoT-based logistic information systems in agri-food supply chains. Enterprise Information Systems, 1–25.Weyrich, M., & Ebert, C. (2016). Reference architectures for the internet of things. IEEE Software, 33(1), 112–116.Williams, L. G., & Smith, C. U. (1998). Performance Engineering of Software Architectures. InP roceeding on Workshop Software and Performance (pp. 164–177).WSO2. (2015). A Reference Architecture for the Internet of Things.Xu, B., Zhang, D., & Yang, W. (2012). Research on architecture of the Internet of Things for grain monitoring in storage. InI nternet of Things (pp. 431–438). Springer.Yacoub, S. M., Cukic, B., & Ammar, H. H. (1999). Scenario-based reliability analysis of component-based software. In Software Reliability Engineering, 1999. Proceedings. 10th International Symposium on (pp. 22–31).Yamamoto, Y., Morris, R. V., Hartsough, C., & Callender, E. D. (1982). The role of requirements analysis in the system life cycle. In Proceedings of the June 7-10, 1982, national computer conference on - AFIPS ’82 (p. 381). New York, New York, USA: ACM Press. https://doi.org/10.1145/1500774.1500821Yang, J., & Fang, B.-X. (2011). Security model and key technologies for the Internet of things. The Journal of China Universities of Posts and Telecommunications, 18(2), 109–112.Yi, S., Li, C., & Li, Q. (2015). A Survey of Fog Computing: Concepts, Applications and Issues. In Mobidata ’15 Proceedings of the 2015 Workshop on Mobile Big Data (pp. 37–42). ACM. https://doi.org/10.1145/2757384.2757397York Risk Services Group. (2015). No Business is too small for a cyber-attack.Zegzhda, D., & Stepanova, T. (2015). Achieving Internet of Things security via providing topological sustainability. In Science and Information Conference (SAI), 2015 (pp. 269–276).Zhang, K., Ni, J., Yang, K., Liang, X., Ren, J., & Shen, X. S. (2017). Security and Privacy in Smart City Applications: Challenges and Solutions. IEEE Communications Magazine, 55(1), 122–129. https://doi.org/10.1109/MCOM.2017.1600267CMZhang, Q., Cheng, L., & Boutaba, R. (2010). Cloud computing: state-of-the-art and research challenges. Journal of Internet Services and Applications, 1(1), 7–18. https://doi.org/10.1007/s13174-010-0007-6ORIGINAL2018_Tesis_Johan_Smith_Rueda_Rueda.pdf2018_Tesis_Johan_Smith_Rueda_Rueda.pdfTesisapplication/pdf5544109https://repository.unab.edu.co/bitstream/20.500.12749/3552/5/2018_Tesis_Johan_Smith_Rueda_Rueda.pdf8524367e1df4cb90193ea7b2305cb424MD55open access2018_Articulo_Johan_Smith_Rueda_Rueda.pdf2018_Articulo_Johan_Smith_Rueda_Rueda.pdfArticuloapplication/pdf709647https://repository.unab.edu.co/bitstream/20.500.12749/3552/2/2018_Articulo_Johan_Smith_Rueda_Rueda.pdf1b5363a045c7c25a056c913897904ad0MD52open accessTHUMBNAIL2018_Articulo_Johan_Smith_Rueda_Rueda.pdf.jpg2018_Articulo_Johan_Smith_Rueda_Rueda.pdf.jpgIM Thumbnailimage/jpeg9498https://repository.unab.edu.co/bitstream/20.500.12749/3552/4/2018_Articulo_Johan_Smith_Rueda_Rueda.pdf.jpg020504d13ceba3faf793812f5c5efd29MD54open access2018_Tesis_Johan_Smith_Rueda_Rueda.pdf.jpg2018_Tesis_Johan_Smith_Rueda_Rueda.pdf.jpgIM Thumbnailimage/jpeg4640https://repository.unab.edu.co/bitstream/20.500.12749/3552/6/2018_Tesis_Johan_Smith_Rueda_Rueda.pdf.jpgfd1efd985a57827f4cdbd2abdf464298MD56open access20.500.12749/3552oai:repository.unab.edu.co:20.500.12749/35522024-01-19 19:05:52.438open accessRepositorio Institucional | Universidad Autónoma de Bucaramanga - UNABrepositorio@unab.edu.co