Framework conceptual de ciberseguridad para aplicaciones de internet de las cosas
El internet de las cosas – IoT, es uno paradigmas tecnológicos con rápido crecimiento en los últimos años, en el que objetos inteligentes o cosas, interactúan entre sí y con recursos físicos y/o virtuales a través de Internet. Junto con este crecimiento hace resonancia uno de los retos que presenta...
- Autores:
-
Rueda Rueda, Johan Smith
- Tipo de recurso:
- Fecha de publicación:
- 2018
- Institución:
- Universidad Autónoma de Bucaramanga - UNAB
- Repositorio:
- Repositorio UNAB
- Idioma:
- spa
- OAI Identifier:
- oai:repository.unab.edu.co:20.500.12749/3552
- Acceso en línea:
- http://hdl.handle.net/20.500.12749/3552
- Palabra clave:
- Systems engineering
Conceptual framework
Conceptual model
Cybersecurity model
LoT applications
Telematics
Software Engineering
Computer security
Informatic security
Computer networks
Information storage systems
Information retrieval systems
Security measures
Research
Analysis
Ingeniería de sistemas
Telemática
Ingeniería de software
Seguridad en computadores
Seguridad informática
Redes de computadores
Sistemas de almacenamiento de información
Sistemas de recuperación de información
Medidas de seguridad
Investigaciones
Análisis
Framework conceptual
Modelo conceptual
Modelo de ciberseguridad
Aplicaciones LoT
- Rights
- openAccess
- License
- http://creativecommons.org/licenses/by-nc-nd/2.5/co/
id |
UNAB2_daca60da6aa3c684de61d1e9df95ac4e |
---|---|
oai_identifier_str |
oai:repository.unab.edu.co:20.500.12749/3552 |
network_acronym_str |
UNAB2 |
network_name_str |
Repositorio UNAB |
repository_id_str |
|
dc.title.spa.fl_str_mv |
Framework conceptual de ciberseguridad para aplicaciones de internet de las cosas |
dc.title.translated.eng.fl_str_mv |
Conceptual framework of cybersecurity for internet of things applications |
title |
Framework conceptual de ciberseguridad para aplicaciones de internet de las cosas |
spellingShingle |
Framework conceptual de ciberseguridad para aplicaciones de internet de las cosas Systems engineering Conceptual framework Conceptual model Cybersecurity model LoT applications Telematics Software Engineering Computer security Informatic security Computer networks Information storage systems Information retrieval systems Security measures Research Analysis Ingeniería de sistemas Telemática Ingeniería de software Seguridad en computadores Seguridad informática Redes de computadores Sistemas de almacenamiento de información Sistemas de recuperación de información Medidas de seguridad Investigaciones Análisis Framework conceptual Modelo conceptual Modelo de ciberseguridad Aplicaciones LoT |
title_short |
Framework conceptual de ciberseguridad para aplicaciones de internet de las cosas |
title_full |
Framework conceptual de ciberseguridad para aplicaciones de internet de las cosas |
title_fullStr |
Framework conceptual de ciberseguridad para aplicaciones de internet de las cosas |
title_full_unstemmed |
Framework conceptual de ciberseguridad para aplicaciones de internet de las cosas |
title_sort |
Framework conceptual de ciberseguridad para aplicaciones de internet de las cosas |
dc.creator.fl_str_mv |
Rueda Rueda, Johan Smith |
dc.contributor.advisor.spa.fl_str_mv |
Talavera Portocarrero, Jesús Martín Cabrera Cruz, José Daniel |
dc.contributor.author.spa.fl_str_mv |
Rueda Rueda, Johan Smith |
dc.contributor.cvlac.*.fl_str_mv |
https://scienti.minciencias.gov.co/cvlac/visualizador/generarCurriculoCv.do?cod_rh=0000069035 https://scienti.minciencias.gov.co/cvlac/visualizador/generarCurriculoCv.do?cod_rh=0000084238 |
dc.contributor.cvlac.none.fl_str_mv |
Cabrera Cruz, José Daniel [0000069035] |
dc.contributor.googlescholar.*.fl_str_mv |
https://scholar.google.es/citations?hl=es#user=hses_w0AAAAJ |
dc.contributor.googlescholar.none.fl_str_mv |
Cabrera Cruz, José Daniel [0000069035] |
dc.contributor.orcid.*.fl_str_mv |
https://orcid.org/0000-0002-1815-5057 |
dc.contributor.orcid.none.fl_str_mv |
Cabrera Cruz, José Daniel [0000-0002-1815-5057] |
dc.contributor.researchgate.*.fl_str_mv |
https://www.researchgate.net/profile/Jose_Cabrera_Cruz |
dc.contributor.researchgate.none.fl_str_mv |
Cabrera Cruz, José Daniel [Jose_Cabrera_Cruz] |
dc.contributor.researchgroup.spa.fl_str_mv |
Grupo de Investigación Pensamiento Sistémico - GPS Grupo de Investigaciones Clínicas |
dc.contributor.apolounab.none.fl_str_mv |
Cabrera Cruz, José Daniel [josé-daniel-cabrera-cruz] |
dc.contributor.linkedin.none.fl_str_mv |
Cabrera Cruz, José Daniel [josé-daniel-cabrera-cruz-23900b10] |
dc.subject.keywords.eng.fl_str_mv |
Systems engineering Conceptual framework Conceptual model Cybersecurity model LoT applications Telematics Software Engineering Computer security Informatic security Computer networks Information storage systems Information retrieval systems Security measures Research Analysis |
topic |
Systems engineering Conceptual framework Conceptual model Cybersecurity model LoT applications Telematics Software Engineering Computer security Informatic security Computer networks Information storage systems Information retrieval systems Security measures Research Analysis Ingeniería de sistemas Telemática Ingeniería de software Seguridad en computadores Seguridad informática Redes de computadores Sistemas de almacenamiento de información Sistemas de recuperación de información Medidas de seguridad Investigaciones Análisis Framework conceptual Modelo conceptual Modelo de ciberseguridad Aplicaciones LoT |
dc.subject.lemb.spa.fl_str_mv |
Ingeniería de sistemas Telemática Ingeniería de software Seguridad en computadores Seguridad informática Redes de computadores Sistemas de almacenamiento de información Sistemas de recuperación de información Medidas de seguridad Investigaciones Análisis |
dc.subject.proposal.spa.fl_str_mv |
Framework conceptual Modelo conceptual Modelo de ciberseguridad Aplicaciones LoT |
description |
El internet de las cosas – IoT, es uno paradigmas tecnológicos con rápido crecimiento en los últimos años, en el que objetos inteligentes o cosas, interactúan entre sí y con recursos físicos y/o virtuales a través de Internet. Junto con este crecimiento hace resonancia uno de los retos que presenta este paradigma, la seguridad de aplicaciones IoT. Este trabajo de investigación parte del problema que existen aplicaciones IoT inseguras por la falta de guías que orienten a los desarrolladores en la implementación del dominio de la ciberseguridad en la fase de diseño y la evaluación de estas. La hipótesis planeada es que, mediante un framework, compuesto por diferentes tipos de modelos, se puede orientar al equipo de desarrollo sobre cómo considerar ciberseguridad en las aplicaciones IoT. Desde este punto de partida, en este trabajo se propone un framework conceptual de ciberseguridad para aplicaciones IoT, llamado SMITH Framework. Este framework está compuesto por dos modelos: el primero, un modelo de gestión de la ciberseguridad cuyo propósito es orientar a los desarrolladores de aplicaciones IoT las consideraciones de ciberseguridad que deben tenerse en cuenta desde la fase de diseño de una solución IoT ; el segundo, un modelo conceptual del dominio de la ciberseguridad en el que se presenten seis componentes de seguridad y su relación con el dominio de IoT. Para verificar la hipótesis planteada, se hizo una validación del SMITH Framework basada en el método ATAM, en el que se diseñó una aplicación IoT orientada por elementos del framework propuesto. Los resultados arrojados permitieron conocer que sí es posible orientar al equipo de desarrollo en la implementación de la ciberseguridad en la fase de diseño de una aplicación IoT, confirmando la hipótesis planteada |
publishDate |
2018 |
dc.date.issued.none.fl_str_mv |
2018 |
dc.date.accessioned.none.fl_str_mv |
2020-06-26T21:35:50Z |
dc.date.available.none.fl_str_mv |
2020-06-26T21:35:50Z |
dc.type.driver.none.fl_str_mv |
info:eu-repo/semantics/masterThesis |
dc.type.local.spa.fl_str_mv |
Tesis |
dc.type.redcol.none.fl_str_mv |
http://purl.org/redcol/resource_type/TM |
dc.identifier.uri.none.fl_str_mv |
http://hdl.handle.net/20.500.12749/3552 |
dc.identifier.instname.spa.fl_str_mv |
instname:Universidad Autónoma de Bucaramanga - UNAB |
dc.identifier.reponame.spa.fl_str_mv |
reponame:Repositorio Institucional UNAB |
url |
http://hdl.handle.net/20.500.12749/3552 |
identifier_str_mv |
instname:Universidad Autónoma de Bucaramanga - UNAB reponame:Repositorio Institucional UNAB |
dc.language.iso.spa.fl_str_mv |
spa |
language |
spa |
dc.relation.references.spa.fl_str_mv |
Rueda Rueda, Johan Smith (2018). Framework conceptual de ciberseguridad para aplicaciones de internet de las cosas. Bucaramanga (Colombia) : Universidad Autónoma de Bucaramanga UNAB Abdmeziem, M. R., Tandjaoui, D., & Romdhani, I. (2016). Architecting the internet of things: state of the art. In Robots and Sensor Clouds (pp. 55–75). Springer. Abrahamsson, P., Salo, O., Ronkainen, J., & Warsta, J. (2017). Agile Software Development Methods: Review and Analysis. CoRR, 478, 107. Retrieved from http://arxiv.org/abs/1709.08439 Abreu, D. P., Velasquez, K., Curado, M., & Monteiro, E. (2017). A resilient Internet of Things architecture for smart cities. Annals of Telecommunications, 72(1–2), 19–30. Adams, K. (2015). Non-functional Requirements in Systems Analysis and Design. Springer. Addo, I. D., Ahamed, S. I., Yau, S. S., & Buduru, A. (2014). A reference architecture for improving security and privacy in Internet of Things applications. InM obile Services (MS), 2014 IEEE International Conference on (pp. 108–115). Aldosari, H. M. (2015). A Proposed Security Layer for the Internet of Things Communication Reference Model.P rocedia Computer Science, 65, 95–98. Alhamedi, A. H., Snasel, V., Aldosari, H. M., & Abraham, A. (2014). Internet of things communication reference model. In Computational Aspects of Social Networks (CASoN), 2014 6th International Conference on (pp. 61–66). Andolfi, F., Aquilani, F., Balsamo, S., & Inverardi, P. (2000). Deriving QNM from MSCs for performance evaluation of SA. In ACM Workshop on Software Performance (pp. 220–229). Aquilani, F., Balsamo, S., & Inverardi, P. (2001). Performance analysis at the software architectural design level.P erformance Evaluation, 45(2–3), 147–178. Ashton, K. (2009). That “Internet of Things” Thing. RFID Journal, 1. Retrieved from www.rfidjournal.com/articles/pdf?4986 Atamli, A. W., & Martin, A. (2014). Threat-Based Security Analysis for the Internet of Things. In 2014 International Workshop on Secure Internet of Things (pp. 35–43). IEEE. https://doi.org/10.1109/SIoT.2014.10 Atzori, L., Iera, A., & Morabito, G. (2010). The internet of things: a survey. Computer Networks, 54, 2787–2805. https://doi.org/10.1007/s10796-014-9492-7 Atzori, L., Iera, A., & Morabito, G. (2017). Understanding the Internet of Things: definition, potentials, and societal role of a fast evolving paradigmA. d Hoc Networks, 56, 122–140. https://doi.org/10.1016/j.adhoc.2016.12.004 Babar, M. A., & Gorton, I. (2004). Comparison of scenario-based software architecture evaluation methods. In 11th Asia-Pacific Software Engineering Conference, 2004. Balsamo, S., Inverardi, P., & Mangano, C. (1998). An approach to performance evaluation of software architectures. In Proceedings of the 1st international workshop on Software and performance (pp. 178–190). Banda, G., Chaitanya, K., & Mohan, H. (2015). An IoT protocol and framework for OEMs to make IoT-enabled devices forward compatible. In Signal-Image Technology & Internet-Based Systems (SITIS), 2015 11th International Conference on (pp. 824–832). Barker, E. (2016). Recommendation for Key Management Part 1: General. Gaithersburg, MD. https://doi.org/10.6028/NIST.SP.800-57pt1r4 Barker, E., Smid, M., Branstad, D., & Chokhani, S. (2013). A Framework for Designing Cryptographic Key Management Systems. Gaithersburg, MD. https://doi.org/10.6028/NIST.SP.800-130 Bassi, A., Bauer, M., Fiedler, M., Kramp, T., van Kranenburg, R., Lange, S., & Meissner, S. (Eds.). (2013). Enabling Things to Talk. Berlin, Heidelberg: Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-40403-0 Bauer, M., Boussard, M., Bui, N., Carrez, F., Jardak, C., De Loof, J., … Salinas, A. (2013).D eliverable D1.5 – Final architectural reference model for the IoT v3.0. Bauer, M., Boussard, M., Bui, N., De Loof, J., Magerkurth, C., Meissner, S., … Walewski, J. W. (2013). IoT Reference Architecture. In A. Bassi, M. Bauer, M. Fiedler, T. Kramp, R. van Kranenburg, S. Lange, & S. Meissner (Eds.), Enabling Things to Talk: Designing IoT solutions with the IoT Architectural Reference Model (pp. 163–211). Berlin, Heidelberg: Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-40403-0_8 Bauer, M., Bui, N., De Loof, J., Magerkurth, C., Nettsträter, A., Stefa, J., & Walewski, J. W. (2013). IoT Reference Model. In Enabling Things to Talk (pp. 113–162). Berlin, Heidelberg: Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-40403-0_7 Bayuk, J. L., Healey, J., Rohmeyer, P., Sachs, M. H., Schmidt, J., & Weiss, J. (2012).C yber Security Policy Guidebook. Wiley Publishing. Beltrán G., Ó. A. (2005). Revisiones sistemáticas de la literatura. Revista Colombiana de Gastroenterología, 20(1), 10. Bengtsson, P., & Bosch, J. (1998). Scenario-based software architecture reengineering. In Fifth International Conference on oftware Reuse, 1998 (pp. 308–317). IEEE. Bengtsson, P., & Bosch, J. (1999). Architecture level prediction of software maintenance. In Software Maintenance and Reengineering, 1999. Proceedings of the Third European Conference on (pp. 139–147). Bengtsson, P., Lassing, N., Bosch, J., & van Vliet, H. (2004). Architecture-level modifiability analysis (ALMA). Journal of Systems and Software, 69(1–2), 129–147. Bergner, K., Rausch, A., Sihling, M., & Ternité, T. (2005). DoSAM--domain-specific software architecture comparison model. In Quality of Software Architectures and Software Quality (pp. 4–20). Springer. Bernabe, J. B., Hernández, J. L., Moreno, M. V., & Gomez, A. F. S. (2014). Privacy-preserving security framework for a social-aware internet of things. In International conference on ubiquitous computing and ambient intelligence (pp. 408–415). Biolchini, J., Gomes Mian, P., Cruz Natali, A. C., & Horta Travassos, G. (2005). Systematic Review in Software Engineering. Rio de Jainero. Boehm, B. (n.d.). Evaluating a Software Architecture (pp. 19–42). Boehm, B. W., Brown, J. R., & Kaspar, H. (1978). Characteristics of Software Quality. Bohli, J.-M., Skarmeta, A., Moreno, M. V., García, D., & Langendörfer, P. (2015). SMARTIE project: Secure IoT data management for smart cities. In Recent Advances in Internet of Things (RIoT), 2015 International Conference on (pp. 1–6). Borgia, E. (2014). The internet of things vision: Key features, applications and open issues. Computer Communications, 54, 1–31. https://doi.org/10.1016/j.comcom.2014.09.008 Boroojeni, K. G., Amini, M. H., & Iyengar, S. S. (2016). Smart Grids: Security and Privacy Issues. Springer. Boussard, M., Meissner, S., Nettsträter, A., Olivereau, A., Segura, A. S., Thoma, M., & Walewski, J. W. (2013). A Process for Generating Concrete Architectures. In Enabling Things to Talk (pp. 45–111). Springer. Brooks, F. (1987). No Silver Bullet: Essence and Accidents of Software Engineering.I EEE Computer, 20(4), 10–19. Caltum, E., & Segal, O. (2016). Exploitation of IoT devices for Launching Mass-Scale Attack Campaigns. Capgemini. (2018). Cybersecurity talent — The big gap in cyber protection Caracciolo, A., Lungu, M. F., & Nierstrasz, O. (2014). How Do Software Architects Specify and Validate Quality Requirements? In European Conference on Software Architecture (pp. 374–389). Springer. CASAGRAS Project. (2009). RFID and the Inclusive Model for the Internet of Things. Cavalcante, E., Alves, M. P., Batista, T., Delicato, F. C., & Pires, P. F. (2015). An analysis of reference architectures for the internet of things. In Proceedings of the 1st International Workshop on Exploring Component-based Techniques for Constructing Reference Architectures (pp. 13–16). Cavalcante, E., Pereira, J., Alves, M. P., Maia, P., Moura, R., Batista, T., … Pires, P. F. (2016). On the interplay of Internet of Things and Cloud Computing: A systematic mapping study. Computer Communications, 89–90, 17–33. https://doi.org/10.1016/j.comcom.2016.03.012 Chant, I. (2017). The Cybersecurity Talent Shortage Is Here, and It’s a Big Threat to Companies. Retrieved January 10, 2018, from http://theinstitute.ieee.org/ieeeroundup/ blogs/blog/the-cybersecurity-talent-shortage-is-here-and-its-a-big-threat-to-companies Chen, Q., Abdelwahed, S., & Erradi, A. (2014). A model-based validated autonomic approach to self-protect computing systems. IEEE Internet of Things Journal, 1(5), 446– 460. Cheung, R. C. (1980). A user-oriented software reliability model. IEEE Transactions on Software Engineering, (2), 118–125. Chung, L., & do Prado Leite, J. C. S. (2009). On Non-Functional Requirements in Software Engineering. In Conceptual Modeling: Foundations and Applications (pp. 363–379). Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-02463-4_19 Chung, L., Nixon, B. A., Yu, E., & Mylopoulos, J. (2012). Non-functional Requirements in Software Engineering. Springer Science & Business Media. Cimpanu, C. (2016). Problems Reappear for IoT Device Owners with Discovery of New DDoS Trojan. Cirani, S., Ferrari, G., & Veltri, L. (2013). Enforcing Security Mechanisms in the IP-Based Internet of Things: An Algorithmic Overview. Algorithms, 6(2), 197–226. https://doi.org/10.3390/a6020197 Cisco. (2015). Mitigating the Cybersecurity Skills Shortage: Top Insights and Actions from Cisco Security Advisory Services Cisco. (2016a). Internet of Things at a Glance Cisco. (2016b). The Internet of Things. It’s not about things. It’s about service. Retrieved from https://www.jasper.com/sites/default/files/pdf/IoT_Infographic.pdf%7D Cisco. (2017). Cisco 2017 Annual Cybersecurity Report. CISCO. The Internet of Things Reference Model (2014). Retrieved from http://cdn.iotwf.com/resources/71/IoT_Reference_Model_White_Paper_June_4_2014.pdf Clements, P., Garlan, D., Little, R., Nord, R., & Stafford, J. (2003). Documenting software architectures: views and beyond. InP roceedings of the 25th International Conference on Software Engineering (pp. 740--741). ACM. Retrieved from http://delivery.acm.org/10.1145/780000/776928/p740-clements.pdf? ip=200.69.124.106&id=776928&acc=ACTIVE SERVICE&key=4D9619BEF5D5941F.D0AFA4C1BA803950.4D4702B0C3E38B35.4D4702B0C3E38B35&__acm__=1520370891_ece2c328b7de31eaf77e2c65c0fa3758 CNSS. (2010). National Information Assurance (IA) Glossary. Committee on National Security Systems. Cobb, S. (2016a). Cybersecurity skills gap: It’s big and it’s bad for security. Retrieved from https://www.welivesecurity.com/2016/12/16/cybersecurity-skills-gap-big-and-bad/ Cobb, S. (2016b). Jackware: When connected cars meet ransomware. Cobb, S. (2017). RoT: Ransomware of Things. Colciencias. (2016). Tipología de proyectos calificados como de carácter cientifíco, tecnológico e innovación (Vol. 4). https://doi.org/10.1007/s13398-014-0173-7.2 Condry, M. W., & Nelson, C. B. (2016). Using Smart Edge IoT Devices for Safer, Rapid Response With Industry IoT Control Operations. Proceedings of the IEEE, 104(5), 938–946. Cortellessa, V., & Mirandola, R. (2000). Deriving a queueing network based performance model from UML diagrams. In Proceedings of the 2nd international workshop on Software and performance (pp. 58–70). Currie, R. (2016). Developments in Car Hacking. SANS Institute InfoSec Reading Room, 1–34. CyberX. (2016). Radiation IoT Cyber Security Campaign. Da Xu, L., He, W., & Li, S. (2014). Internet of things in industries: A survey. IEEE Transactions on Industrial Informatics, 10(4), 2233–2243. Dalipi, F., & Yayilgan, S. Y. (2016). Security and Privacy Considerations for IoT Application on Smart Grids: Survey and Research Challenges. In 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW) (pp. 63–68). IEEE. https://doi.org/10.1109/W-FiCloud.2016.28 Davis, A. M. (1993). Software Requirements: Objects, Functions and States. Prentice-Hall, Inc. De, S., Carrez, F., Reetz, E., Tönjes, R., & Wang, W. (2013). Test-Enabled Architecture for IoT Service Creation and Provisioning. In The Future Internet Assembly (pp. 233–245). https://doi.org/10.1007/978-3-642-38082-2_20 Deloitte. (2018). The cybersecurity talent shortage: An emerging challenge for consumer products companies Dobre, C., Mavromoustakis, C. X., Garcia, N., Ivanova Goleva, R., & Mastorakis, G. (Eds.).( 2017). Glossary. In Ambient Assisted Living and Enhanced Living Environments (pp. xliii–xliv). Elsevier. https://doi.org/10.1016/B978-0-12-805195-5.00028-4 Dykstra, J. (2015). Essential Cybersecurity Science: Build, Test, and Evaluate Secure Systems (First Edit). O’Reilly Media. Edwards, S., & Profetis, I. (2016). Hajime: Analysis of a decentralized internet worm for IoT devices. Elmaghraby, A. S., & Losavio, M. M. (2014). Cyber security challenges in Smart Cities: Safety, security and privacy. Journal of Advanced Research, 5(4), 491–497. https://doi.org/10.1016/j.jare.2014.02.006 Emm, D., Unuchek, R., & Kruglov, K. (2016). Kaspersky Security Bulletin 2016. Review of the Year. Essery, Michael. (2016). Today 65% of Enterprises Already Using Internet of Things; Business Value found in Optimizing Operations and Reducing Risk. Fernandes, J., Nati, M., Loumis, N. S., Nikoletseas, S., Raptis, T. P., Krco, S., … Ziegler, S. (2015). IoT Lab: Towards co-design and IoT solution testing using the crowd. In Recent Advances in Internet of Things (RIoT), 2015 International Conference on (pp. 1–6). Finkle, J. (2016). J&J warns diabetic patients: Insulin pump vulnerable to hacking. Reuters. Fiutem, R., & Antoniol, G. (1998). Identifying design-code inconsistencies in object-oriented software: A case study. InS oftware Maintenance, 1998. Proceedings., International Conference on (pp. 94–102). Folmer, E., Van Gurp, J., & Bosch, J. (2004). Software architecture analysis of usability. In International Workshop on Design, Specification, and Verification of Interactive Systems (pp. 38–58). ForeScout Technologies. (2016). IoT Enterprise Risk Report. Formisano, C., Pavia, D., Gurgen, L., Yonezawa, T., Galache, J. A., Doguchi, K., & Matranga, I. (2015). The advantages of IoT and cloud applied to smart cities. In Future Internet of Things and Cloud (FiCloud), 2015 3rd International Conference on (pp. 325–332). Forrester. (2017). Predictions 2018: IoT Moves From Experimentation To Business Scale. Fowler, K. (2016). Cybersecurity. In Enterprise Risk Management (pp. 91–108). Elsevier. https://doi.org/10.1016/B978-0-12-800633-7.00007-9 Fox-Brewster, T. (2016). How Hacked Cameras Are Helping Launch The Biggest Attacks The Internet Has Ever Seen.F orbes. Fundación Telefónica. (2016). Ciberseguridad, la protección de la información en un mundo digital. Fundación Telefónica, Editorial Ariel S.A. Gartner Inc. (2015). Gartner Says 6.4 Billion Connected “Things” Will Be in Use in 2016, Up 30 Percent From 2015. Gartner Inc. (2016a). Gartner’s 2016 Hype Cycle for Emerging Technologies Identifies Three Key Trends That Organizations Must Track to Gain Competitive Advantage. Retrieved from www.gartner.com/newsroom/id/3412017 Gartner Inc. (2016b). Gartner Says By 2020, More Than Half of Major New Business Processes and Systems Will Incorporate Some Element of the Internet of Things. Gartner Inc. (2016c). Gartner Says Worldwide IoT Security Spending to Reach $348 Million in 2016. Gartner Inc. (2016d). Top 10 Strategic Technology Trends for 2017. Ge, M., & Kim, D. S. (2015). A framework for modeling and assessing security of the internet of things. InP arallel and Distributed Systems (ICPADS), 2015 IEEE 21st International Conference on (pp. 776–781). Gibbs, S. (2015). Hackers can hijack Wi-Fi Hello Barbie to spy on your children. The Guardian. Gilchrist, A. (2016). IIoT Reference Architecture. In Industry 4.0 (pp. 65–86). Springer. Gluhak, A., Hauswirth, M., Krco, S., Stojanovic, N., Bauer, M., Nielsen, R. H., … Corcho, O. (2011). An Architectural Blueprint for a Real-World Internet. InF uture Internet Assembly (pp. 67–80). Gluhak, A., Munoz, L., Sotres, P., Sanchez, L., Roux, P., Sanchez, B., … Hernandez, A. L. (2013). Third Cycle Architecture Specification. Gokhale, S. S., & Trivedi, K. S. (2002). Reliability prediction and sensitivity analysis based on software architecture. InS oftware Reliability Engineering, 2002. ISSRE 2003. Proceedings. 13th International Symposium on (pp. 64-75). Gómez Vargas, M., Galeano Higuita, C., & Jaramillo Muñoz, D. A. (2015). El estado del arte: una metodología de investigación.R evista Colombiana de Ciencias Sociales, 6(2), 423–442. Grant, M. J., & Booth, A. (2009). A typology of reviews: an analysis of 14 review types and associated methodologies.H ealth Information & Libraries Journal, 26(2), 91–108. https://doi.org/10.1111/j.1471-1842.2009.00848.x Green, P. E. J. (2016). Introduction to Risk Management Principles. In Enterprise Risk Management (pp. 1–13). Elsevier. https://doi.org/10.1016/B978-0-12-800633- 7.00001-8 Gubbi, J., Buyya, R., Marusic, S., & Palaniswami, M. (2013). Internet of Things (IoT): A vision, architectural elements, and future directions.F uture Generation Computer Systems, 29(7), 1645–1660. Guo, B., Zhang, D., Wang, Z., Yu, Z., & Zhou, X. (2013). Opportunistic IoT: Exploring the harmonious interaction between human and the internet of things. Journal of Network and Computer Applications, 36(6), 1531–1539. Hayashi, K. (2014). IoT Worm Used to Mine Cryptocurrency. Heer, T., Garcia-Morchon, O., Hummen, R., Keoh, S. L., Kumar, S. S., & Wehrle, K. (2011). Security Challenges in the IP-based Internet of Things.W ireless Personal Communications, 61(3), 527–542. https://doi.org/10.1007/s11277-011-0385-5 Hellaoui, H., Bouabdallah, A., & Koudil, M. (2016). TAS-IoT: Trust-Based Adaptive Security in the IoT. In Local Computer Networks (LCN), 2016 IEEE 41st Conference on (pp. 599–602). Herjavec Group. (2017). 2017 Cybersecurity Jobs Report. Hernandez-Ramos, J. L., Pawlowski, M. P., Jara, A. J., Skarmeta, A. F., & Ladid, L. (2015). Toward a lightweight authentication and authorization framework for smart objects. IEEE Journal on Selected Areas in Communications, 33(4), 690–702. Hernandez Sampieri, R., Fernández Collado, C., & Baptista Lucio, M. del P. (2010). Metodología de la investigación (Quinta edi). McGraw-Hill, Inc. Hewlett Packard Enterprise. (2015). Internet Of things research study. Hioureas, V. (2015, May). Does CCTV put the public at risk of cyberattack? Kaspersky Labs. Höller, J., Tsiatsis, V., Mulligan, C., Karnouskos, S., Avesand, S., & Boyle, D. (2014a). Architecture Reference Model. In From Machine-To-Machine to the Internet of Things (pp. 167–197). Elsevier. https://doi.org/10.1016/B978-0-12-407684-6.00007-3 Höller, J., Tsiatsis, V., Mulligan, C., Karnouskos, S., Avesand, S., & Boyle, D. (2014b). IoT Architecture – State of the Art. In From Machine-To-Machine to the Internet of Things (pp. 145–165). Elsevier. https://doi.org/10.1016/B978-0-12-407684-6.00006-1 Höller, J., Tsiatsis, V., Mulligan, C., Karnouskos, S., Avesand, S., & Boyle, D. (2014c). IoT Reference Architecture. In From Machine-To-Machine to the Internet of Things (pp. 199–223). Elsevier. https://doi.org/10.1016/B978-0-12-407684-6.00008-5 Hopkin, P. (2017). Fundamentals of Risk Management: Understanding, evaluating and implementing effective risk management Huang, X., Craig, P., Lin, H., & Yan, Z. (2015). SecIoT: a security framework for the Internet of Things. Security and Communication Networks, 9, 3083–3095. https://doi.org/10.1002/sec.1259 Hussein, N. H., & Khalid, A. (2016). A survey of Cloud Computing Security challenges and solutions.I nternational Journal of Computer Science and Information Security, 14(1), 52. Hwang, H., & Park, Y. B. (2017). Safety - Critical Software Quality Improvement Using Requirement Analysis. In2 017 International Conference on Platform Technology and Service (PlatCon) (pp. 1–4). IEEE. https://doi.org/10.1109/PlatCon.2017.7883725 IEEE. (1990). IEEE Standard Glossary of Software Engineering Terminology. IEEE Computer Society. (2014). Guide to the Software Engineering - Body of Knowledge. (P. Bourque & R. E. Fairley, Eds.), IEEE Computer Society (V3 ed.). https://doi.org/10.1234/12345678 Intel. (2016). A Guide to the Internet of Things. How billion of online objects are making the web wiser. Intel Security, & CSIS. (2016). Hacking the Skills Shortage: A study of the international shortage in cybersecurity skills Internet of Things Guide. (2016). Glossary Term. Ionita, M. T., Hammer, D., & Obbink, H. (2002). Scenario-Based Software Architecture Evaluation Methods: An Overview.T echnical University, 1–10. Iorga, M., Feldman, L., Barton, R., Martin, M. J., Goren, N., & Mahmoudi, C. (2017). The NIST Definition of Fog Computing. IoT-A Project. (2016). Requirements — IOT-A: Internet of Things Architecture. Retrieved from http://www.iot-a.eu/public/requirements/copy_of_requirements ISACA. (2013). A simple definition of cybersecurity. ISACA. (2016a). 2016 Cybersecurity Skills Gap. Retrieved from https://isaca.org.ar/2016/12/07/cybersecurity-skills-gap/ ISACA. (2016b). Cybersecurity Fundamentals Glossary ISACA. (2018). State of Cybersecurity Study: Security Budgets Increasing, But Qualified Cybertalent Remains Hard to Find. Retrieved May 31, 2018, from http://www.isaca.org/About-ISACA/Press-room/News-Releases/2018/Pages/State-of-Cybersecurity-Study-Security-Budgets-Increasing-But-Qualified-Cybertalent- Remains-Hard-to-Find.aspx ISO/IEC/IEEE. (2010). ISO/IEC/IEEE 24765:2010 Systems and software engineering - Vocabulary. ISO/IEC/IEEE. (2011). ISO/IEC/IEEE 42010:2011, Systems and software engineering — Architecture description. ISO/IEC. (2012). ISO/IEC 27032:2012, Information technology -- Security techniques -- Guidelines for cybersecurity. Retrieved from https://www.iso.org/standard/44375.html ISO/IEC. (2013). ISO/IEC 27001:2013, Information technology -- Security techniques -- Information security management systems -- Requirements. ISO/IEC. (2015). ISO/IEC/IEEE 27017:2015, Information technology -- Security techniques -- Code of practice for information security controls based on ISO/IEC 27002 for cloud services. ITU-T. (2012). Overview of the Internet of things. Series Y: Global information infrastructure, internet protocol aspects and next-generation networks - Frameworks and functional architecture models. ITU-T. (2014a). F.748.0: Common requirements for Internet of things (IoT) applications. ITU-T. (2014b). Y.2066: Common requirements of the Internet of things. Jiménez, J. A., Russo, M., Krco, S., Bezanilla, R., Munoz, L., Galache, J. A., …K outsoubelias, M. (2012). Second Cycle Architecture Specification. Jóźwiak, L. (2017a). Advanced mobile and wearable systems. Microprocessors and Microsystems, 50, 202–221. https://doi.org/10.1016/j.micpro.2017.03.008 Jóźwiak, L. (2017b). Advanced mobile and wearable systems. Microprocessors and Microsystems, 50, 202–221. https://doi.org/10.1016/j.micpro.2017.03.008 Kaspersky Lab. (2016). Kaspersky Security Bulletin 2016. Kaspersky Labs. (2015a). Damage Control: The Cost of Security Breaches. It Security Risk Special Report Series. Kaspersky Labs. (2015b). Global IT Security Risks Survey. Kazman, R., Bass, L., Abowd, G., & Webb, M. (1994). SAAM: A method for analyzing the properties of software architectures. InS oftware Engineering, 1994. Proceedings. ICSE-16., 16th International Conference on (pp. 81–90). Kazman, R., Klein, M., Barbacci, M., Longstaff, T., Lipson, H., & Carriere, J. (1998).T he Architecture Tradeoff Analysis Method. Kim, D., & Solomon, M. G. (2016). Fundamentals of Information Systems Security. Jones & Bartlett Learning. Retrieved from https://books.google.com.co/books? id=Yb4eDQAAQBAJ Kitchenham, B., & Charters, S. (2007). Guidelines for performing systematic literature reviews in software engineering version 2.3. Kotonya, G., & Sommerville, I. (1998). Requirements Engineering: Processes and Techniques (1st ed.). Wiley Publishing. Krco, S., Pokric, B., & Carrez, F. (2014). Designing IoT architecture (s): A European perspective. InI nternet of Things (WF-IoT), 2014 IEEE World Forum on (pp. 79–84). Krishnamurthy, S., & Mathur, A. P. (1997). On the estimation of reliability of a software system using reliabilities of its components. InS oftware Reliability Engineering, 1997. Proceedings., The Eighth International Symposium on (pp. 146–155). Kubat, P. (1989). Assessing reliability of modular software. Operations Research Letters, 8(1), 35–41. Laprie, J.-C. (1984). Dependability evaluation of software systems in operation. IEEE Transactions on Software Engineering, (6), 701–714. Lassing, N. H., Rijsenbrij, D. B. B., & van Vliet, H. (1999). On software architecture analysis of flexibility, complexity of changes: Size isn’t everything. Lee, C., Zappaterra, L., Kwanghee Choi, & Hyeong-Ah Choi. (2014). Securing smart home: Technologies, security challenges, and security requirements. In2 014 IEEE Conference on Communications and Network Security (pp. 67–72). IEEE. https://doi.org/10.1109/CNS.2014.6997467 Lee, G. M., Crespi, N., Choi, J. K., & Boussard, M. (2013). Internet of things. InE volution of Telecommunication Services (pp. 257–282). Springer. Lee, I., & Lee, K. (2015). The Internet of Things (IoT): Applications, investments, and challenges for enterprises.B usiness Horizons, 58(4), 431–440. Lee, S., & Kim, S. (2013). Hacking, surveilling, and deceiving victims on Smart TV. Black Hat. Leyden, J. (2016). One Ring to pwn them all: IoT doorbell can reveal your Wi-Fi key. The Register. Li, S., Xu, L. Da, & Zhao, S. (2015). The internet of things: a survey. Information Systems Frontiers, 17(2), 243–259. https://doi.org/10.1007/s10796-014-9492-7 Lindvall, M., Tvedt, R. T., & Costa, P. (2003). An empirically-based process for software architecture evaluation. Empirical Software Engineering, 8(1), 83–108. Liu, L., Yin, L., Guo, Y., & Fang, B. (2014). EAC: a framework of authentication property for the IoTs. In Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2014 International Conference on (pp. 102–105). Lize, G., Jingpei, W., & Bin, S. (2014). Trust management mechanism for Internet of Things.C hina Communications, 11(2), 148–156. Lloyd’s. (2017). Counting the cost Cyber exposure decoded. Lloyd, W., & Connie, S. (2002). PASA: A Method for the Performance Assessment of Software Architectures. In Proceedings of the Third International Workshop on Software and Performance (WOSP’2002), July (pp. 24–26). Loucopoulus, P., & Karakostas, V. (1995). System Requirements Engineering. McGraw-Hill, Inc. Ma, M., Wang, P., & Chu, C.-H. (2013). Data management for internet of things: challenges, approaches and opportunities. In Green Computing and Communications (GreenCom), 2013 IEEE and Internet of Things (iThings/CPSCom), IEEE International Conference on and IEEE Cyber, Physical and Social Computing (pp. 1144– 1151). Mahalank, S. N., Malagund, K. B., & Banakar, R. M. (2016). Non Functional Requirement Analysis in IoT based smart traffic management system. In 2016 International Conference on Computing Communication Control and automation (ICCUBEA) (pp. 1–6). IEEE. https://doi.org/10.1109/ICCUBEA.2016.7860147 Mahalle, P. N., Anggorojati, B., Prasad, N. R., & Prasad, R. (2013). Identity authentication and capability based access control (iacac) for the internet of things.J ournal of Cyber Security and Mobility, 1(4), 309--348. Malware Must Die. (2016). MMD-0058-2016 - Linux/NyaDrop - a linux MIPS IoT bad news. Manrique, J. A., Rueda-Rueda, J. S., & Portocarrero, J. M. T. (2016). Contrasting Internet of Things and Wireless Sensor Network from a Conceptual Overview. In 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData) (pp. 252–257). IEEE. https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData.2016.66 Maxwell, J. A. (2005). Conceptual framework: What do you think is going on. Qualitative Research Design: An Interactive Approach, 41, 33–63. Mead, N. R., & Stehney, T. (2005). Security quality requirements engineering (SQUARE) methodology. ACM SIGSOFT Software Engineering Notes, 30(4), 1. https://doi.org/10.1145/1082983.1083214 Mell, P., & Grance, T. (2011). The NIST Definition of Cloud Computing. Microsoft Colombia. (2016). Principales tendencias de seguridad en IoT. Miles, M. B., & Huberman, A. M. (1994). Qualitative data analysis: An expanded sourcebook. sage. Miller, C., & Valasek, C. (2015). Remote Exploitation of an Unaltered Passenger Vehicle. Miorandi, D., Sicari, S., De Pellegrini, F., & Chlamtac, I. (2012). Internet of things: Vision, applications and research challenges. Ad Hoc Networks, 10(7), 1497–1516. Miranda, J., Mäkitalo, N., Garcia-Alonso, J., Berrocal, J., Mikkonen, T., Canal, C., & Murillo, J. M. (2015).F rom the Internet of Things to the Internet of People.I EEE Internet Computing, 19(2), 40–47. Moher, D., Liberati, A., Tetzlaff, J., & Altman, D. G. (2009). Preferred Reporting Items for Systematic Reviews and Meta-Analyses: The PRISMA Statement. PLoS Medicine, 6(7), e1000097. https://doi.org/10.1371/journal.pmed.1000097 Molter, G. (1999). Integrating SAAM in domain-centric and reuse-based development processes. In Proceedings of the 2nd Nordic Workshop on Software Architecture, Ronneby (pp. 1–10). Monteiro, C., Oliveira, M., Bastos, J., Ramrekha, T., & Rodriguez, J. (2014). Social Networks and Internet of Things, an Overview of the SITAC Project. In International Wireless Internet Conference (pp. 191–196). Moore, B. J. (1994). Achieving software quality through requirements analysis. InP roceedings of 1994 IEEE International Engineering Management Conference - IEMC ’94 (pp. 78–83). IEEE. https://doi.org/10.1109/IEMC.1994.379948 Morán Delgado, G., & Alvarado Cervantes, D. G. (2010). Métodos de investigación (Primera ed). Pearson Education. Mossburg, E., Gelinne, J., & Calzada, H. (2016). Beneath the surface of a cyberattack: A deeper look at business impacts. Mostow, J. (1985). Towards Better Models of the Design Process. AI Magazine, 6(1), 44–57. Mozzaquatro, B. A., Jardim-Goncalves, R., Melo, R., & Agostinho, C. (2016). The application of security adaptive framework for sensor in industrial systems. InS ensors Applications Symposium (SAS), 2016 IEEE (pp. 1–6). Muñoz, L., Sanchez, L., Galache, J. A., Gutierrez, V., Garcia, R., Poyato, P., … Ramdhany, R. (2011).F irst Cycle Architecture Specification. Murphy, G. C., Notkin, D., & Sullivan, K. (1995). Software reflexion models: Bridging the gap between source and high-level models.A CM SIGSOFT Software Engineering Notes, 20(4), 18–28. Nakagawa, E. Y., Oquendo, F., & Becker, M. (2012). RAModel: A Reference Model for Reference Architectures. In Software Architecture (WICSA) and European Conference on Software Architecture (ECSA), 2012 Joint Working IEEE/IFIP Conference on (pp. 297–301). IEEE. https://doi.org/10.1109/WICSA-ECSA.212.49 Namal, S., Gamaarachchi, H., MyoungLee, G., & Um, T.-W. (2015). Autonomic trust management in cloud-based and highly dynamic IoT applications. In ITU Kaleidoscope: Trust in the Information Society (K-2015), 2015 (pp. 1–8). Naur, P., & Randell, B. (1969). Software Engineering: Report of a conference sponsored by the NATO Science Committee, Garmisch, Germany, 7-11 Oct. 1968, Brussels, Scientific Affairs Division, NATO. Neisse, R., Fovino, I. N., Baldini, G., Stavroulaki, V., Vlacheas, P., & Giaffreda, R. (2014). A model-based security toolkit for the internet of things. InA vailability, Reliability and Security (ARES), 2014 Ninth International Conference on (pp. 78–87). Nia, A. M., & Jha, N. K. (2016). A comprehensive study of security of internet-of-things. IEEE Transactions on Emerging Topics in Computing. NIST. (2011). ISO/IEC 25010:2011 - Systems and software engineering -- Systems and software Quality Requirements and Evaluation (SQuaRE) -- System and software quality models. NIST. (2013). Glossary of Key Information Security Terms. NowSecure. (2016). 2016 NowSecure Mobile Security Report. Object Management Group. (2005). Introducction to OMG’s Unified Modeling Language. Retrieved from http://www.uml.org/what-is-uml.htm Object Management Group. (2017). About the Unified Modeling Language Specification Versión 2.5.1. Retrieved from https://www.omg.org/spec/UML/About-UML/ Oficina Nacional de Seguridad. (2016). Normas de la Autoridad Nacional para la Protección de la Información Clasificada. Retrieved from http://www.buenjuicio.com/wpcontent/ uploads/2015/07/Normas_de_la_Autoridad_Nacional_para_la_Proteccion_de_la_Informacion_Clasificada.pdf Oltski, J. (2017). The Life and Times of Cybersecurity Professionals. OWASP. (2016a). IoT Framework Assessment. Retrieved November 29, 2017, from https://www.owasp.org/index.php/IoT_Framework_Assessment OWASP. (2016b). Principles of IoT Security. Retrieved November 4, 2017, from https://www.owasp.org/index.php/Principles_of_IoT_Security OWASP. (2017a). About The Open Web Application Security Project. Retrieved from www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project OWASP. (2017b). OWASP Internet of Things (IoT) Project. OWASP. (2017c). Password Storage Cheat Sheet. Retrieved November 29, 2017, from https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet Owens, D. (2005). Documenting Software Architectures: Views and Beyond. Technical Communication, 52(1), 75–77. Pacheco, J., & Hariri, S. (2016). IoT Security Framework for Smart Cyber Infrastructures. In Foundations and Applications of Self* Systems, IEEE International Workshops on (pp. 242–247). Pacheco, J., Satam, S., Hariri, S., Grijalva, C., & Berkenbrock, H. (2016). IoT Security Development Framework for building trustworthy Smart car services. In Intelligence and Security Informatics (ISI), 2016 IEEE Conference on (pp. 237–242). Pastrana, S., Rodriguez-Canseco, J., & Calleja, A. (n.d.). ArduWorm: A Functional Malware Targeting Arduino Devices. Patel, P., & Cassou, D. (2015). Enabling high-level application development for the internet of things. Journal of Systems and Software, 103, 62–84. Patiño, R. G. (2016). El estado del arte en la investigación: ¿Análisis de los conocimientos acumulados o indagación por nuevos sentidos?R evista Folios, 2(44). Pawar, M. V, & Anuradha, J. (2015). Network Security and Types of Attacks in Network. Procedia Computer Science, 48, 503–506. Picco, G. Pietro. (2010). Software engineering and wireless sensor networks. In Proceedings of the FSE/SDP workshop on Future of software engineering research - FoSER ’10 (p. 283). New York, New York, USA: ACM Press. https://doi.org/10.1145/1882362.1882421 Pohl, K. (2010). Requirements Engineering: Fundamentals, Principles, and Techniques (1st Editio). Springer Publishing Company. Pressman, R. S. (2010). Ingeniería del Software: un enfoque práctico (Séptima ed). The McGraw-Hill. Radomirovic, S. (2010). Towards a Model for Security and Privacy in the Internet of Things. InP roc. First Int’l Workshop on Security of the Internet of Things (p. 6). Ratkowski, A. (2016). Architecture for Internet of Things Analytical Ecosystem. InD ependability Engineering and Complex Systems (pp. 385–393). Springer. Refsdal, A., Solhaug, B., & Stølen, K. (2015). Cyber-Risk Management. Cham: Springer International Publishing. https://doi.org/10.1007/978-3-319-23570-7 Riazul Islam, S. M., Daehan Kwak, Humaun Kabir, M., Hossain, M., & Kyung-Sup Kwak. (2015). The Internet of Things for Health Care: A Comprehensive Survey. IEEE Access, 3, 678–708. https://doi.org/10.1109/ACCESS.2015.2437951 Robles, T., Alcarria, R., de Andrés, D. M., Navarro, M., Calero, R., Iglesias, S., & López, M. (2015). An IoT based reference architecture for smart water management processes. JoWUA, 6(1), 4–23. Roman, G.-C. (1985). A taxonomy of current issues in requirements engineering.I EEE Computer, 18(4), 14–23. Ross, E. (2016). Baby monitors “hacked”: Parents warned to be vigilant after voices heard coming from speakers. Independent. Roy, B., & Graham, N. (2008). Methods for Evaluating Software Architecture: A Survey. Ontario, Canada. Rozanski, N., & Woods, E. (2005). Applying Viewpoints and Views to Software Architecture. RSA. (2016). 2016: Current State of Cybercrime. Rueda R., J. S., & TalaveraP., J. M. (2017). Similitudes y diferencias entre Redes de Sensores Inalámbricas e Internet de las Cosas: Hacia una postura clarificadora Similarities and differences between Wireless Sensor Networks and the Internet of Things: Towards a clarifying position. Revista Colombiana de Computación, 18(2), 58–74. https://doi.org/10.29375/25392115.3218 Ruparelia, N. B. (2010). Software development lifecycle models. ACM SIGSOFT Software Engineering Notes, 35(3), 8–13. https://doi.org/10.1145/1764810.1764814 Sadeghi, A.-R., Wachsmann, C., & Waidner, M. (2015). Security and privacy challenges in industrial internet of things. InP roceedings of the 52nd Annual Design Automation Conference on - DAC ’15 (pp. 1–6). New York, New York, USA: ACM Press. https://doi.org/10.1145/2744769.2747942 Sanchez, L., Muñoz, L., Galache, J. A., Sotres, P., Santana, J. R., Gutierrez, V., … others. (2014). SmartSantander: IoT experimentation over a smart city testbed. Computer Networks, 61, 217–238. Sanchez, S., Angel Sicilia, M., & Rodriguez, D. (2012). Ingeniería del Sofware. Un enfoque desde la guía SWEBOK. Alfaomega. Schauer, P., & Debita, G. (2015). Internet of Things Service Systems Architecture. Schrott, U. (2017). Austrian hotel experiences ‘ransomware of things attack.’ Sefika, M., Sane, A., & Campbell, R. H. (1996). Monitoring compliance of a software system with its high-level design models. InP roceedings of the 18th international conference on Software engineering (pp. 387–396). Seo, S., Kim, J., Yun, S., Huh, J., & Maeng, S. (2015). HePA: Hexagonal Platform Architecture for Smart Home Things. In Parallel and Distributed Systems (ICPADS), 2015 IEEE 21st International Conference on (pp. 181–189). Serbanati, A., Salinas Segura, A., Olivereau, A., Ben Saied, Y., Gruschka, N., Gessner, D., & Gomez-Marmol, F. (2012). Project Deliverable D4.2 - Concepts and Solutions for Privacy and Security in the Resolution Infrastructure. Serna, J., Morales, R., Medina, M., & Luna, J. (2014). Trustworthy communications in Vehicular Ad Hoc NETworks. In Internet of Things (WF-IoT), 2014 IEEE World Forum on (pp. 247–252). Shaw, M. (1989). Larger Scale Systems Require Higher-Level Abstractions. ACM Sigsoft Software Engineering Notes, 14(3), 143–146. Shen, S., & Carugi, M. (2014). Standardizing the Internet of Things in an evolutionary way. In ITU Kaleidoscope Academic Conference: Living in a converged world- Impossible without standards?, Proceedings of the 2014 (pp. 249–254). Shirey, R. (2007). Internet Security Glossary, Version 2. Shooman, M. L. (1976). Structural models for software reliability prediction. In Proceedings of the 2nd international conference on Software engineering (pp. 268–280). Shrouf, F., Ordieres, J., & Miragliotta, G. (2014). Smart factories in Industry 4.0: A review of the concept and of energy management approached in production based on the Internet of Things paradigm. In Industrial Engineering and Engineering Management (IEEM), 2014 IEEE International Conference on (pp. 697–701). Sicari, S., Rizzardi, A., Grieco, L. A., & Coen-Porisini, A. (2015). Security, privacy and trust in Internet of Things: The road ahead. Computer Networks, 76, 146–164. Singh, M., & Bhandari, P. (2016). Building a framework for network security situation awareness. In Computing for Sustainable Global Development (INDIACom), 2016 3rd International Conference on (pp. 2578–2583). Singh, S., & Singh, N. (2015). Internet of Things (IoT): Security challenges, business opportunities & reference architecture for E-commerce. In Green Computing and Internet of Things (ICGCIoT), 2015 International Conference on (pp. 1577–1581). Skala, K., Davidovic, D., Afgan, E., Sovic, I., & Sojat, Z. (2015). Scalable Distributed Computing Hierarchy: Cloud, Fog and Dew Computing.O pen Journal of Cloud Computing (OJCC), 2(1), 16–24. Smartex. (2016). Glossary of terms and expressions used in connection with The Internet of Things with a final section of related ‘Standards.’ Retrieved from http://www.smartex.com/wp-content/uploads/2016/04/Internet-of-Things-Glossary-of-Terms-V8-draft.pdf Smith, C. U. (1990). Performance engineering of software systems. Addison-Wesley Longman Publishing Co., Inc. Software Engineering Institute. (2016). Software Engineering Institute Glossary. Sommerville, I. (2011). Ingeniería del Software. PEARSON. Sommerville, I., & Sawyer, P. (1997). Requirements Engineering: A Good Practice Guide. John Wiley & Sons, Inc. Souza, R., & Cardozo, E. (2016). A Resource-Oriented Architecture for the Internet of Things (IoT). InC onnectivity Frameworks for Smart Devices (pp. 99–116). Springer. Statista. (2018). Number of Internet of Things (IoT) devices connected worldwide in 2017 and 2018, by type (in millions). Stoermer, C., Bachmann, F., & Verhoef, C. (2003). SACAM: The software architecture comparison analysis method. Stojmenovic, I., Wen, S., Huang, X., & Luan, H. (2015). An overview of Fog computing and its security issues. Concurrency and Computation: Practice and Experience. Stoneburner, G., Goguen, A. Y., & Feringa, A. (2002). SP 800-30. risk management guide for information technology systems. Stravoskoufos, K., Sotiriadis, S., & Petrakis, E. (2016). IoT-A and FIWARE: bridging the barriers between the cloud and IoT systems design and implementation. In Proc. 6th Int’l Conf. Cloud Computing and Services Science (pp. 146–153). Subramani, K. S., Antonopoulos, A., Nosratinia, A., & Makris, Y. (2016). Hardware-Induced Security & Privacy Vulnerabilities in the Internet of Things. Supriya, S., & Padaki, S. (2016). Data Security and Privacy Challenges in Adopting Solutions for IOT. In 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData) (pp. 410–415). IEEE. https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData.2016.97 Tahir, R., Tahir, H., McDonald-Maier, K., & Fernando, A. (2016). A novel ICMetric based framework for securing the Internet of Things. In Consumer Electronics (ICCE), 2016 IEEE International Conference on (pp. 469–470). Talavera Portocarrero, J. M. (2016). RAMSES: Reference Architectue of Self-Adaptative Middleware for Wireless Sensor Networks. Universidade Federal fo Rio de Janeiro. Techopedia. (2017). What is Modeling Language? Retrieved November 2, 2017, from https://www.techopedia.com/definition/20810/modeling-language Tekinerdogan, B. (2004). ASAAM: Aspectual software architecture analysis method. In Software Architecture, 2004. WICSA 2004. Proceedings. Fourth Working IEEE/IFIP Conference on (pp. 5–14). Thierer, A. D. (2014). The Internet of Things & Wearable Technology: Addressing Privacy & Security Concerns Without Derailing Innovation.S SRN Electronic Journal. https://doi.org/10.2139/ssrn.2494382 Touhill, G. J., & Touhill, J. (2014). Cybersecurity for Executives: A Practical Guide. John Wiley & Sons, Inc. Townsend Security. (2016). Definitive Guide to Encryption Key Management Fundamentals. Retrieved from https://info.townsendsecurity.com/definitive-guide-to-encryptionkey- management-fundamentals Trend Micro. (2015). Trend Micro Glossary: Ransomware. Tuck, M. (2016). Internet of Things: Are We There Yet? (The 2016 IoT Landscape) – Matt Turck. Retrieved July 2, 2017, from http://mattturck.com/2016-iot-landscape/ Tuck, M. (2018). Growing Pains: The 2018 Internet of Things Landscape. Retrieved from http://mattturck.com/iot2018/ Tvedt, R. T., Lindvall, M., & Costa, P. (2002). A process for software architecture evaluation using metrics. In Software Engineering Workshop, 2002. Proceedings. 27th Annual NASA Goddard/IEEE (pp. 191–196). US-CERT. (2016). Alert (TA16-288A) Heightened DDoS Threat Posed by Mirai and Other Botnets. Usländer, T., & Epple, U. (2015). Reference model of industrie 4.0 service architectures. At-Automatisierungstechnik, 63(10), 858–866. Van Kranenburg, R. (2008). The Internet og Things. A critique of ambient technology and the all-seeing network of RFID. Amsterdam. Vaquero, L. M., Rodero-Merino, L., Caceres, J., & Lindner, M. (2008). A break in the clouds: Towards a Cloud Definition. ACM SIGCOMM Computer Communication Review, 39(1), 50. https://doi.org/10.1145/1496091.1496100 Verdouw, C. N., Robbemond, R. M., Verwaart, T., Wolfert, J., & Beulens, A. J. M. (2015). A reference architecture for IoT-based logistic information systems in agri-food supply chains. Enterprise Information Systems, 1–25. Weyrich, M., & Ebert, C. (2016). Reference architectures for the internet of things. IEEE Software, 33(1), 112–116. Williams, L. G., & Smith, C. U. (1998). Performance Engineering of Software Architectures. InP roceeding on Workshop Software and Performance (pp. 164–177). WSO2. (2015). A Reference Architecture for the Internet of Things. Xu, B., Zhang, D., & Yang, W. (2012). Research on architecture of the Internet of Things for grain monitoring in storage. InI nternet of Things (pp. 431–438). Springer. Yacoub, S. M., Cukic, B., & Ammar, H. H. (1999). Scenario-based reliability analysis of component-based software. In Software Reliability Engineering, 1999. Proceedings. 10th International Symposium on (pp. 22–31). Yamamoto, Y., Morris, R. V., Hartsough, C., & Callender, E. D. (1982). The role of requirements analysis in the system life cycle. In Proceedings of the June 7-10, 1982, national computer conference on - AFIPS ’82 (p. 381). New York, New York, USA: ACM Press. https://doi.org/10.1145/1500774.1500821 Yang, J., & Fang, B.-X. (2011). Security model and key technologies for the Internet of things. The Journal of China Universities of Posts and Telecommunications, 18(2), 109–112. Yi, S., Li, C., & Li, Q. (2015). A Survey of Fog Computing: Concepts, Applications and Issues. In Mobidata ’15 Proceedings of the 2015 Workshop on Mobile Big Data (pp. 37–42). ACM. https://doi.org/10.1145/2757384.2757397 York Risk Services Group. (2015). No Business is too small for a cyber-attack. Zegzhda, D., & Stepanova, T. (2015). Achieving Internet of Things security via providing topological sustainability. In Science and Information Conference (SAI), 2015 (pp. 269–276). Zhang, K., Ni, J., Yang, K., Liang, X., Ren, J., & Shen, X. S. (2017). Security and Privacy in Smart City Applications: Challenges and Solutions. IEEE Communications Magazine, 55(1), 122–129. https://doi.org/10.1109/MCOM.2017.1600267CM Zhang, Q., Cheng, L., & Boutaba, R. (2010). Cloud computing: state-of-the-art and research challenges. Journal of Internet Services and Applications, 1(1), 7–18. https://doi.org/10.1007/s13174-010-0007-6 |
dc.rights.uri.*.fl_str_mv |
http://creativecommons.org/licenses/by-nc-nd/2.5/co/ |
dc.rights.local.spa.fl_str_mv |
Abierto (Texto Completo) |
dc.rights.accessrights.spa.fl_str_mv |
info:eu-repo/semantics/openAccess http://purl.org/coar/access_right/c_abf2 |
dc.rights.creativecommons.*.fl_str_mv |
Atribución-NoComercial-SinDerivadas 2.5 Colombia |
rights_invalid_str_mv |
http://creativecommons.org/licenses/by-nc-nd/2.5/co/ Abierto (Texto Completo) http://purl.org/coar/access_right/c_abf2 Atribución-NoComercial-SinDerivadas 2.5 Colombia |
eu_rights_str_mv |
openAccess |
dc.format.mimetype.spa.fl_str_mv |
application/pdf |
dc.coverage.spa.fl_str_mv |
Bucaramanga (Colombia) |
dc.coverage.campus.spa.fl_str_mv |
UNAB Campus Bucaramanga |
dc.publisher.grantor.spa.fl_str_mv |
Universidad Autónoma de Bucaramanga UNAB |
dc.publisher.faculty.spa.fl_str_mv |
Facultad Ingeniería |
dc.publisher.program.spa.fl_str_mv |
Maestría en Telemática |
institution |
Universidad Autónoma de Bucaramanga - UNAB |
bitstream.url.fl_str_mv |
https://repository.unab.edu.co/bitstream/20.500.12749/3552/5/2018_Tesis_Johan_Smith_Rueda_Rueda.pdf https://repository.unab.edu.co/bitstream/20.500.12749/3552/2/2018_Articulo_Johan_Smith_Rueda_Rueda.pdf https://repository.unab.edu.co/bitstream/20.500.12749/3552/4/2018_Articulo_Johan_Smith_Rueda_Rueda.pdf.jpg https://repository.unab.edu.co/bitstream/20.500.12749/3552/6/2018_Tesis_Johan_Smith_Rueda_Rueda.pdf.jpg |
bitstream.checksum.fl_str_mv |
8524367e1df4cb90193ea7b2305cb424 1b5363a045c7c25a056c913897904ad0 020504d13ceba3faf793812f5c5efd29 fd1efd985a57827f4cdbd2abdf464298 |
bitstream.checksumAlgorithm.fl_str_mv |
MD5 MD5 MD5 MD5 |
repository.name.fl_str_mv |
Repositorio Institucional | Universidad Autónoma de Bucaramanga - UNAB |
repository.mail.fl_str_mv |
repositorio@unab.edu.co |
_version_ |
1814277291602083840 |
spelling |
Talavera Portocarrero, Jesús Martínf210e4ef-3f25-4517-8c74-c0d4c40188f9-1Cabrera Cruz, José Daniel15e242b3-32d0-4e32-95f6-2b6ca1abd623-1Rueda Rueda, Johan Smith55581a1c-a923-47a0-bb00-b632cd9aafbb-1https://scienti.minciencias.gov.co/cvlac/visualizador/generarCurriculoCv.do?cod_rh=0000069035https://scienti.minciencias.gov.co/cvlac/visualizador/generarCurriculoCv.do?cod_rh=0000084238Cabrera Cruz, José Daniel [0000069035]https://scholar.google.es/citations?hl=es#user=hses_w0AAAAJCabrera Cruz, José Daniel [0000069035]https://orcid.org/0000-0002-1815-5057Cabrera Cruz, José Daniel [0000-0002-1815-5057]https://www.researchgate.net/profile/Jose_Cabrera_CruzCabrera Cruz, José Daniel [Jose_Cabrera_Cruz]Grupo de Investigación Pensamiento Sistémico - GPSGrupo de Investigaciones ClínicasCabrera Cruz, José Daniel [josé-daniel-cabrera-cruz]Cabrera Cruz, José Daniel [josé-daniel-cabrera-cruz-23900b10]2020-06-26T21:35:50Z2020-06-26T21:35:50Z2018http://hdl.handle.net/20.500.12749/3552instname:Universidad Autónoma de Bucaramanga - UNABreponame:Repositorio Institucional UNABEl internet de las cosas – IoT, es uno paradigmas tecnológicos con rápido crecimiento en los últimos años, en el que objetos inteligentes o cosas, interactúan entre sí y con recursos físicos y/o virtuales a través de Internet. Junto con este crecimiento hace resonancia uno de los retos que presenta este paradigma, la seguridad de aplicaciones IoT. Este trabajo de investigación parte del problema que existen aplicaciones IoT inseguras por la falta de guías que orienten a los desarrolladores en la implementación del dominio de la ciberseguridad en la fase de diseño y la evaluación de estas. La hipótesis planeada es que, mediante un framework, compuesto por diferentes tipos de modelos, se puede orientar al equipo de desarrollo sobre cómo considerar ciberseguridad en las aplicaciones IoT. Desde este punto de partida, en este trabajo se propone un framework conceptual de ciberseguridad para aplicaciones IoT, llamado SMITH Framework. Este framework está compuesto por dos modelos: el primero, un modelo de gestión de la ciberseguridad cuyo propósito es orientar a los desarrolladores de aplicaciones IoT las consideraciones de ciberseguridad que deben tenerse en cuenta desde la fase de diseño de una solución IoT ; el segundo, un modelo conceptual del dominio de la ciberseguridad en el que se presenten seis componentes de seguridad y su relación con el dominio de IoT. Para verificar la hipótesis planteada, se hizo una validación del SMITH Framework basada en el método ATAM, en el que se diseñó una aplicación IoT orientada por elementos del framework propuesto. Los resultados arrojados permitieron conocer que sí es posible orientar al equipo de desarrollo en la implementación de la ciberseguridad en la fase de diseño de una aplicación IoT, confirmando la hipótesis planteadaINTRODUCCIÓN 1. DESCRIPCIÓN GENERAL DEL PROYECTO 1.1. PROBLEMA DE INVESTIGACIÓN 1.1.1 Contexto 1.1.2 Problema 1.2. MOTIVACIÓN 1.2.1 Modelamiento del dominio de la ciberseguridad 1.2.2 Buenas prácticas de la ingeniería del software en proyectos telemáticos 1. 3 PREGUNTA DE INVESTIGACIÓN 1.4 HIPÓTESIS 1.5 OBJETIVOS 1.6 CONTRIBUCIONES. 2. MARCO REFERENCIAL 2.1 MARCO CONCEPTUAL 2.1.1 Ingeniería del software 2.1.1.1 Arquitectura de referencia 2.1.1.2 Arquitectura de software 2.1.1.3 Framework 2.1.1.4 Framework conceptual 2.1.1.4 Modelo de referencia 2.1.1.5 Requisito de calidad 2.1.2 Ciberseguridad 2.1.2.1 Ciberespacio 2.1.2.2 Ciberincidente 2.1.2.3 Incidente de seguridad 2.1.2.4 Ingeniería de seguridad 2.1.3 Telemática 2.1.4 Internet de las cosas 2.1.5 Modelamiento 2.1.5.1 Dominio 2.1.5.2 Lenguajes de modelamiento 2.1.5.3 Modelo 2.2 MARCO TEÓRICO 2.2.1 Ingeniería del software 2.2.1.1 Proceso de desarrollo de software 2.2.1.2 Ingeniería de requisitos 2.2.1.3 Importancia de los requisitos en el desarrollo de software 2.2.1.4 Evaluación de arquitecturas 2.2.2 Ciberseguridad 2.2.3 Internet de las cosas 2.2.3.1 Dominios de aplicación 2.2.3.2 Construcción de aplicaciones IoT 2.2.3.3 Roles en el desarrollo de aplicaciones IoT 2.2.4 Computación distribuida 2.2.4.1 Cloud computing 2.2.4.2 Fog computing 2.2.4.3 Dew computing 2.3 ESTADO DEL ARTE 2.3.1 Frameworks de seguridad para aplicaciones IoT 2.3.1.1 Modelos de seguridad para IoT 2.3.1.2 Frameworks de seguridad para IoT 2.3.1.3 Tendencias de construcción 2.3.1.4 Recursos IoT que protegen 2.3.1.5 Propiedades de seguridad de la información que protegen 2.3.1.6 Conclusiones y brecha de investigación 2.3.2 Estado actual de la ciberseguridad en IoT 2.3.2.1 Malware en IoT 2.3.2.2 Dispositivos IoT 2.3.2.3 Conclusiones del estado del arte 2.4 MARCO NORMATIVO Y ESTÁNDARES 2.4.1 Estándar ISO/IEC 25.010:2011 2.4.2 Estándar ISO/IEC 27.001:2013 2.4.3 Estándar ISO/IEC/IEEE 27017:2015 2.4.5 Estándar ISO/IEC/IEEE 42010:2011 2.4.5 Aportes de la normatividad a este trabajo 2.5 MARCO CONTEXTUAL Y ANTECEDENTES 2.5.1 Centro de Excelencia y Apropiación en Internet de las Cosas 2.5.2 Fundación OWASP 2.6 CONSIDERACIONES FINALES DEL CAPÍTULO 3. ASPECTOS METODOLÓGICOS 3.1 TIPO Y ENFOQUE DE INVESTIGACIÓN 3.2 UNIVERSO Y MUESTRA 3.3 TÉCNICAS E INSTRUMENTOS 3.3.1 Técnicas 3.3.2 Instrumentos 3.4 ACTIVIDADES REALIZADAS 3.4.1 Fase 1: Formulación del modelo de gestión de ciberseguridad para aplicaciones IoT 3.4.1.1 Selección de arquitecturas de referencia (AR) de aplicaciones IoT que serán analizadas 3.4.1.2 Identificación de los niveles arquitecturales de una aplicación IoT genérica 3.4.1.3 Análisis de los requisitos de ciberseguridad que debe cumplir una aplicación IoT 3.4.1.4 Construcción del modelo de gestión para la ciberseguridad para aplicaciones IoT 3.4.2 Fase 2: Representación del dominio de la seguridad para IoT 3.4.2.1 Selección de lenguaje y herramientas de modelado 3.4.2.2 Modelamiento del dominio de ciberseguridad para IoT 3.4.3 Fase 3: Validación del framework propuesto 3.4.3.1 Diseño de la técnica de validación del framework 3.4.3.2 Evaluación del framework 3.4.3.3 Plan de mejoramiento del framework 4 MODELO PROPUESTO DE GESTIÓN DE LA CIBERSEGURIDAD EN APLIACIONES IOT 4.1 METODOLOGÍA PARA EL DESARROLLO DE SMITH MODEL 4.2 ARQUITECTURAS DE REFERENCIA PARA IOT 4.2.1 Revisión sistemática de la literatura 4.2.1.1 Planificación 4.2.1.2 Conducción 4.2.1.3 Reporte 4.2.2 Arquitecturas de referencia seleccionadas 4.3 ARQUITECTURA GENÉRICA PROPUESTA PARA APLICACIONES IOT 4.3.1 Capas y componentes identificadas 4.3.1.1 Análisis del modelo de referencia de la ITU-T 4.3.1.2 Análisis de la arquitectura de referencia del IoT Project 4.3.1.3 Análisis de la arquitectura de SmartSantander 4.3.1.4 Análisis de la arquitectura de referencia de WSO2 4.3.2 Componentes y funcionalidades genéricas de aplicaciones IoT 4.3.3 Análisis de funcionalidades 4.3.4 Diseño de arquitectura genérica de IoT 4.3.4.1 Cloud Layer 4.3.4.2 Fog Layer 4.3.4.3 Dew Layer 4.4 REQUISITOS DE SEGURIDAD PARA APLICACIONES IOT 4.4.1 Grupo de requisitos para la confidencialidad de la información 4.4.1.1 Requisitos de seguridad 4.4.1.2 Requisitos de privacidad 4.4.1.3 Requisitos de autenticación y autorización 4.4.2 Grupo de requisitos para la integridad de la información 4.4.3 Grupo de requisitos para la disponibilidad de la información 4.4.4 Grupo de requisitos para el no repudio 4.5 MODELO DE GESTIÓN DE CIBERSEGURIDAD PROPUESTO 4.5.1 SMITH Model 4.5.1.1 Diseño del SMITH Model 4.5.1.2 Descripción del SMITH Model 4.5.2 Guía de buenas prácticas ciberseguridad para el aseguramiento de aplicaciones IoT 4.5.2.1 Buenas prácticas de ciberseguridad para Cloud Layer 4.5.2.2 Buenas prácticas de ciberseguridad para Fog Layer 4.5.2.3 Buenas prácticas de ciberseguridad para Dew Layer 4.5.3 Instrumento de evaluación 5. MODELO CONCEPTUAL DEL DOMINIO DE LA CIBERSEGURIDAD PARA APLICACIONES IOT 5.1 MODELO DEL DOMINIO IOT 5.1.1 Concepto claves del dominio IoT 5.1.1.1 Servicios 5.1.1.2 Entidades 5.1.1.3 Recursos 5.1.1.4 Dispositivos 5.1.1.5 Usuarios 5.1.2 Representación del dominio IoT 5.2 REPRESENTACIÓN DEL DOMINIO DE CIBERSERGURIDAD 5.2.1 Componentes de ciberseguridad para IoT 5.2.2 Modelo del dominio de ciberseguridad para IoT 5.2.2.1 Autenticación (AuthN) 5.2.22 Autorización (AuthZ) 5.2.2.3 Gestión de claves criptográficas (CEM) 5.2.2.4 Gestión de identidad (IDM) 5.2.2.5 Disponibilidad (AVBL) 5.2.2.6 No repudio (NRP) 6. VALIDACIÓN DEL FRAMEWORK PROPUESTO 6.1 CASO DE ESTUDIO 6.1.1 Alcance y limitaciones del caso de uso 6.1.2 Arquitectura conceptual del sistema 6.1.3 Requisitos del sistema 6.1.3.1 Requisitos funcionales 6.1.3.2 Requisitos de calidad 6.1.4 Presentación arquitectural del sistema 6.1.4.1 Vista conceptual 6.1.4.2 Vista funcional 6.1.4.3 Vista de servicios del sistema 6.2 VALIDACIÓN DE LA ARQUITECTURA 6.2.1 Fase 1: Presentación 6.2.1.1 Paso 1: Presentación de ATAM 6.2.1.2 Paso 2: Presentación de los objetivos del negocio 6.2.1.3 Paso 3: Presentación de la arquitectura 6.2.2 Fase 2: Investigación y análisis 6.2.2.1 Paso 4: Identificar las aproximaciones arquitecturales 6.2.2.2 Paso 5: Generar el árbol de utilidad de atributos de calidad 6.2.2.3 Paso 6: Analizar las aproximaciones arquitecturales 6.2.3 Fase 3: Pruebas 6.2.3.1 Paso 7: Lluvia de ideas y priorización de escenarios 6.2.3.2 Paso 8: Analizar las aproximaciones arquitecturales 6.2.4 Fase 4: Presentación de informe 6.3 INTEGRACIÓN DEL FRAMEWORK 7. CONCLUSIONES Y TRABAJO FUTURO 7.1 CONCLUSIONES 7.2 REVISIÓN DE LAS CONTRIBUCIONES REALIZADAS 7.3 TRABAJO FUTURO REFERENCIAS Anexo A – Evaluación de arquitecturas de referencia. Anexo B – Modelo de gestión de la ciberseguridad para aplicaciones IoTMaestríaThe Internet of Things - IoT, is one of the fastest growing technological paradigms in recent years, in which smart objects or things interact with each other and with physical and / or virtual resources through the Internet. Along with this growth, one of the challenges presented by this paradigm resonates, the security of IoT applications. This research work starts from the problem that there are insecure IoT applications due to the lack of guides that guide developers in the implementation of the cybersecurity domain in the design phase and their evaluation. The planned hypothesis is that, through a framework, made up of different types of models, the development team can be guided on how to consider cybersecurity in IoT applications. From this starting point, this work proposes a conceptual cybersecurity framework for IoT applications, called SMITH Framework. This framework is made up of two models: the first, a cybersecurity management model whose purpose is to guide IoT application developers on the cybersecurity considerations that must be taken into account from the design phase of an IoT solution; the second, a conceptual model of the cybersecurity domain in which six security components and their relationship with the IoT domain are presented. To verify the hypothesis raised, a validation of the SMITH Framework based on the ATAM method was carried out, in which an IoT application was designed based on elements of the proposed framework. The results obtained allowed us to know that it is possible to guide the development team in the implementation of cybersecurity in the design phase of an IoT application, confirming the hypothesis raisedModalidad Presencialapplication/pdfspahttp://creativecommons.org/licenses/by-nc-nd/2.5/co/Abierto (Texto Completo)info:eu-repo/semantics/openAccesshttp://purl.org/coar/access_right/c_abf2Atribución-NoComercial-SinDerivadas 2.5 ColombiaFramework conceptual de ciberseguridad para aplicaciones de internet de las cosasConceptual framework of cybersecurity for internet of things applicationsMagíster en TelemáticaBucaramanga (Colombia)UNAB Campus BucaramangaUniversidad Autónoma de Bucaramanga UNABFacultad IngenieríaMaestría en Telemáticainfo:eu-repo/semantics/masterThesisTesishttp://purl.org/redcol/resource_type/TMSystems engineeringConceptual frameworkConceptual modelCybersecurity modelLoT applicationsTelematicsSoftware EngineeringComputer securityInformatic securityComputer networksInformation storage systemsInformation retrieval systemsSecurity measuresResearchAnalysisIngeniería de sistemasTelemáticaIngeniería de softwareSeguridad en computadoresSeguridad informáticaRedes de computadoresSistemas de almacenamiento de informaciónSistemas de recuperación de informaciónMedidas de seguridadInvestigacionesAnálisisFramework conceptualModelo conceptualModelo de ciberseguridadAplicaciones LoTRueda Rueda, Johan Smith (2018). Framework conceptual de ciberseguridad para aplicaciones de internet de las cosas. Bucaramanga (Colombia) : Universidad Autónoma de Bucaramanga UNABAbdmeziem, M. R., Tandjaoui, D., & Romdhani, I. (2016). Architecting the internet of things: state of the art. In Robots and Sensor Clouds (pp. 55–75). Springer.Abrahamsson, P., Salo, O., Ronkainen, J., & Warsta, J. (2017). Agile Software Development Methods: Review and Analysis. CoRR, 478, 107. Retrieved from http://arxiv.org/abs/1709.08439Abreu, D. P., Velasquez, K., Curado, M., & Monteiro, E. (2017). A resilient Internet of Things architecture for smart cities. Annals of Telecommunications, 72(1–2), 19–30.Adams, K. (2015). Non-functional Requirements in Systems Analysis and Design. Springer.Addo, I. D., Ahamed, S. I., Yau, S. S., & Buduru, A. (2014). A reference architecture for improving security and privacy in Internet of Things applications. InM obile Services (MS), 2014 IEEE International Conference on (pp. 108–115).Aldosari, H. M. (2015). A Proposed Security Layer for the Internet of Things Communication Reference Model.P rocedia Computer Science, 65, 95–98.Alhamedi, A. H., Snasel, V., Aldosari, H. M., & Abraham, A. (2014). Internet of things communication reference model. In Computational Aspects of Social Networks (CASoN), 2014 6th International Conference on (pp. 61–66).Andolfi, F., Aquilani, F., Balsamo, S., & Inverardi, P. (2000). Deriving QNM from MSCs for performance evaluation of SA. In ACM Workshop on Software Performance (pp. 220–229).Aquilani, F., Balsamo, S., & Inverardi, P. (2001). Performance analysis at the software architectural design level.P erformance Evaluation, 45(2–3), 147–178.Ashton, K. (2009). That “Internet of Things” Thing. RFID Journal, 1. Retrieved from www.rfidjournal.com/articles/pdf?4986Atamli, A. W., & Martin, A. (2014). Threat-Based Security Analysis for the Internet of Things. In 2014 International Workshop on Secure Internet of Things (pp. 35–43). IEEE. https://doi.org/10.1109/SIoT.2014.10Atzori, L., Iera, A., & Morabito, G. (2010). The internet of things: a survey. Computer Networks, 54, 2787–2805. https://doi.org/10.1007/s10796-014-9492-7Atzori, L., Iera, A., & Morabito, G. (2017). Understanding the Internet of Things: definition, potentials, and societal role of a fast evolving paradigmA. d Hoc Networks, 56, 122–140. https://doi.org/10.1016/j.adhoc.2016.12.004Babar, M. A., & Gorton, I. (2004). Comparison of scenario-based software architecture evaluation methods. In 11th Asia-Pacific Software Engineering Conference, 2004.Balsamo, S., Inverardi, P., & Mangano, C. (1998). An approach to performance evaluation of software architectures. In Proceedings of the 1st international workshop on Software and performance (pp. 178–190).Banda, G., Chaitanya, K., & Mohan, H. (2015). An IoT protocol and framework for OEMs to make IoT-enabled devices forward compatible. In Signal-Image Technology & Internet-Based Systems (SITIS), 2015 11th International Conference on (pp. 824–832).Barker, E. (2016). Recommendation for Key Management Part 1: General. Gaithersburg, MD. https://doi.org/10.6028/NIST.SP.800-57pt1r4Barker, E., Smid, M., Branstad, D., & Chokhani, S. (2013). A Framework for Designing Cryptographic Key Management Systems. Gaithersburg, MD. https://doi.org/10.6028/NIST.SP.800-130Bassi, A., Bauer, M., Fiedler, M., Kramp, T., van Kranenburg, R., Lange, S., & Meissner, S. (Eds.). (2013). Enabling Things to Talk. Berlin, Heidelberg: Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-40403-0Bauer, M., Boussard, M., Bui, N., Carrez, F., Jardak, C., De Loof, J., … Salinas, A. (2013).D eliverable D1.5 – Final architectural reference model for the IoT v3.0.Bauer, M., Boussard, M., Bui, N., De Loof, J., Magerkurth, C., Meissner, S., … Walewski, J. W. (2013). IoT Reference Architecture. In A. Bassi, M. Bauer, M. Fiedler, T. Kramp, R. van Kranenburg, S. Lange, & S. Meissner (Eds.), Enabling Things to Talk: Designing IoT solutions with the IoT Architectural Reference Model (pp. 163–211). Berlin, Heidelberg: Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-40403-0_8Bauer, M., Bui, N., De Loof, J., Magerkurth, C., Nettsträter, A., Stefa, J., & Walewski, J. W. (2013). IoT Reference Model. In Enabling Things to Talk (pp. 113–162). Berlin, Heidelberg: Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-40403-0_7Bayuk, J. L., Healey, J., Rohmeyer, P., Sachs, M. H., Schmidt, J., & Weiss, J. (2012).C yber Security Policy Guidebook. Wiley Publishing.Beltrán G., Ó. A. (2005). Revisiones sistemáticas de la literatura. Revista Colombiana de Gastroenterología, 20(1), 10.Bengtsson, P., & Bosch, J. (1998). Scenario-based software architecture reengineering. In Fifth International Conference on oftware Reuse, 1998 (pp. 308–317). IEEE.Bengtsson, P., & Bosch, J. (1999). Architecture level prediction of software maintenance. In Software Maintenance and Reengineering, 1999. Proceedings of the Third European Conference on (pp. 139–147).Bengtsson, P., Lassing, N., Bosch, J., & van Vliet, H. (2004). Architecture-level modifiability analysis (ALMA). Journal of Systems and Software, 69(1–2), 129–147.Bergner, K., Rausch, A., Sihling, M., & Ternité, T. (2005). DoSAM--domain-specific software architecture comparison model. In Quality of Software Architectures and Software Quality (pp. 4–20). Springer.Bernabe, J. B., Hernández, J. L., Moreno, M. V., & Gomez, A. F. S. (2014). Privacy-preserving security framework for a social-aware internet of things. In International conference on ubiquitous computing and ambient intelligence (pp. 408–415).Biolchini, J., Gomes Mian, P., Cruz Natali, A. C., & Horta Travassos, G. (2005). Systematic Review in Software Engineering. Rio de Jainero.Boehm, B. (n.d.). Evaluating a Software Architecture (pp. 19–42).Boehm, B. W., Brown, J. R., & Kaspar, H. (1978). Characteristics of Software Quality.Bohli, J.-M., Skarmeta, A., Moreno, M. V., García, D., & Langendörfer, P. (2015). SMARTIE project: Secure IoT data management for smart cities. In Recent Advances in Internet of Things (RIoT), 2015 International Conference on (pp. 1–6).Borgia, E. (2014). The internet of things vision: Key features, applications and open issues. Computer Communications, 54, 1–31. https://doi.org/10.1016/j.comcom.2014.09.008Boroojeni, K. G., Amini, M. H., & Iyengar, S. S. (2016). Smart Grids: Security and Privacy Issues. Springer.Boussard, M., Meissner, S., Nettsträter, A., Olivereau, A., Segura, A. S., Thoma, M., & Walewski, J. W. (2013). A Process for Generating Concrete Architectures. In Enabling Things to Talk (pp. 45–111). Springer.Brooks, F. (1987). No Silver Bullet: Essence and Accidents of Software Engineering.I EEE Computer, 20(4), 10–19.Caltum, E., & Segal, O. (2016). Exploitation of IoT devices for Launching Mass-Scale Attack Campaigns.Capgemini. (2018). Cybersecurity talent — The big gap in cyber protectionCaracciolo, A., Lungu, M. F., & Nierstrasz, O. (2014). How Do Software Architects Specify and Validate Quality Requirements? In European Conference on Software Architecture (pp. 374–389). Springer.CASAGRAS Project. (2009). RFID and the Inclusive Model for the Internet of Things.Cavalcante, E., Alves, M. P., Batista, T., Delicato, F. C., & Pires, P. F. (2015). An analysis of reference architectures for the internet of things. In Proceedings of the 1st International Workshop on Exploring Component-based Techniques for Constructing Reference Architectures (pp. 13–16).Cavalcante, E., Pereira, J., Alves, M. P., Maia, P., Moura, R., Batista, T., … Pires, P. F. (2016). On the interplay of Internet of Things and Cloud Computing: A systematic mapping study. Computer Communications, 89–90, 17–33. https://doi.org/10.1016/j.comcom.2016.03.012Chant, I. (2017). The Cybersecurity Talent Shortage Is Here, and It’s a Big Threat to Companies. Retrieved January 10, 2018, from http://theinstitute.ieee.org/ieeeroundup/ blogs/blog/the-cybersecurity-talent-shortage-is-here-and-its-a-big-threat-to-companiesChen, Q., Abdelwahed, S., & Erradi, A. (2014). A model-based validated autonomic approach to self-protect computing systems. IEEE Internet of Things Journal, 1(5), 446– 460.Cheung, R. C. (1980). A user-oriented software reliability model. IEEE Transactions on Software Engineering, (2), 118–125.Chung, L., & do Prado Leite, J. C. S. (2009). On Non-Functional Requirements in Software Engineering. In Conceptual Modeling: Foundations and Applications (pp. 363–379). Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-02463-4_19Chung, L., Nixon, B. A., Yu, E., & Mylopoulos, J. (2012). Non-functional Requirements in Software Engineering. Springer Science & Business Media.Cimpanu, C. (2016). Problems Reappear for IoT Device Owners with Discovery of New DDoS Trojan.Cirani, S., Ferrari, G., & Veltri, L. (2013). Enforcing Security Mechanisms in the IP-Based Internet of Things: An Algorithmic Overview. Algorithms, 6(2), 197–226. https://doi.org/10.3390/a6020197Cisco. (2015). Mitigating the Cybersecurity Skills Shortage: Top Insights and Actions from Cisco Security Advisory ServicesCisco. (2016a). Internet of Things at a GlanceCisco. (2016b). The Internet of Things. It’s not about things. It’s about service. Retrieved from https://www.jasper.com/sites/default/files/pdf/IoT_Infographic.pdf%7DCisco. (2017). Cisco 2017 Annual Cybersecurity Report.CISCO. The Internet of Things Reference Model (2014). Retrieved from http://cdn.iotwf.com/resources/71/IoT_Reference_Model_White_Paper_June_4_2014.pdfClements, P., Garlan, D., Little, R., Nord, R., & Stafford, J. (2003). Documenting software architectures: views and beyond. InP roceedings of the 25th International Conference on Software Engineering (pp. 740--741). ACM. Retrieved from http://delivery.acm.org/10.1145/780000/776928/p740-clements.pdf? ip=200.69.124.106&id=776928&acc=ACTIVE SERVICE&key=4D9619BEF5D5941F.D0AFA4C1BA803950.4D4702B0C3E38B35.4D4702B0C3E38B35&__acm__=1520370891_ece2c328b7de31eaf77e2c65c0fa3758CNSS. (2010). National Information Assurance (IA) Glossary. Committee on National Security Systems.Cobb, S. (2016a). Cybersecurity skills gap: It’s big and it’s bad for security. Retrieved from https://www.welivesecurity.com/2016/12/16/cybersecurity-skills-gap-big-and-bad/Cobb, S. (2016b). Jackware: When connected cars meet ransomware.Cobb, S. (2017). RoT: Ransomware of Things.Colciencias. (2016). Tipología de proyectos calificados como de carácter cientifíco, tecnológico e innovación (Vol. 4). https://doi.org/10.1007/s13398-014-0173-7.2Condry, M. W., & Nelson, C. B. (2016). Using Smart Edge IoT Devices for Safer, Rapid Response With Industry IoT Control Operations. Proceedings of the IEEE, 104(5), 938–946.Cortellessa, V., & Mirandola, R. (2000). Deriving a queueing network based performance model from UML diagrams. In Proceedings of the 2nd international workshop on Software and performance (pp. 58–70).Currie, R. (2016). Developments in Car Hacking. SANS Institute InfoSec Reading Room, 1–34.CyberX. (2016). Radiation IoT Cyber Security Campaign.Da Xu, L., He, W., & Li, S. (2014). Internet of things in industries: A survey. IEEE Transactions on Industrial Informatics, 10(4), 2233–2243.Dalipi, F., & Yayilgan, S. Y. (2016). Security and Privacy Considerations for IoT Application on Smart Grids: Survey and Research Challenges. In 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW) (pp. 63–68). IEEE. https://doi.org/10.1109/W-FiCloud.2016.28Davis, A. M. (1993). Software Requirements: Objects, Functions and States. Prentice-Hall, Inc.De, S., Carrez, F., Reetz, E., Tönjes, R., & Wang, W. (2013). Test-Enabled Architecture for IoT Service Creation and Provisioning. In The Future Internet Assembly (pp. 233–245). https://doi.org/10.1007/978-3-642-38082-2_20Deloitte. (2018). The cybersecurity talent shortage: An emerging challenge for consumer products companiesDobre, C., Mavromoustakis, C. X., Garcia, N., Ivanova Goleva, R., & Mastorakis, G. (Eds.).( 2017). Glossary. In Ambient Assisted Living and Enhanced Living Environments (pp. xliii–xliv). Elsevier. https://doi.org/10.1016/B978-0-12-805195-5.00028-4Dykstra, J. (2015). Essential Cybersecurity Science: Build, Test, and Evaluate Secure Systems (First Edit). O’Reilly Media.Edwards, S., & Profetis, I. (2016). Hajime: Analysis of a decentralized internet worm for IoT devices.Elmaghraby, A. S., & Losavio, M. M. (2014). Cyber security challenges in Smart Cities: Safety, security and privacy. Journal of Advanced Research, 5(4), 491–497. https://doi.org/10.1016/j.jare.2014.02.006Emm, D., Unuchek, R., & Kruglov, K. (2016). Kaspersky Security Bulletin 2016. Review of the Year.Essery, Michael. (2016). Today 65% of Enterprises Already Using Internet of Things; Business Value found in Optimizing Operations and Reducing Risk.Fernandes, J., Nati, M., Loumis, N. S., Nikoletseas, S., Raptis, T. P., Krco, S., … Ziegler, S. (2015). IoT Lab: Towards co-design and IoT solution testing using the crowd. In Recent Advances in Internet of Things (RIoT), 2015 International Conference on (pp. 1–6).Finkle, J. (2016). J&J warns diabetic patients: Insulin pump vulnerable to hacking. Reuters.Fiutem, R., & Antoniol, G. (1998). Identifying design-code inconsistencies in object-oriented software: A case study. InS oftware Maintenance, 1998. Proceedings., International Conference on (pp. 94–102).Folmer, E., Van Gurp, J., & Bosch, J. (2004). Software architecture analysis of usability. In International Workshop on Design, Specification, and Verification of Interactive Systems (pp. 38–58).ForeScout Technologies. (2016). IoT Enterprise Risk Report.Formisano, C., Pavia, D., Gurgen, L., Yonezawa, T., Galache, J. A., Doguchi, K., & Matranga, I. (2015). The advantages of IoT and cloud applied to smart cities. In Future Internet of Things and Cloud (FiCloud), 2015 3rd International Conference on (pp. 325–332).Forrester. (2017). Predictions 2018: IoT Moves From Experimentation To Business Scale.Fowler, K. (2016). Cybersecurity. In Enterprise Risk Management (pp. 91–108). Elsevier. https://doi.org/10.1016/B978-0-12-800633-7.00007-9Fox-Brewster, T. (2016). How Hacked Cameras Are Helping Launch The Biggest Attacks The Internet Has Ever Seen.F orbes.Fundación Telefónica. (2016). Ciberseguridad, la protección de la información en un mundo digital. Fundación Telefónica, Editorial Ariel S.A.Gartner Inc. (2015). Gartner Says 6.4 Billion Connected “Things” Will Be in Use in 2016, Up 30 Percent From 2015.Gartner Inc. (2016a). Gartner’s 2016 Hype Cycle for Emerging Technologies Identifies Three Key Trends That Organizations Must Track to Gain Competitive Advantage. Retrieved from www.gartner.com/newsroom/id/3412017Gartner Inc. (2016b). Gartner Says By 2020, More Than Half of Major New Business Processes and Systems Will Incorporate Some Element of the Internet of Things.Gartner Inc. (2016c). Gartner Says Worldwide IoT Security Spending to Reach $348 Million in 2016.Gartner Inc. (2016d). Top 10 Strategic Technology Trends for 2017.Ge, M., & Kim, D. S. (2015). A framework for modeling and assessing security of the internet of things. InP arallel and Distributed Systems (ICPADS), 2015 IEEE 21st International Conference on (pp. 776–781).Gibbs, S. (2015). Hackers can hijack Wi-Fi Hello Barbie to spy on your children. The Guardian.Gilchrist, A. (2016). IIoT Reference Architecture. In Industry 4.0 (pp. 65–86). Springer.Gluhak, A., Hauswirth, M., Krco, S., Stojanovic, N., Bauer, M., Nielsen, R. H., … Corcho, O. (2011). An Architectural Blueprint for a Real-World Internet. InF uture Internet Assembly (pp. 67–80).Gluhak, A., Munoz, L., Sotres, P., Sanchez, L., Roux, P., Sanchez, B., … Hernandez, A. L. (2013). Third Cycle Architecture Specification.Gokhale, S. S., & Trivedi, K. S. (2002). Reliability prediction and sensitivity analysis based on software architecture. InS oftware Reliability Engineering, 2002. ISSRE 2003. Proceedings. 13th International Symposium on (pp. 64-75).Gómez Vargas, M., Galeano Higuita, C., & Jaramillo Muñoz, D. A. (2015). El estado del arte: una metodología de investigación.R evista Colombiana de Ciencias Sociales, 6(2), 423–442.Grant, M. J., & Booth, A. (2009). A typology of reviews: an analysis of 14 review types and associated methodologies.H ealth Information & Libraries Journal, 26(2), 91–108. https://doi.org/10.1111/j.1471-1842.2009.00848.xGreen, P. E. J. (2016). Introduction to Risk Management Principles. In Enterprise Risk Management (pp. 1–13). Elsevier. https://doi.org/10.1016/B978-0-12-800633- 7.00001-8Gubbi, J., Buyya, R., Marusic, S., & Palaniswami, M. (2013). Internet of Things (IoT): A vision, architectural elements, and future directions.F uture Generation Computer Systems, 29(7), 1645–1660.Guo, B., Zhang, D., Wang, Z., Yu, Z., & Zhou, X. (2013). Opportunistic IoT: Exploring the harmonious interaction between human and the internet of things. Journal of Network and Computer Applications, 36(6), 1531–1539.Hayashi, K. (2014). IoT Worm Used to Mine Cryptocurrency.Heer, T., Garcia-Morchon, O., Hummen, R., Keoh, S. L., Kumar, S. S., & Wehrle, K. (2011). Security Challenges in the IP-based Internet of Things.W ireless Personal Communications, 61(3), 527–542. https://doi.org/10.1007/s11277-011-0385-5Hellaoui, H., Bouabdallah, A., & Koudil, M. (2016). TAS-IoT: Trust-Based Adaptive Security in the IoT. In Local Computer Networks (LCN), 2016 IEEE 41st Conference on (pp. 599–602).Herjavec Group. (2017). 2017 Cybersecurity Jobs Report.Hernandez-Ramos, J. L., Pawlowski, M. P., Jara, A. J., Skarmeta, A. F., & Ladid, L. (2015). Toward a lightweight authentication and authorization framework for smart objects. IEEE Journal on Selected Areas in Communications, 33(4), 690–702.Hernandez Sampieri, R., Fernández Collado, C., & Baptista Lucio, M. del P. (2010). Metodología de la investigación (Quinta edi). McGraw-Hill, Inc.Hewlett Packard Enterprise. (2015). Internet Of things research study.Hioureas, V. (2015, May). Does CCTV put the public at risk of cyberattack? Kaspersky Labs.Höller, J., Tsiatsis, V., Mulligan, C., Karnouskos, S., Avesand, S., & Boyle, D. (2014a). Architecture Reference Model. In From Machine-To-Machine to the Internet of Things (pp. 167–197). Elsevier. https://doi.org/10.1016/B978-0-12-407684-6.00007-3Höller, J., Tsiatsis, V., Mulligan, C., Karnouskos, S., Avesand, S., & Boyle, D. (2014b). IoT Architecture – State of the Art. In From Machine-To-Machine to the Internet of Things (pp. 145–165). Elsevier. https://doi.org/10.1016/B978-0-12-407684-6.00006-1Höller, J., Tsiatsis, V., Mulligan, C., Karnouskos, S., Avesand, S., & Boyle, D. (2014c). IoT Reference Architecture. In From Machine-To-Machine to the Internet of Things (pp. 199–223). Elsevier. https://doi.org/10.1016/B978-0-12-407684-6.00008-5Hopkin, P. (2017). Fundamentals of Risk Management: Understanding, evaluating and implementing effective risk managementHuang, X., Craig, P., Lin, H., & Yan, Z. (2015). SecIoT: a security framework for the Internet of Things. Security and Communication Networks, 9, 3083–3095. https://doi.org/10.1002/sec.1259Hussein, N. H., & Khalid, A. (2016). A survey of Cloud Computing Security challenges and solutions.I nternational Journal of Computer Science and Information Security, 14(1), 52.Hwang, H., & Park, Y. B. (2017). Safety - Critical Software Quality Improvement Using Requirement Analysis. In2 017 International Conference on Platform Technology and Service (PlatCon) (pp. 1–4). IEEE. https://doi.org/10.1109/PlatCon.2017.7883725IEEE. (1990). IEEE Standard Glossary of Software Engineering Terminology.IEEE Computer Society. (2014). Guide to the Software Engineering - Body of Knowledge. (P. Bourque & R. E. Fairley, Eds.), IEEE Computer Society (V3 ed.). https://doi.org/10.1234/12345678Intel. (2016). A Guide to the Internet of Things. How billion of online objects are making the web wiser.Intel Security, & CSIS. (2016). Hacking the Skills Shortage: A study of the international shortage in cybersecurity skillsInternet of Things Guide. (2016). Glossary Term.Ionita, M. T., Hammer, D., & Obbink, H. (2002). Scenario-Based Software Architecture Evaluation Methods: An Overview.T echnical University, 1–10.Iorga, M., Feldman, L., Barton, R., Martin, M. J., Goren, N., & Mahmoudi, C. (2017). The NIST Definition of Fog Computing.IoT-A Project. (2016). Requirements — IOT-A: Internet of Things Architecture. Retrieved from http://www.iot-a.eu/public/requirements/copy_of_requirementsISACA. (2013). A simple definition of cybersecurity.ISACA. (2016a). 2016 Cybersecurity Skills Gap. Retrieved from https://isaca.org.ar/2016/12/07/cybersecurity-skills-gap/ISACA. (2016b). Cybersecurity Fundamentals GlossaryISACA. (2018). State of Cybersecurity Study: Security Budgets Increasing, But Qualified Cybertalent Remains Hard to Find. Retrieved May 31, 2018, from http://www.isaca.org/About-ISACA/Press-room/News-Releases/2018/Pages/State-of-Cybersecurity-Study-Security-Budgets-Increasing-But-Qualified-Cybertalent- Remains-Hard-to-Find.aspxISO/IEC/IEEE. (2010). ISO/IEC/IEEE 24765:2010 Systems and software engineering - Vocabulary.ISO/IEC/IEEE. (2011). ISO/IEC/IEEE 42010:2011, Systems and software engineering — Architecture description.ISO/IEC. (2012). ISO/IEC 27032:2012, Information technology -- Security techniques -- Guidelines for cybersecurity. Retrieved from https://www.iso.org/standard/44375.htmlISO/IEC. (2013). ISO/IEC 27001:2013, Information technology -- Security techniques -- Information security management systems -- Requirements.ISO/IEC. (2015). ISO/IEC/IEEE 27017:2015, Information technology -- Security techniques -- Code of practice for information security controls based on ISO/IEC 27002 for cloud services.ITU-T. (2012). Overview of the Internet of things. Series Y: Global information infrastructure, internet protocol aspects and next-generation networks - Frameworks and functional architecture models.ITU-T. (2014a). F.748.0: Common requirements for Internet of things (IoT) applications.ITU-T. (2014b). Y.2066: Common requirements of the Internet of things.Jiménez, J. A., Russo, M., Krco, S., Bezanilla, R., Munoz, L., Galache, J. A., …K outsoubelias, M. (2012). Second Cycle Architecture Specification.Jóźwiak, L. (2017a). Advanced mobile and wearable systems. Microprocessors and Microsystems, 50, 202–221. https://doi.org/10.1016/j.micpro.2017.03.008Jóźwiak, L. (2017b). Advanced mobile and wearable systems. Microprocessors and Microsystems, 50, 202–221. https://doi.org/10.1016/j.micpro.2017.03.008Kaspersky Lab. (2016). Kaspersky Security Bulletin 2016.Kaspersky Labs. (2015a). Damage Control: The Cost of Security Breaches. It Security Risk Special Report Series.Kaspersky Labs. (2015b). Global IT Security Risks Survey.Kazman, R., Bass, L., Abowd, G., & Webb, M. (1994). SAAM: A method for analyzing the properties of software architectures. InS oftware Engineering, 1994. Proceedings. ICSE-16., 16th International Conference on (pp. 81–90).Kazman, R., Klein, M., Barbacci, M., Longstaff, T., Lipson, H., & Carriere, J. (1998).T he Architecture Tradeoff Analysis Method.Kim, D., & Solomon, M. G. (2016). Fundamentals of Information Systems Security. Jones & Bartlett Learning. Retrieved from https://books.google.com.co/books? id=Yb4eDQAAQBAJKitchenham, B., & Charters, S. (2007). Guidelines for performing systematic literature reviews in software engineering version 2.3.Kotonya, G., & Sommerville, I. (1998). Requirements Engineering: Processes and Techniques (1st ed.). Wiley Publishing.Krco, S., Pokric, B., & Carrez, F. (2014). Designing IoT architecture (s): A European perspective. InI nternet of Things (WF-IoT), 2014 IEEE World Forum on (pp. 79–84).Krishnamurthy, S., & Mathur, A. P. (1997). On the estimation of reliability of a software system using reliabilities of its components. InS oftware Reliability Engineering, 1997. Proceedings., The Eighth International Symposium on (pp. 146–155).Kubat, P. (1989). Assessing reliability of modular software. Operations Research Letters, 8(1), 35–41.Laprie, J.-C. (1984). Dependability evaluation of software systems in operation. IEEE Transactions on Software Engineering, (6), 701–714.Lassing, N. H., Rijsenbrij, D. B. B., & van Vliet, H. (1999). On software architecture analysis of flexibility, complexity of changes: Size isn’t everything.Lee, C., Zappaterra, L., Kwanghee Choi, & Hyeong-Ah Choi. (2014). Securing smart home: Technologies, security challenges, and security requirements. In2 014 IEEE Conference on Communications and Network Security (pp. 67–72). IEEE. https://doi.org/10.1109/CNS.2014.6997467Lee, G. M., Crespi, N., Choi, J. K., & Boussard, M. (2013). Internet of things. InE volution of Telecommunication Services (pp. 257–282). Springer.Lee, I., & Lee, K. (2015). The Internet of Things (IoT): Applications, investments, and challenges for enterprises.B usiness Horizons, 58(4), 431–440.Lee, S., & Kim, S. (2013). Hacking, surveilling, and deceiving victims on Smart TV. Black Hat.Leyden, J. (2016). One Ring to pwn them all: IoT doorbell can reveal your Wi-Fi key. The Register.Li, S., Xu, L. Da, & Zhao, S. (2015). The internet of things: a survey. Information Systems Frontiers, 17(2), 243–259. https://doi.org/10.1007/s10796-014-9492-7Lindvall, M., Tvedt, R. T., & Costa, P. (2003). An empirically-based process for software architecture evaluation. Empirical Software Engineering, 8(1), 83–108.Liu, L., Yin, L., Guo, Y., & Fang, B. (2014). EAC: a framework of authentication property for the IoTs. In Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2014 International Conference on (pp. 102–105).Lize, G., Jingpei, W., & Bin, S. (2014). Trust management mechanism for Internet of Things.C hina Communications, 11(2), 148–156.Lloyd’s. (2017). Counting the cost Cyber exposure decoded.Lloyd, W., & Connie, S. (2002). PASA: A Method for the Performance Assessment of Software Architectures. In Proceedings of the Third International Workshop on Software and Performance (WOSP’2002), July (pp. 24–26).Loucopoulus, P., & Karakostas, V. (1995). System Requirements Engineering. McGraw-Hill, Inc.Ma, M., Wang, P., & Chu, C.-H. (2013). Data management for internet of things: challenges, approaches and opportunities. In Green Computing and Communications (GreenCom), 2013 IEEE and Internet of Things (iThings/CPSCom), IEEE International Conference on and IEEE Cyber, Physical and Social Computing (pp. 1144– 1151).Mahalank, S. N., Malagund, K. B., & Banakar, R. M. (2016). Non Functional Requirement Analysis in IoT based smart traffic management system. In 2016 International Conference on Computing Communication Control and automation (ICCUBEA) (pp. 1–6). IEEE. https://doi.org/10.1109/ICCUBEA.2016.7860147Mahalle, P. N., Anggorojati, B., Prasad, N. R., & Prasad, R. (2013). Identity authentication and capability based access control (iacac) for the internet of things.J ournal of Cyber Security and Mobility, 1(4), 309--348.Malware Must Die. (2016). MMD-0058-2016 - Linux/NyaDrop - a linux MIPS IoT bad news.Manrique, J. A., Rueda-Rueda, J. S., & Portocarrero, J. M. T. (2016). Contrasting Internet of Things and Wireless Sensor Network from a Conceptual Overview. In 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData) (pp. 252–257). IEEE. https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData.2016.66Maxwell, J. A. (2005). Conceptual framework: What do you think is going on. Qualitative Research Design: An Interactive Approach, 41, 33–63.Mead, N. R., & Stehney, T. (2005). Security quality requirements engineering (SQUARE) methodology. ACM SIGSOFT Software Engineering Notes, 30(4), 1. https://doi.org/10.1145/1082983.1083214Mell, P., & Grance, T. (2011). The NIST Definition of Cloud Computing.Microsoft Colombia. (2016). Principales tendencias de seguridad en IoT.Miles, M. B., & Huberman, A. M. (1994). Qualitative data analysis: An expanded sourcebook. sage.Miller, C., & Valasek, C. (2015). Remote Exploitation of an Unaltered Passenger Vehicle.Miorandi, D., Sicari, S., De Pellegrini, F., & Chlamtac, I. (2012). Internet of things: Vision, applications and research challenges. Ad Hoc Networks, 10(7), 1497–1516.Miranda, J., Mäkitalo, N., Garcia-Alonso, J., Berrocal, J., Mikkonen, T., Canal, C., & Murillo, J. M. (2015).F rom the Internet of Things to the Internet of People.I EEE Internet Computing, 19(2), 40–47.Moher, D., Liberati, A., Tetzlaff, J., & Altman, D. G. (2009). Preferred Reporting Items for Systematic Reviews and Meta-Analyses: The PRISMA Statement. PLoS Medicine, 6(7), e1000097. https://doi.org/10.1371/journal.pmed.1000097Molter, G. (1999). Integrating SAAM in domain-centric and reuse-based development processes. In Proceedings of the 2nd Nordic Workshop on Software Architecture, Ronneby (pp. 1–10).Monteiro, C., Oliveira, M., Bastos, J., Ramrekha, T., & Rodriguez, J. (2014). Social Networks and Internet of Things, an Overview of the SITAC Project. In International Wireless Internet Conference (pp. 191–196).Moore, B. J. (1994). Achieving software quality through requirements analysis. InP roceedings of 1994 IEEE International Engineering Management Conference - IEMC ’94 (pp. 78–83). IEEE. https://doi.org/10.1109/IEMC.1994.379948Morán Delgado, G., & Alvarado Cervantes, D. G. (2010). Métodos de investigación (Primera ed). Pearson Education.Mossburg, E., Gelinne, J., & Calzada, H. (2016). Beneath the surface of a cyberattack: A deeper look at business impacts.Mostow, J. (1985). Towards Better Models of the Design Process. AI Magazine, 6(1), 44–57.Mozzaquatro, B. A., Jardim-Goncalves, R., Melo, R., & Agostinho, C. (2016). The application of security adaptive framework for sensor in industrial systems. InS ensors Applications Symposium (SAS), 2016 IEEE (pp. 1–6).Muñoz, L., Sanchez, L., Galache, J. A., Gutierrez, V., Garcia, R., Poyato, P., … Ramdhany, R. (2011).F irst Cycle Architecture Specification.Murphy, G. C., Notkin, D., & Sullivan, K. (1995). Software reflexion models: Bridging the gap between source and high-level models.A CM SIGSOFT Software Engineering Notes, 20(4), 18–28.Nakagawa, E. Y., Oquendo, F., & Becker, M. (2012). RAModel: A Reference Model for Reference Architectures. In Software Architecture (WICSA) and European Conference on Software Architecture (ECSA), 2012 Joint Working IEEE/IFIP Conference on (pp. 297–301). IEEE. https://doi.org/10.1109/WICSA-ECSA.212.49Namal, S., Gamaarachchi, H., MyoungLee, G., & Um, T.-W. (2015). Autonomic trust management in cloud-based and highly dynamic IoT applications. In ITU Kaleidoscope: Trust in the Information Society (K-2015), 2015 (pp. 1–8).Naur, P., & Randell, B. (1969). Software Engineering: Report of a conference sponsored by the NATO Science Committee, Garmisch, Germany, 7-11 Oct. 1968, Brussels, Scientific Affairs Division, NATO.Neisse, R., Fovino, I. N., Baldini, G., Stavroulaki, V., Vlacheas, P., & Giaffreda, R. (2014). A model-based security toolkit for the internet of things. InA vailability, Reliability and Security (ARES), 2014 Ninth International Conference on (pp. 78–87).Nia, A. M., & Jha, N. K. (2016). A comprehensive study of security of internet-of-things. IEEE Transactions on Emerging Topics in Computing.NIST. (2011). ISO/IEC 25010:2011 - Systems and software engineering -- Systems and software Quality Requirements and Evaluation (SQuaRE) -- System and software quality models.NIST. (2013). Glossary of Key Information Security Terms.NowSecure. (2016). 2016 NowSecure Mobile Security Report.Object Management Group. (2005). Introducction to OMG’s Unified Modeling Language. Retrieved from http://www.uml.org/what-is-uml.htmObject Management Group. (2017). About the Unified Modeling Language Specification Versión 2.5.1. Retrieved from https://www.omg.org/spec/UML/About-UML/Oficina Nacional de Seguridad. (2016). Normas de la Autoridad Nacional para la Protección de la Información Clasificada. Retrieved from http://www.buenjuicio.com/wpcontent/ uploads/2015/07/Normas_de_la_Autoridad_Nacional_para_la_Proteccion_de_la_Informacion_Clasificada.pdfOltski, J. (2017). The Life and Times of Cybersecurity Professionals.OWASP. (2016a). IoT Framework Assessment. Retrieved November 29, 2017, from https://www.owasp.org/index.php/IoT_Framework_AssessmentOWASP. (2016b). Principles of IoT Security. Retrieved November 4, 2017, from https://www.owasp.org/index.php/Principles_of_IoT_SecurityOWASP. (2017a). About The Open Web Application Security Project. Retrieved from www.owasp.org/index.php/About_The_Open_Web_Application_Security_ProjectOWASP. (2017b). OWASP Internet of Things (IoT) Project.OWASP. (2017c). Password Storage Cheat Sheet. Retrieved November 29, 2017, from https://www.owasp.org/index.php/Password_Storage_Cheat_SheetOwens, D. (2005). Documenting Software Architectures: Views and Beyond. Technical Communication, 52(1), 75–77.Pacheco, J., & Hariri, S. (2016). IoT Security Framework for Smart Cyber Infrastructures. In Foundations and Applications of Self* Systems, IEEE International Workshops on (pp. 242–247).Pacheco, J., Satam, S., Hariri, S., Grijalva, C., & Berkenbrock, H. (2016). IoT Security Development Framework for building trustworthy Smart car services. In Intelligence and Security Informatics (ISI), 2016 IEEE Conference on (pp. 237–242).Pastrana, S., Rodriguez-Canseco, J., & Calleja, A. (n.d.). ArduWorm: A Functional Malware Targeting Arduino Devices.Patel, P., & Cassou, D. (2015). Enabling high-level application development for the internet of things. Journal of Systems and Software, 103, 62–84.Patiño, R. G. (2016). El estado del arte en la investigación: ¿Análisis de los conocimientos acumulados o indagación por nuevos sentidos?R evista Folios, 2(44).Pawar, M. V, & Anuradha, J. (2015). Network Security and Types of Attacks in Network. Procedia Computer Science, 48, 503–506.Picco, G. Pietro. (2010). Software engineering and wireless sensor networks. In Proceedings of the FSE/SDP workshop on Future of software engineering research - FoSER ’10 (p. 283). New York, New York, USA: ACM Press. https://doi.org/10.1145/1882362.1882421Pohl, K. (2010). Requirements Engineering: Fundamentals, Principles, and Techniques (1st Editio). Springer Publishing Company.Pressman, R. S. (2010). Ingeniería del Software: un enfoque práctico (Séptima ed). The McGraw-Hill.Radomirovic, S. (2010). Towards a Model for Security and Privacy in the Internet of Things. InP roc. First Int’l Workshop on Security of the Internet of Things (p. 6).Ratkowski, A. (2016). Architecture for Internet of Things Analytical Ecosystem. InD ependability Engineering and Complex Systems (pp. 385–393). Springer.Refsdal, A., Solhaug, B., & Stølen, K. (2015). Cyber-Risk Management. Cham: Springer International Publishing. https://doi.org/10.1007/978-3-319-23570-7Riazul Islam, S. M., Daehan Kwak, Humaun Kabir, M., Hossain, M., & Kyung-Sup Kwak. (2015). The Internet of Things for Health Care: A Comprehensive Survey. IEEE Access, 3, 678–708. https://doi.org/10.1109/ACCESS.2015.2437951Robles, T., Alcarria, R., de Andrés, D. M., Navarro, M., Calero, R., Iglesias, S., & López, M. (2015). An IoT based reference architecture for smart water management processes. JoWUA, 6(1), 4–23.Roman, G.-C. (1985). A taxonomy of current issues in requirements engineering.I EEE Computer, 18(4), 14–23.Ross, E. (2016). Baby monitors “hacked”: Parents warned to be vigilant after voices heard coming from speakers. Independent.Roy, B., & Graham, N. (2008). Methods for Evaluating Software Architecture: A Survey. Ontario, Canada.Rozanski, N., & Woods, E. (2005). Applying Viewpoints and Views to Software Architecture.RSA. (2016). 2016: Current State of Cybercrime.Rueda R., J. S., & TalaveraP., J. M. (2017). Similitudes y diferencias entre Redes de Sensores Inalámbricas e Internet de las Cosas: Hacia una postura clarificadora Similarities and differences between Wireless Sensor Networks and the Internet of Things: Towards a clarifying position. Revista Colombiana de Computación, 18(2), 58–74. https://doi.org/10.29375/25392115.3218Ruparelia, N. B. (2010). Software development lifecycle models. ACM SIGSOFT Software Engineering Notes, 35(3), 8–13. https://doi.org/10.1145/1764810.1764814Sadeghi, A.-R., Wachsmann, C., & Waidner, M. (2015). Security and privacy challenges in industrial internet of things. InP roceedings of the 52nd Annual Design Automation Conference on - DAC ’15 (pp. 1–6). New York, New York, USA: ACM Press. https://doi.org/10.1145/2744769.2747942Sanchez, L., Muñoz, L., Galache, J. A., Sotres, P., Santana, J. R., Gutierrez, V., … others. (2014). SmartSantander: IoT experimentation over a smart city testbed. Computer Networks, 61, 217–238.Sanchez, S., Angel Sicilia, M., & Rodriguez, D. (2012). Ingeniería del Sofware. Un enfoque desde la guía SWEBOK. Alfaomega.Schauer, P., & Debita, G. (2015). Internet of Things Service Systems Architecture.Schrott, U. (2017). Austrian hotel experiences ‘ransomware of things attack.’Sefika, M., Sane, A., & Campbell, R. H. (1996). Monitoring compliance of a software system with its high-level design models. InP roceedings of the 18th international conference on Software engineering (pp. 387–396).Seo, S., Kim, J., Yun, S., Huh, J., & Maeng, S. (2015). HePA: Hexagonal Platform Architecture for Smart Home Things. In Parallel and Distributed Systems (ICPADS), 2015 IEEE 21st International Conference on (pp. 181–189).Serbanati, A., Salinas Segura, A., Olivereau, A., Ben Saied, Y., Gruschka, N., Gessner, D., & Gomez-Marmol, F. (2012). Project Deliverable D4.2 - Concepts and Solutions for Privacy and Security in the Resolution Infrastructure.Serna, J., Morales, R., Medina, M., & Luna, J. (2014). Trustworthy communications in Vehicular Ad Hoc NETworks. In Internet of Things (WF-IoT), 2014 IEEE World Forum on (pp. 247–252).Shaw, M. (1989). Larger Scale Systems Require Higher-Level Abstractions. ACM Sigsoft Software Engineering Notes, 14(3), 143–146.Shen, S., & Carugi, M. (2014). Standardizing the Internet of Things in an evolutionary way. In ITU Kaleidoscope Academic Conference: Living in a converged world- Impossible without standards?, Proceedings of the 2014 (pp. 249–254).Shirey, R. (2007). Internet Security Glossary, Version 2.Shooman, M. L. (1976). Structural models for software reliability prediction. In Proceedings of the 2nd international conference on Software engineering (pp. 268–280).Shrouf, F., Ordieres, J., & Miragliotta, G. (2014). Smart factories in Industry 4.0: A review of the concept and of energy management approached in production based on the Internet of Things paradigm. In Industrial Engineering and Engineering Management (IEEM), 2014 IEEE International Conference on (pp. 697–701).Sicari, S., Rizzardi, A., Grieco, L. A., & Coen-Porisini, A. (2015). Security, privacy and trust in Internet of Things: The road ahead. Computer Networks, 76, 146–164.Singh, M., & Bhandari, P. (2016). Building a framework for network security situation awareness. In Computing for Sustainable Global Development (INDIACom), 2016 3rd International Conference on (pp. 2578–2583).Singh, S., & Singh, N. (2015). Internet of Things (IoT): Security challenges, business opportunities & reference architecture for E-commerce. In Green Computing and Internet of Things (ICGCIoT), 2015 International Conference on (pp. 1577–1581).Skala, K., Davidovic, D., Afgan, E., Sovic, I., & Sojat, Z. (2015). Scalable Distributed Computing Hierarchy: Cloud, Fog and Dew Computing.O pen Journal of Cloud Computing (OJCC), 2(1), 16–24.Smartex. (2016). Glossary of terms and expressions used in connection with The Internet of Things with a final section of related ‘Standards.’ Retrieved from http://www.smartex.com/wp-content/uploads/2016/04/Internet-of-Things-Glossary-of-Terms-V8-draft.pdfSmith, C. U. (1990). Performance engineering of software systems. Addison-Wesley Longman Publishing Co., Inc.Software Engineering Institute. (2016). Software Engineering Institute Glossary.Sommerville, I. (2011). Ingeniería del Software. PEARSON.Sommerville, I., & Sawyer, P. (1997). Requirements Engineering: A Good Practice Guide. John Wiley & Sons, Inc.Souza, R., & Cardozo, E. (2016). A Resource-Oriented Architecture for the Internet of Things (IoT). InC onnectivity Frameworks for Smart Devices (pp. 99–116). Springer.Statista. (2018). Number of Internet of Things (IoT) devices connected worldwide in 2017 and 2018, by type (in millions).Stoermer, C., Bachmann, F., & Verhoef, C. (2003). SACAM: The software architecture comparison analysis method.Stojmenovic, I., Wen, S., Huang, X., & Luan, H. (2015). An overview of Fog computing and its security issues. Concurrency and Computation: Practice and Experience.Stoneburner, G., Goguen, A. Y., & Feringa, A. (2002). SP 800-30. risk management guide for information technology systems.Stravoskoufos, K., Sotiriadis, S., & Petrakis, E. (2016). IoT-A and FIWARE: bridging the barriers between the cloud and IoT systems design and implementation. In Proc. 6th Int’l Conf. Cloud Computing and Services Science (pp. 146–153).Subramani, K. S., Antonopoulos, A., Nosratinia, A., & Makris, Y. (2016). Hardware-Induced Security & Privacy Vulnerabilities in the Internet of Things.Supriya, S., & Padaki, S. (2016). Data Security and Privacy Challenges in Adopting Solutions for IOT. In 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData) (pp. 410–415). IEEE. https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData.2016.97Tahir, R., Tahir, H., McDonald-Maier, K., & Fernando, A. (2016). A novel ICMetric based framework for securing the Internet of Things. In Consumer Electronics (ICCE), 2016 IEEE International Conference on (pp. 469–470).Talavera Portocarrero, J. M. (2016). RAMSES: Reference Architectue of Self-Adaptative Middleware for Wireless Sensor Networks. Universidade Federal fo Rio de Janeiro.Techopedia. (2017). What is Modeling Language? Retrieved November 2, 2017, from https://www.techopedia.com/definition/20810/modeling-languageTekinerdogan, B. (2004). ASAAM: Aspectual software architecture analysis method. In Software Architecture, 2004. WICSA 2004. Proceedings. Fourth Working IEEE/IFIP Conference on (pp. 5–14).Thierer, A. D. (2014). The Internet of Things & Wearable Technology: Addressing Privacy & Security Concerns Without Derailing Innovation.S SRN Electronic Journal. https://doi.org/10.2139/ssrn.2494382Touhill, G. J., & Touhill, J. (2014). Cybersecurity for Executives: A Practical Guide. John Wiley & Sons, Inc.Townsend Security. (2016). Definitive Guide to Encryption Key Management Fundamentals. Retrieved from https://info.townsendsecurity.com/definitive-guide-to-encryptionkey- management-fundamentalsTrend Micro. (2015). Trend Micro Glossary: Ransomware.Tuck, M. (2016). Internet of Things: Are We There Yet? (The 2016 IoT Landscape) – Matt Turck. Retrieved July 2, 2017, from http://mattturck.com/2016-iot-landscape/Tuck, M. (2018). Growing Pains: The 2018 Internet of Things Landscape. Retrieved from http://mattturck.com/iot2018/Tvedt, R. T., Lindvall, M., & Costa, P. (2002). A process for software architecture evaluation using metrics. In Software Engineering Workshop, 2002. Proceedings. 27th Annual NASA Goddard/IEEE (pp. 191–196).US-CERT. (2016). Alert (TA16-288A) Heightened DDoS Threat Posed by Mirai and Other Botnets.Usländer, T., & Epple, U. (2015). Reference model of industrie 4.0 service architectures. At-Automatisierungstechnik, 63(10), 858–866.Van Kranenburg, R. (2008). The Internet og Things. A critique of ambient technology and the all-seeing network of RFID. Amsterdam.Vaquero, L. M., Rodero-Merino, L., Caceres, J., & Lindner, M. (2008). A break in the clouds: Towards a Cloud Definition. ACM SIGCOMM Computer Communication Review, 39(1), 50. https://doi.org/10.1145/1496091.1496100Verdouw, C. N., Robbemond, R. M., Verwaart, T., Wolfert, J., & Beulens, A. J. M. (2015). A reference architecture for IoT-based logistic information systems in agri-food supply chains. Enterprise Information Systems, 1–25.Weyrich, M., & Ebert, C. (2016). Reference architectures for the internet of things. IEEE Software, 33(1), 112–116.Williams, L. G., & Smith, C. U. (1998). Performance Engineering of Software Architectures. InP roceeding on Workshop Software and Performance (pp. 164–177).WSO2. (2015). A Reference Architecture for the Internet of Things.Xu, B., Zhang, D., & Yang, W. (2012). Research on architecture of the Internet of Things for grain monitoring in storage. InI nternet of Things (pp. 431–438). Springer.Yacoub, S. M., Cukic, B., & Ammar, H. H. (1999). Scenario-based reliability analysis of component-based software. In Software Reliability Engineering, 1999. Proceedings. 10th International Symposium on (pp. 22–31).Yamamoto, Y., Morris, R. V., Hartsough, C., & Callender, E. D. (1982). The role of requirements analysis in the system life cycle. In Proceedings of the June 7-10, 1982, national computer conference on - AFIPS ’82 (p. 381). New York, New York, USA: ACM Press. https://doi.org/10.1145/1500774.1500821Yang, J., & Fang, B.-X. (2011). Security model and key technologies for the Internet of things. The Journal of China Universities of Posts and Telecommunications, 18(2), 109–112.Yi, S., Li, C., & Li, Q. (2015). A Survey of Fog Computing: Concepts, Applications and Issues. In Mobidata ’15 Proceedings of the 2015 Workshop on Mobile Big Data (pp. 37–42). ACM. https://doi.org/10.1145/2757384.2757397York Risk Services Group. (2015). No Business is too small for a cyber-attack.Zegzhda, D., & Stepanova, T. (2015). Achieving Internet of Things security via providing topological sustainability. In Science and Information Conference (SAI), 2015 (pp. 269–276).Zhang, K., Ni, J., Yang, K., Liang, X., Ren, J., & Shen, X. S. (2017). Security and Privacy in Smart City Applications: Challenges and Solutions. IEEE Communications Magazine, 55(1), 122–129. https://doi.org/10.1109/MCOM.2017.1600267CMZhang, Q., Cheng, L., & Boutaba, R. (2010). Cloud computing: state-of-the-art and research challenges. Journal of Internet Services and Applications, 1(1), 7–18. https://doi.org/10.1007/s13174-010-0007-6ORIGINAL2018_Tesis_Johan_Smith_Rueda_Rueda.pdf2018_Tesis_Johan_Smith_Rueda_Rueda.pdfTesisapplication/pdf5544109https://repository.unab.edu.co/bitstream/20.500.12749/3552/5/2018_Tesis_Johan_Smith_Rueda_Rueda.pdf8524367e1df4cb90193ea7b2305cb424MD55open access2018_Articulo_Johan_Smith_Rueda_Rueda.pdf2018_Articulo_Johan_Smith_Rueda_Rueda.pdfArticuloapplication/pdf709647https://repository.unab.edu.co/bitstream/20.500.12749/3552/2/2018_Articulo_Johan_Smith_Rueda_Rueda.pdf1b5363a045c7c25a056c913897904ad0MD52open accessTHUMBNAIL2018_Articulo_Johan_Smith_Rueda_Rueda.pdf.jpg2018_Articulo_Johan_Smith_Rueda_Rueda.pdf.jpgIM Thumbnailimage/jpeg9498https://repository.unab.edu.co/bitstream/20.500.12749/3552/4/2018_Articulo_Johan_Smith_Rueda_Rueda.pdf.jpg020504d13ceba3faf793812f5c5efd29MD54open access2018_Tesis_Johan_Smith_Rueda_Rueda.pdf.jpg2018_Tesis_Johan_Smith_Rueda_Rueda.pdf.jpgIM Thumbnailimage/jpeg4640https://repository.unab.edu.co/bitstream/20.500.12749/3552/6/2018_Tesis_Johan_Smith_Rueda_Rueda.pdf.jpgfd1efd985a57827f4cdbd2abdf464298MD56open access20.500.12749/3552oai:repository.unab.edu.co:20.500.12749/35522024-01-19 19:05:52.438open accessRepositorio Institucional | Universidad Autónoma de Bucaramanga - UNABrepositorio@unab.edu.co |