Font Size Change

HOMESoftware Reliability EnhancementSEC's activitiesBuilding safeguards for reliable and affordable Internet of Things (IoT) environments

PRINT PAGE

Software Reliability Enhancement

Building safeguards for reliable and affordable Internet of Things (IoT) environments

In the era of IoT, products and services are connected and the flow and exchange of data from IoT drive business creation and socio-economy transformation. This IoT environment (smart ecosystem) inevitably gives rise to unprecedented risks, such as irregular connections not assumed by developers, which result in hazards and security vulnerabilities. IPA/SEC supports developers by engaging in the following activities in order to provide safe/secure IoT product and services.

Activity 1:Arrangement of Safety, Security, and Reliability Requirements for IoT Equipment

In enabling a smart ecosystem, formulating quality requirements for all stakeholders connected to the ecosystem, thoroughly and without any oversight, is a challenging task. To address this, IPA/SEC arranged a set of product/service quality requirements with which such product/service providers in a smart ecosystem can extract the requirements for their stakeholders and evaluate their development performance from broader perspectives.

IoT Safety/Security Development Guidelines
IoT Safety/Security Development Guidelines Features
- Points to be considered through the development life-cycle, including development of "the policy" of the whole company developing IoT products, "analysis" of the risk caused by introducing the product, "design" for taking measures against risks, and "maintenance" and "operation" after the product release, are integrated as 17 guidelines.
- For consideration, backgrounds, purposes, concrete risks, and examples of measures are explained in each guideline.
- The list of guidelines is able to be utilized as a check list at the time of the development of IoT products.
- The list of guidelines is also able to be utilized as a check list at the time of the confirmation of the company's requirements at the user side which procures IoT products.
- For developers and for managers, these guidelines are assumed to be used as the guide for recognizing the risks and the measures for IoT product as the issues at the company.
More info

The government of Japan also had recognized the significance of security/safety requirements for IoT products/services in the emerging IoT environments, and formulated IoT Security Guidelines adopting components of IPA/SEC development guidelines in July 2016.

Activity 2: Promoting Safety/Security Design Processes in Smart Ecosystems

For convenient usage of IoT products and services having the appropriate safety and security, all developers in every stage of the supply chain should incorporate certain safety/security design practices in their upper processes. To this end, IPA/SEC presents explanatory process guides for safety/security design practices in the development process, risk analysis and the adoption process of countermeasures against risks, and visualization method for design quality which is logically accountable to users. Those guides are for promoting safety/security design practices in the upper processes of developers.

IoT Safety/Security Design Tutorial
IoT Safety/Security Development Guidelines Contents
Explains the significance of safety/security design practices, leveling process with a visualization of design quality, and the involvement of management in the upper processes of their product/service.
Introduces accident/incident cases that have actually happened, in order to show the impact of considering safety/security with causal analysis and hints for formulating for countermeasures against accidents/incidents.
Introduces risk analysis and safety/security design processes, mostly taking examples from industry, as a part of considering safety/security. Introduces visualization methods for design quality, which are necessary in the agreement process of quality requirements among stakeholders in upper processes. It also might be useful in the post-market stage for accountability against third parties and/or stakeholders in the event of an accident/incident caused by the product/service.
More info

Activity 3: Guidebook for Quality Requirement Details in Smart Ecosystems

In smart ecosystems, formulating quality requirements for all stakeholders connected to the ecosystem, thoroughly and without any oversight, is a challenging task. To address this, IPA/SEC arranged quality guidelines for product/service developers which help them to arrange quality requirements from stakeholders and evaluate their performance from a broader perspective.

IoT Software Quality Guidelines
IoT Safety/Security Development Guidelines Software quality guidelines
Presents objectives of quality guidelines in IoT era.
Introduces the international standard "SQuaRE", and explains key quality measurement items such as usability, safety, security, etc.
Presents points of improvement for better software quality, and the relationship between quality accountability and third-party evaluation.

SQuaRE quality model usecase references
Based on the quality model (product quality, quality during use, data quality) defined in the international standard "SQuaRE" series, explanations, usage examples, measurement examples, and the like, are introduced for each quality item/sub item. Those examples can be referenced when extracting quality requirements and formulating evaluation plans in the development process, which contributes to efficient software development processes.

Download (Japanese)PDF文書