Font Size Change

HOMEIT Knowledge Center on emerging tech trendsDeliverables/ReportsIoT Safety/Security Development Guidelines(Second Edition)
: Important Points to be understood by Software Developers toward the Smart-society

PRINT PAGE

IT Knowledge Center on emerging tech trends

IoT Safety/Security Development Guidelines(Second Edition)
: Important Points to be understood by Software Developers toward the Smart-society

Last updated on September 28, 2017
July 29, 2016
INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN
Software Reliability Enhancement

Summary

 According to the realization of "IoT society" where every kind of device and system are connected with internet and inter-communicate each other, the improvement of convenience of living is expected. On the other hand, by unexpected connections, the occurrence of the risks that threaten the safety and security of the users of IoT devices and systems are concerned. Therefore, the working group which consisted of the key persons of industry and academy had been started by IPA/SEC in August, 2015. By the working group, the examination result about risks and measures that the developer of the IoT product should consider during development was integrated and was published as "IoT Safety/Security Development Guidelines".

Feature

- Points to be considered through the development life-cycle, including development of "the policy" of the whole company developing IoT product, "analysis" of the risk caused by connecting, "design" to take measures to a risk and "maintenance" and "operation" after the product release are integrated as 17 guidelines.
- For considering, backgrounds, purposes, concrete risks and examples of measures are explained on every each guideline.
- The list of guidelines is able to be utilized as a check list at the time of the IoT development of products.
- The list of guidelines is also able to be utilized as a check list at the time of the company's requirements confirmation in the user side procuring IoT products.
- Not only for developers but for managers, this guidelines are assumed to be used as he guide to recognize the risks and the measures for IoT product as the issues the company.

Large item guidelines
Policy Making corporate efforts for the Safety/Security of the Smart-society Guideline 1 Formulating the basic policies for Safety/Security
Guideline 2 Reviewing systems and human resources for Safety/Security
Guideline 3 Preparing for internal fraud and mistakes
Analysis Understanding the risks of the Smart-society Guideline 4 Identifying objects to be protected
Guideline 5 Assuming the risks caused by connections
Guideline 6 Assuming the risks spread through connections
Guideline 7 Understanding physical security risks
Design Considering the designs to protect the objects to be protected Guideline 8 Designing to enable both individual and total protection
Guideline 9 Designing so as not to cause trouble in other connected entities
Guideline 10 Ensuring consistency between the designs of safety and security
Guideline 11 Designing to ensure Safety/Security even when connected to unspecified entities
Guideline 12 Verifying/validating the designs of safety and security
Maintenance Considering the designs to ensure protection even after market release Guideline 13 Implementing the functions to identify and record own status
Guideline 14 Implementing the functions to maintain Safety/Security even after the passage of time
Operation Protecting with relevant parties Guideline 15Identifying IoT risks and providing information after the market release
Guideline 16 Informing relevant business operators of the procedures to be followed after market release
Guideline 17 Making the risks caused by connections known to general users

Major changes in Second Edition

In the second edition, the contents are updated adding a point of view to develop IoT products in consideration of the “Quality in use” in the Smart-society. Added contents are:

- Designing which prevents users and installment engineers from connecting hazardous IoT devices because there are possibilities that users uses IoT systems or services without knowing about risks unique to IoT in the Smart-society, such as connecting low-security devices or to networks, or installing applications with low reliability (see [Guideline 11] Designing to ensure Safety/Security even when connected to unspecified entities).
- Implementation considering the expected rapid changes in usages and environments in the Smart-society in order to reduce future influences in IoT systems and services, such as improvement of operations and addition of functions to prevent operation errors and hazardous connections during long period of use (see [Guideline 14] Implementing the functions to maintain Safety/Security even after the passage of time).

Download

Note: Documents below are provided by PDF format.
IoT Safety/Security Development Guidelines(4.68MB)

*Japanese version is here.

Update history

28 September 2017 The download file was replaced with the Second Edition whose major changes are described as above.