Abstract

The Internet of Things (IoT) paradigm has become important in many domains, ranging from smart home to medical and industrial applications. However, besides the outstanding advantages, comprehensive networking raises new security challenges. To benefit from IoT, secure embedded systems and resilient architectures are mandatory. Security-by-design is a cost efficient approach to accomplish this objective. Security requirement analysis as the first step of security-by-design plays an important role to design, develop and test secure embedded systems. This paper presents a case study to demonstrate security requirement modeling at three abstraction levels with the focus on the CIA triad (Confidentiality, Integrity, Availability). The methodology is demonstrated by applying the proposed approach to a use case from the energy domain.