The design process for Internet of Things (IoT) applications is more complicated than for desktop, mobile, or web-based platforms. IoT applications require both software and hardware to work together across multiple different types of nodes (e.g. micro-controllers, systems-on-chip, mobile phones, miniaturised single-board computers, cloud platforms, etc) with different computational capabilities under different conditions.
IoT applications typically collect and analyse personal data that can be used to derive sensitive information about individuals. Thus far, privacy concerns have not been explicitly considered in software engineering processes when designing and developing IoT applications, partly due to a lack of tools, technologies, and guidance. The engineering complexities in the IoT have also forced engineers to focus most of their efforts on addressing other challenges such as interoperability and modifiability, resulting in privacy concerns being largely overlooked. Without proper privacy protection in place, IoT applications could lead to serious privacy violations. Over the last few years, we have seen a number of privacy violations (e.g., Baby monitor, Google smart speaker eavesdropping).
Traditionally, privacy challenges are addressed in an isolated manner by different research communities (e.g. networking, database, software engineering). Such independently developed solutions are complicated to adopt and require significant expert knowledge, time, and resources to incorporate them into an IoT application design.
In contrast, this project aims to develop techniques that can assess a given IoT application design and produce a report that highlights weaknesses (e.g., privacy issues) to augment the software development lifecycle (SDLC).