'If security is required': Engineering and Security Practices for Machine Learning-based IoT Devices

Nikhil Krishna Gopalakrishna, Dharun Anandayuvaraj, Annan Detti, Forrest Lee Bland, Sazzadur Rahaman, James C. Davis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

12 Scopus citations

Abstract

The latest generation of IoT systems incorporate machine learning (ML) technologies on edge devices. This introduces new engineering challenges to bring ML onto resource-constrained hardware, and complications for ensuring system security and privacy. Existing research prescribes iterative processes for machine learning enabled IoT products to ease development and increase product success. However, these processes mostly focus on existing practices used in other generic software development areas and are not specialized for the purpose of machine learning or IoT devices. This research seeks to characterize engineering processes and security practices for ML-enabled IoT systems through the lens of the engineering lifecycle. We collected data from practitioners through a survey (N=25) and interviews (N=4). We found that security processes and engineering methods vary by company. Respondents emphasized the engineering cost of security analysis and threat modeling, and trade-offs with business needs. Engineers reduce their security investment if it is not an explicit requirement. The threats of IP theft and reverse engineering were a consistent concern among practitioners when deploying ML for IoT devices. Based on our findings, we recommend further research into understanding engineering cost, compliance, and security trade-offs.

Original languageEnglish (US)
Title of host publicationProceedings - 4th International Workshop on Software Engineering Research and Practice for the IoT, SERP4IoT 2022
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1-8
Number of pages8
ISBN (Electronic)9781450393324
DOIs
StatePublished - 2022
Event4th IEEE/ACM International Workshop on Software Engineering Research and Practice for the IoT, SERP4IoT 2022 - Pittsburgh, United States
Duration: May 19 2022 → …

Publication series

NameProceedings - 4th International Workshop on Software Engineering Research and Practice for the IoT, SERP4IoT 2022

Conference

Conference4th IEEE/ACM International Workshop on Software Engineering Research and Practice for the IoT, SERP4IoT 2022
Country/TerritoryUnited States
CityPittsburgh
Period5/19/22 → …

Keywords

  • Cyber-physical systems
  • Embedded systems
  • Internet of things
  • Machine learning
  • Security and privacy
  • Software engineering

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software

Fingerprint

Dive into the research topics of ''If security is required': Engineering and Security Practices for Machine Learning-based IoT Devices'. Together they form a unique fingerprint.

Cite this