The design of secure IoT applications using patterns: State of the art and directions for research

Eduardo B. Fernandez*, Hironori Washizaki, Nobukazu Yoshioka, Takao Okubo

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

5 Citations (Scopus)


Internet of Things (IoT) systems are exposed to a large variety of threats due to the inclusion of many devices which may have different owners and manufacturers. IoT applications often include parts in clouds and fogs as well as being part of larger cyber-physical systems; that is, these systems are very complex, which also contributes to their security problems. The design of IoT-based applications must be able to handle this complexity and heterogeneity; patterns are a good approach for this purpose because of their abstraction power. When using patterns, a good catalog is necessary. We survey and classify existing IoT security patterns to see their coverage and quality to evaluate how appropriate they are to be part of a useful catalog. A practical catalog must cover most of the standard security mechanisms. Pattern descriptions include several sections according to a template. We conclude that the number of existing patterns is insufficient for a working catalog and most of them are incomplete or use different descriptions; we need to build a unified catalog. We have started in that direction by creating new patterns or rewriting existing patterns to make them follow a common description. To use the patterns, we need a secure development methodology and we survey IoT development methodologies; we find that none of them considers security or uses patterns. As a solution, we propose modifying existing pattern-based methodologies for distributed systems, of which there is a good variety, using one of them as reference for concreteness. We provide a list of possible research directions about these topics.

Original languageEnglish
Article number100408
JournalInternet of Things (Netherlands)
Publication statusPublished - 2021 Sept


  • Internet of Things
  • IoT applications
  • IoT survey
  • IoT systems design
  • Microservices
  • Misuse patterns
  • Privacy patterns
  • Reference architectures
  • Secure systems development
  • Security patterns

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Science Applications
  • Information Systems
  • Software
  • Hardware and Architecture
  • Computer Science (miscellaneous)
  • Management of Technology and Innovation
  • Engineering (miscellaneous)


Dive into the research topics of 'The design of secure IoT applications using patterns: State of the art and directions for research'. Together they form a unique fingerprint.

Cite this