The architectural divergence problem in security and privacy of eHealth IoT product lines

Abstract

The Internet of Things (IoT) seamlessly becomes integrated into many aspects of daily life, and in the case of healthcare, it arises in the shape of eHealth IoT systems. Evidently, the design of such systems must apply best practices when it comes to security and privacy, in addition to ensuring compliance with various national and international regulations. When it comes to the required functionality, commonalities and variations can effectively be managed in a product line approach that involves deriving specific application architecture variants from a common reference architecture. This paper illustrates and discusses a specific problem encountered in the establishment of a software product-line in this specific context: the adoption of systematic security and privacy threat modeling and risk assessment approaches introduces a variation space that is very difficult to capture in a proactive product-line approach. One of the main causes for this is that threat assessment itself suffers from the problem of threat explosion, i.e. combinatorial explosions of threats that have to be investigated and systematically mitigated. The highlighted divergence of the security and privacy threats across architectural variants is illustrated in the specific case of an industry IoT-based e-health software product line.