Security by Construction in Cloud and Internet of Things Ecosystems

The work carried out in this WP addresses security by design in Cloud and Internet of Things ecosystems, including research activities on ways to establish the assurance of security in software systems by design, focusing mainly on software and development processes (security engineering). It also includes the prototyping of a set of software tools for security engineering, attack modelling, and semi-assisted testing.

Team & Collaborators

  • Pedro Inácio | WP leader
  • Mário Freire
  • Paula Prata
  • Francisco Chimuco | Grantee, C4-UBI
  • Tiago Simões | PostDoc, UBI
  • Musa Gwani Samaila | PhD student, UBI
  • Bernardo Sequeiros | PhD student, UBI
  • Luís Rodrigues | MSc student, UBI


  • Musa G. Samaila, João B. F. Sequeiros, Tiago Simões, Mário M. Freire and Pedro R. M. Inácio, IoT-HarPSecA: A Framework and Roadmap for Secure Design and Development of Devices and Applications in the IoT Space, IEEE Access, in press.
  • João B. F. Sequeiros, Francisco Chimuco, Musa G. Samaila, Mário M. Freire and Pedro R. M. Inácio, Attack and System Modeling Applied to IoT, Cloud and Mobile Ecosystems: Embedding Security by Design, ACM Computing Surveys (CSUR), in press.

Related publications

Related activities

  • Bernardo Sequeiros, SECURIoTESIGN – Towards the Assurance of Security by Design of the Internet of Things. C4 – RINNOVAR – Research and INNOVation seminAR, October 23, 2019, Covilhã, Portugal
  • Luís Rodrigues, MSc student at UBI, is currently developing his Master’s dissertation, “Modeling Attacks in IoT to Assist the Engineering Process”, also in the scope of the theme of this project.
  • Bernardo Sequeiros, one of the collaborators, is developing, as an integrating part of the SECURIoTESIGN project, his PhD thesis, under the guise “Towards a Framework for System and Attack Modeling, and Mapping of Requirements and Technology for the Internet of Things”
  • Project SECURIoTESIGN, Towards the assurance of SECURity by dESIGN of the Internet of Things, financed by FCT/COMPETE/FEDER (Reference POCI-01-0145-FEDER-030657), with the main purpose of providing means to ensure that security is integrated in all design and development stages of IoT devices, from concept to testing phases. This project will provide a (prototype) tool framework to identify security requirements, model attacks and the system, specify tests, map requirements and technology, generate documentation, and auditing.