Internet of Things Garage

Designing Privacy by Design IoT Applications

Interactive Design Method for Augmenting Software Design Process Toward Privacy Aware Internet of Things Application Designs

Internet of Things (IoT) applications development and design process is more complicated than others, such as the one for desktop, web, or mobile. That’s because IoT applications need both software and hardware to cooperate across multiple nodes with different capabilities. Moreover, it requires different software engineers with different expertise to cooperate (e.g., frontend, backend, database). Due to the above complications, non-functional requirements, such as security and privacy, tend to be overlooked.

Yearly, a significant number of devices and applications are connecting to the internet, which raises potential privacy risks. Typically, IoT applications collect and analyse personal data that can be used to derive sensitive information about individuals. However, thus far, privacy concerns have not been explicitly considered (i.e., as united way), despite isolated solutions (i.e., specific privacy preserving technique that address specific problem), in software engineering processes when designing and developing IoT applications, partly due to a lack of Privacy-by-Design (PbD) methods for the IoT.

The primary objective of this project is to develop a interactive design method (facilitate through a tool) that incorporate privacy-preserving techniques into the early phases of the software development lifecycle efficiently, effectively and collaboratively. We envision our tool to be collaboratively used by business analysists, requirement engineers, user experience designers, and software engineers together during the process of creating privacy by design IoT application designs. Our secondary objective is to explore whether such a tool (with minor alteration) could also be used to enhance privacy education of high school and university students.




PETRAS National Centre of Excellence for IoT Systems Cybersecurity is a consortium of eleven leading UK universities which will work together over the next three years to explore critical issues in privacy, ethics, trust, reliability, acceptability, and security.


The Sage Group plc, commonly known as Sage, is a British multinational enterprise software company based in Newcastle upon Tyne, England. It is the UK's second largest technology company and is the world's third-largest supplier of enterprise resource planning software.

Open Web Application Security Project (OWASP)

The Open Web Application Security Project (OWASP) is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.

Threat Dragon

An online threat modelling web application including system diagramming and a rule engine to auto-generate threats/mitigations. The focus will be on great UX a powerful rule engine and alignment with other development lifecycle tools.