Abstract

The increasing use of the Internet of Things (IoT) in homes and industry brings significant security and privacy challenges, while also considering trade-off for performance, energy consumption, and processing capabilities. Few explicit and specific guidelines exist to help architects in considering these trade-offs while designing secure IoT systems. This article proposes to address this situation by extending the well-known architectural tactics taxonomies with IoT-specific trade-offs; to preserving auditability, the trade-offs address the quality characteristics of the ISO 25010:2023 standard. The proposed technique and catalog are illustrated with the design of the Nunatak environmental monitoring system. The proposal was empirically validated with a controlled experiment, where a balanced mix of 12 novice and expert practitioners had to design a secure IoT Environmental Monitoring System; they used similar architectural tactics catalogs, with versus without trade-off information. Results suggest that having this information yield significant improvements in decision-making effectiveness (Precision) and usefulness (F1-Score), particularly benefiting less experienced designers. Wider adoption of trade-off-aware catalogs of architectural tactics will allow systematic, auditable design of secure IoT systems, and especially so by novice architects.