ICCK Journal of Software Engineering Home About Editors Current Issue
-
CiteScore
-
Impact Factor
  1. Home
  2. Journals
  3. ICCK Journal of Software Engineering
  4. Volume 1, Issue 2
Secure Software Engineering for Industrial IoT: Integrating Threat Modeling into the Development Lifecycle
Research Article | Published: 24 October 2025
ICCK Journal of Software Engineering Volume 1, Issue 2, 2025: 63-74
Volume 1, Issue 2, ICCK Journal of Software Engineering
Volume 1, Issue 2, 2025
Submit Manuscript Edit a Special Issue
Article QR Code
Article QR Code
Scan the QR code for reading
Popular articles
Case Studies on Integrating Artificial Intelligence in Finance to Transform Decision Making and Risk Management for Enhanced Financial Outcomes Research on A Ship Trajectory Classification Method Based on Deep Learning Bridging Modalities: A Survey of Cross-Modal Image-Text Retrieval Enhancing Fake News Detection with a Hybrid NLP-Machine Learning Framework A Mimic Fusion Algorithm for Dual Channel Video Based on Possibility Distribution Synthesis Theory YOLOv7-Bw: A Dense Small Object Efficient Detector Based on Remote Sensing Image Plant Disease Detection Using Deep Learning Techniques Reinforcement Learning for Prompt Optimization in Language Models: A Comprehensive Survey of Methods, Representations, and Evaluation Challenges Deep Prediction Network Based on Covariance Intersection Fusion for Sensor Data Analyzing the Translation and Impact of Popular Science Literature in China: A Case Study Approach
ICCK Journal of Software Engineering, Volume 1, Issue 2, 2025: 63-74

Open Access | Research Article | 24 October 2025
Secure Software Engineering for Industrial IoT: Integrating Threat Modeling into the Development Lifecycle
by
Misbah Ali Misbah Ali 1 *
Haroon Arif Haroon Arif 2
Aamir Raza Aamir Raza 3
Moomna Nazir Moomna Nazir 4
1 Department of Computer Science, COMSATS University Islamabad (CUI), Sahiwal Campus, Sahiwal 57000, Pakistan
2 Department of Computer Science, Illinois Institute of Technology, Chicago, IL 60616, United States
3 Department of Information Technology and Management, Illinois Institute of Technology, Chicago, IL 60616, United States
4 Department of Computer Science, Government Postgraduate College for Women, Sahiwal 57040, Pakistan
* Corresponding Author: Misbah Ali, [email protected]
DOI: 10.62762/JSE.2025.729568
Received: 11 July 2025, Accepted: 26 August 2025, Published: 24 October 2025  
   PDF  (2.02 MB)
Article Metrics Cite This Article
Abstract
The Industrial Internet of Things (IIoT) is central to smart manufacturing, enabling real-time automation, data exchange, and system intelligence. However, the convergence of cyber-physical systems with legacy software and heterogeneous architectures introduces significant security challenges. This paper explores how software engineering principles can be strategically employed to enhance IIoT security by integrating threat modeling into the development lifecycle. In this study, we review classic models such as STRIDE, DREAD, and STPA-Sec, and evaluate their effectiveness when applied at various phases of the Secure Software Development Life Cycle (SSDLC). STRIDE focuses on classifying security threats, DREAD helps score the severity of risks, and STPA-Sec provides a safety-oriented approach to identifying unsafe control actions in IIoT environments. Additionally, we propose a secure development process to embed continuous security assurance during IIoT software deployment. This research highlights design-driven security patterns, model-driven engineering strategies, and secure API development best practices. This paper aims to support developers and architects in designing scalable and threat-aware IIoT systems through the alignment of software engineering with IIoT-specific threat vectors.
Graphical Abstract
Secure Software Engineering for Industrial IoT: Integrating Threat Modeling into the Development Lifecycle
Keywords
industrial IoT
software engineering
threat modeling
secure software development lifecycle (SSDLC)
Data Availability Statement
Data will be made available on request.
Funding
This work was supported without any funding.
Conflicts of Interest
The authors declare no conflicts of interest.
Ethical Approval and Consent to Participate
Not applicable.
References
  1. Hou, K. M., Diao, X., Shi, H., Ding, H., Zhou, H., & de Vaulx, C. (2023). Trends and challenges in AIoT/IIoT/IoT implementation. Sensors, 23(11), 5074.
    [CrossRef]   [Google Scholar]
  2. Sheng, C., Zhou, W., Han, Q. L., Ma, W., Zhu, X., Wen, S., & Xiang, Y. (2025). Network traffic fingerprinting for IIoT device identification: A survey. IEEE Transactions on Industrial Informatics.
    [CrossRef]   [Google Scholar]
  3. Bahaa, A., Abdelaziz, A., Sayed, A., Elfangary, L., & Fahmy, H. (2021). Monitoring real time security attacks for IoT systems using DevSecOps: a systematic literature review. Information, 12(4), 154.
    [CrossRef]   [Google Scholar]
  4. De Oliveira, G. W., Nogueira, M., dos Santos, A. L., & Batista, D. M. (2023). Intelligent VNF placement to mitigate DDoS attacks on industrial IoT. IEEE Transactions on Network and Service Management, 20(2), 1319-1331.
    [CrossRef]   [Google Scholar]
  5. Sarjan, H., Ameli, A., & Ghafouri, M. (2022). Cyber-security of industrial internet of things in electric power systems. IEEE Access, 10, 92390-92409.
    [CrossRef]   [Google Scholar]
  6. Kavitha, D., & Thejas, S. (2024). Ai enabled threat detection: Leveraging artificial intelligence for advanced security and cyber threat mitigation. IEEE Access.
    [CrossRef]   [Google Scholar]
  7. Khan, R. A., Khan, S. U., Akbar, M. A., & Alzahrani, M. (2024). Security risks of global software development life cycle: Industry practitioner's perspective. Journal of Software: Evolution and Process, 36(3), e2521.
    [CrossRef]   [Google Scholar]
  8. Barrera, D., Bellman, C., & Van Oorschot, P. (2023). Security best practices: a critical analysis using IoT as a case study. ACM Transactions on Privacy and Security, 26(2), 1-30.
    [CrossRef]   [Google Scholar]
  9. Ali, A., Husain, M., & Hans, P. (2025). Federated Learning-Enhanced Blockchain Framework for Privacy-Preserving Intrusion Detection in Industrial IoT. arXiv preprint arXiv:2505.15376.
    [Google Scholar]
  10. Crothers, E. N., Japkowicz, N., & Viktor, H. L. (2023). Machine-generated text: A comprehensive survey of threat models and detection methods. IEEE Access, 11, 70977-71002.
    [CrossRef]   [Google Scholar]
  11. Ali, M., Raza, A., Akram, M. A., Arif, H., & Ali, A. (2025). Enhancing IOT Security: A review of Machine Learning-Driven Approaches to Cyber Threat Detection: Enhancing IOT Security: A review of Machine Learning-Driven Approaches to Cyber Threat Detection. Journal of Informatics and Interactive Technology, 2(1), 316-324.
    [CrossRef]   [Google Scholar]
  12. Benmalek, M. (2024). Ransomware on cyber-physical systems: Taxonomies, case studies, security gaps, and open challenges. Internet of Things and Cyber-Physical Systems, 4, 186-202.
    [CrossRef]   [Google Scholar]
  13. Kim, K. H., Kim, K., & Kim, H. K. (2022). STRIDE‐based threat modeling and DREAD evaluation for the distributed control system in the oil refinery. ETRI Journal, 44(6), 991-1003.
    [CrossRef]   [Google Scholar]
  14. Yu, J., Wagner, S., & Luo, F. (2021). Data-flow-based adaption of the system-theoretic process analysis for security (STPA-sec). PeerJ Computer Science, 7, e362.
    [CrossRef]   [Google Scholar]
  15. Mohanty, R. K., Padmaja, C. V. R., Kanaparthi, S. K., & Rajan, A. (2025). Unified threat modeling: Strategies for comprehensive risk assessment in modern systems. In Integrating Technology in Problem-Solving Educational Practices (pp. 429-450). IGI Global.
    [CrossRef]   [Google Scholar]
  16. He, P., Du, X., Li, Y., Guo, H., & Cui, J. (2025). An integration methodology of safety and security requirements for autonomous vehicles. Journal of Transportation Safety & Security, 17(3), 253-271.
    [CrossRef]   [Google Scholar]
  17. Alauthman, M., Al-Qerem, A., Aldweesh, A., & Almomani, A. (2025). Secure SDLC Frameworks: Leveraging DevSecOps to Enhance Software Security. In Modern Insights on Smart and Secure Software Development (pp. 77-118). IGI Global Scientific Publishing.
    [CrossRef]   [Google Scholar]
  18. Yu, Z., Gao, H., Cong, X., Wu, N., & Song, H. H. (2023). A survey on cyber–physical systems security. IEEE Internet of Things Journal, 10(24), 21670-21686.
    [CrossRef]   [Google Scholar]
  19. Rathee, G., Ahmad, F., Jaglan, N., & Konstantinou, C. (2022). A secure and trusted mechanism for industrial IoT network using blockchain. IEEE Transactions on Industrial Informatics, 19(2), 1894-1902.
    [CrossRef]   [Google Scholar]
  20. Hameed, A., Violos, J., & Leivadeas, A. (2022). A deep learning approach for IoT traffic multi-classification in a smart-city scenario. IEEE Access, 10, 21193-21210.
    [CrossRef]   [Google Scholar]
  21. Ajiga, D., Okeleke, P. A., Folorunsho, S. O., & Ezeigweneme, C. (2024). Designing cybersecurity measures for enterprise software applications to protect data integrity. Computer Science & IT Research Journal, 5(8), 1920-1941.
    [CrossRef]   [Google Scholar]
  22. Akerele, J. I., Uzoka, A., Ojukwu, P. U., & Olamijuwon, O. J. (2024). Increasing software deployment speed in agile environments through automated configuration management. International Journal of Engineering Research Updates, 7(02), 028-035. :
    [CrossRef]   [Google Scholar]
  23. Mustonen, J. (2024). Designing a security framework for enhanced monitoring and secure development during the software life cycle.
    [Google Scholar]
  24. Ali, M., Mazhar, T., Al-Rasheed, A., Shahzad, T., Ghadi, Y. Y., & Khan, M. A. (2024). Enhancing software defect prediction: a framework with improved feature selection and ensemble machine learning. PeerJ Computer Science, 10, e1860.
    [CrossRef]   [Google Scholar]
  25. Padmapriya, V. M., Thenmozhi, K., Hemalatha, M., Thanikaiselvan, V., Lakshmi, C., Chidambaram, N., & Rengarajan, A. (2025). Secured IIoT against trust deficit-A flexi cryptic approach. Multimedia Tools and Applications, 84(9), 5625-5652.
    [CrossRef]   [Google Scholar]
  26. Lalar, S., Kumar, T., Kamboj, S., & Kumar, R. (2024). Security challenges and solutions in cloud, fog, and edge computing for sustainable development. In Cloud and Fog Optimization-based Solutions for Sustainable Developments (pp. 178-200). CRC Press.
    [Google Scholar]
  27. Veldi, S. R. (2025). Infrastructure-as-Code with Scripting: A Technical Review. Journal of Computer Science and Technology Studies, 7(6), 345-352.
    [CrossRef]   [Google Scholar]
  28. Reyes-Acosta, R. E., Mendoza-González, R., Oswaldo Diaz, E., Vargas Martin, M., Luna Rosas, F. J., Martínez Romo, J. C., & Mendoza-González, A. (2025). Cybersecurity Conceptual Framework Applied to Edge Computing and Internet of Things Environments. Electronics, 14(11), 2109.
    [CrossRef]   [Google Scholar]
  29. Hwang, I., Cho, H., & Kim, S. (2025). Deriving Usability Evaluation Criteria for Threat Modeling Tools. IEEE Access.
    [CrossRef]   [Google Scholar]
  30. Bar, K. (2025). AI for Code Synthesis: Can LLMs Generate Secure Code?. Available at SSRN 5157837.
    [CrossRef]   [Google Scholar]
  31. Gajera Jr, A. (2025). Comparative Analysis of Jenkins, GitLab CI, and GitHub Actions: Performance Evaluation in CI/CD Pipelines.
    [Google Scholar]
  32. Khan, I. A., Keshk, M., Pi, D., Khan, N., Hussain, Y., & Soliman, H. (2022). Enhancing IIoT networks protection: A robust security model for attack detection in Internet Industrial Control Systems. Ad Hoc Networks, 134, 102930.
    [CrossRef]   [Google Scholar]
Cite This Article
APA Style
Ali, M., Arif, H., Raza, A., & Nazir, M. (2025). Secure Software Engineering for Industrial IoT: Integrating Threat Modeling into the Development Lifecycle. ICCK Journal of Software Engineering, 1(2), 63–74. https://doi.org/10.62762/JSE.2025.729568
Article Metrics
Citations:

Google Scholar
0

Crossref

0

Scopus

0

Web of Science

0
Article Access Statistics:
Views: 56
PDF Downloads: 37
Publisher's Note
ICCK stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and Permissions
CC BY Copyright © 2025 by the Author(s). Published by Institute of Central Computation and Knowledge. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made.
ICCK Journal of Software Engineering

ICCK Journal of Software Engineering

ISSN: 3069-1834 (Online)

Email: [email protected]

Portico

Portico

All published articles are preserved here permanently:
https://www.portico.org/publishers/icck/