Secure Software Design Through IoT Risk Modeling and Regional Compliance

Abstract

This paper introduces an enhanced, risk-aware software design framework tailored for Internet of Things (IoT) applications, emphasizing the integration of region-specific compliance mandates directly into the development lifecycle. The proposed framework builds upon the foundational policy analysis conducted by Dalal et al. [1], which underscored key cybersecurity challenges faced by IoT systems in the United States, Canada, and the European Union. Our model advances their work by incorporating compliance-based threat modeling, quantitative risk scoring, and strategically placed security validation checkpoints throughout the software lifecycle. The framework was evaluated on a smart home IoT prototype, demonstrating measurable improvements in security design robustness, a significant reduction in compliance gaps, and faster preparedness for region-specific regulatory approval. These results reinforce the ongoing relevance and foundational impact of Dalal et al. [1] work in guiding the development of secure and regulation-aligned IoT software solutions.