which non-repudiation has to be provided are part of highly specific applications
(e.g. inter-bank communications of aggregated banking transactions, or
administration of highly-critical assets), which does not qualify them as generic
mitigation means.
Finally, it is worth explaining why some identified risks are "not specifically
targeted" in IoT-A, with no relevant technology being developed and no design
choice being proposed. These non-targeted risks are of two sorts. Some of
them are dependent on highly contextual physical parameters. They depend on
the particularities of the communication technology that is put in place and, as
such, exhibit highly diverse characteristics in terms of involved stakes.
Accordingly, the existing mitigations can only be implemented at the physical
layer with variable costs in terms of, for instance, efficiency. The other non-
targeted security risks pertain to in-entity security-by-design policies. For
example, the protection of a given operating system or the choice to encrypt a
user database fit into this category. As such, they cannot be qualified as being
typical for the IoT environment.
5.2.10 Design Choices
5.2.10.1 Introduction
By following the architectural methodology according to [Rozanski 2011] it
is recommended to apply the architectural perspectives to the views on an
architecture in order to design systems that satisfy qualities like high
performance, high scalability or interoperability. This step in the architectural
methodology is similar to constructing the interrelationships between customer
requirements and technical requirements in the ̳House of Quality‘ matrix as
applied in the Quality-Function Deployment [Erder 2003] introduced in
Section 5.2.5
This section guides an architect by giving design choices for the architectural
viewpoints defined in the Reference Architecture in Section 4.2 for each
perspective listed in Section 4.3^7. Figure 71 illustrates that the perspectives
Evolution & Interoperability, Performance & Scalability, Trust, Security &
Privacy, and Availability & Resilience are applied to the Functional View, the
Information View as well as the Deployment & Operation View respectively.
(^7) This approach is different to the one followed in the Design Choice chapter of D1.4