利用使用控制，通过契约实现和强制执行安全

IF 7.6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Internet of Things Pub Date : 2025-07-16 DOI:10.1016/j.iot.2025.101697

Marco Rasori , Paolo Mori , Andrea Saracino , Alessandro Aldini

{"title":"利用使用控制，通过契约实现和强制执行安全","authors":"Marco Rasori , Paolo Mori , Andrea Saracino , Alessandro Aldini","doi":"10.1016/j.iot.2025.101697","DOIUrl":null,"url":null,"abstract":"<div><div>The widespread adoption of IoT-based smart home technologies has transformed how people interact with their living spaces, offering greater control over everyday tasks. However, this increased connectivity introduces significant security challenges, particularly in managing applications that can control devices within the smart home. Users need effective ways to define and enforce security policies that permit or deny specific behaviors of these applications. Such policies should allow users to control what actions applications can perform, ensuring that they comply with security and privacy preferences. This paper proposes a hybrid framework that combines Security by Contract (S<span><math><mo>×</mo></math></span>C) and Usage Control (UCON) to address these challenges and provide a comprehensive security solution with low impact on system performance. S<span><math><mo>×</mo></math></span>C ensures verification of the application behavior, described formally as a contract, against predefined XACML-based policies. UCON enables continuous monitoring and enforcement of security policies during application execution. The theoretical foundations of the methodology combining these frameworks are based on labeled state/transition systems and their model-checking-based verification. Through experimental validation on a real testbed, we explore the feasibility of the proposed approach by evaluating its performance across various test campaigns, offering insights into its ability to manage policy enforcement and revocation processes with low overhead.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"33 ","pages":"Article 101697"},"PeriodicalIF":7.6000,"publicationDate":"2025-07-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Exploiting usage control for implementation and enforcement of security by contract\",\"authors\":\"Marco Rasori , Paolo Mori , Andrea Saracino , Alessandro Aldini\",\"doi\":\"10.1016/j.iot.2025.101697\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>The widespread adoption of IoT-based smart home technologies has transformed how people interact with their living spaces, offering greater control over everyday tasks. However, this increased connectivity introduces significant security challenges, particularly in managing applications that can control devices within the smart home. Users need effective ways to define and enforce security policies that permit or deny specific behaviors of these applications. Such policies should allow users to control what actions applications can perform, ensuring that they comply with security and privacy preferences. This paper proposes a hybrid framework that combines Security by Contract (S<span><math><mo>×</mo></math></span>C) and Usage Control (UCON) to address these challenges and provide a comprehensive security solution with low impact on system performance. S<span><math><mo>×</mo></math></span>C ensures verification of the application behavior, described formally as a contract, against predefined XACML-based policies. UCON enables continuous monitoring and enforcement of security policies during application execution. The theoretical foundations of the methodology combining these frameworks are based on labeled state/transition systems and their model-checking-based verification. Through experimental validation on a real testbed, we explore the feasibility of the proposed approach by evaluating its performance across various test campaigns, offering insights into its ability to manage policy enforcement and revocation processes with low overhead.</div></div>\",\"PeriodicalId\":29968,\"journal\":{\"name\":\"Internet of Things\",\"volume\":\"33 \",\"pages\":\"Article 101697\"},\"PeriodicalIF\":7.6000,\"publicationDate\":\"2025-07-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Internet of Things\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2542660525002112\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet of Things","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2542660525002112","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

基于物联网的智能家居技术的广泛采用改变了人们与生活空间的互动方式，为日常任务提供了更好的控制。然而，这种增加的连接性带来了重大的安全挑战，特别是在管理可以控制智能家居中设备的应用程序方面。用户需要有效的方法来定义和执行允许或拒绝这些应用程序的特定行为的安全策略。这样的策略应该允许用户控制应用程序可以执行的操作，确保它们符合安全和隐私首选项。本文提出了一个结合契约安全（S×C）和使用控制（UCON）的混合框架来解决这些挑战，并提供对系统性能影响较小的综合安全解决方案。S×C确保根据预定义的基于xacl的策略对应用程序行为（正式描述为契约）进行验证。UCON支持在应用程序执行期间持续监控和执行安全策略。结合这些框架的方法的理论基础是基于标记状态/转换系统及其基于模型检查的验证。通过在真实的测试平台上进行实验验证，我们通过评估其在各种测试活动中的性能来探索所提出方法的可行性，从而深入了解其以低开销管理策略执行和撤销流程的能力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Exploiting usage control for implementation and enforcement of security by contract

The widespread adoption of IoT-based smart home technologies has transformed how people interact with their living spaces, offering greater control over everyday tasks. However, this increased connectivity introduces significant security challenges, particularly in managing applications that can control devices within the smart home. Users need effective ways to define and enforce security policies that permit or deny specific behaviors of these applications. Such policies should allow users to control what actions applications can perform, ensuring that they comply with security and privacy preferences. This paper proposes a hybrid framework that combines Security by Contract (S

\times

C) and Usage Control (UCON) to address these challenges and provide a comprehensive security solution with low impact on system performance. S

\times

C ensures verification of the application behavior, described formally as a contract, against predefined XACML-based policies. UCON enables continuous monitoring and enforcement of security policies during application execution. The theoretical foundations of the methodology combining these frameworks are based on labeled state/transition systems and their model-checking-based verification. Through experimental validation on a real testbed, we explore the feasibility of the proposed approach by evaluating its performance across various test campaigns, offering insights into its ability to manage policy enforcement and revocation processes with low overhead.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Internet of Things Multiple-

CiteScore

3.60

自引率

5.10%

发文量

115

审稿时长

37 days

期刊介绍： Internet of Things; Engineering Cyber Physical Human Systems is a comprehensive journal encouraging cross collaboration between researchers, engineers and practitioners in the field of IoT & Cyber Physical Human Systems. The journal offers a unique platform to exchange scientific information on the entire breadth of technology, science, and societal applications of the IoT. The journal will place a high priority on timely publication, and provide a home for high quality. Furthermore, IOT is interested in publishing topical Special Issues on any aspect of IOT.