Marco Rasori , Paolo Mori , Andrea Saracino , Alessandro Aldini
{"title":"利用使用控制,通过契约实现和强制执行安全","authors":"Marco Rasori , Paolo Mori , Andrea Saracino , Alessandro Aldini","doi":"10.1016/j.iot.2025.101697","DOIUrl":null,"url":null,"abstract":"<div><div>The widespread adoption of IoT-based smart home technologies has transformed how people interact with their living spaces, offering greater control over everyday tasks. However, this increased connectivity introduces significant security challenges, particularly in managing applications that can control devices within the smart home. Users need effective ways to define and enforce security policies that permit or deny specific behaviors of these applications. Such policies should allow users to control what actions applications can perform, ensuring that they comply with security and privacy preferences. This paper proposes a hybrid framework that combines Security by Contract (S<span><math><mo>×</mo></math></span>C) and Usage Control (UCON) to address these challenges and provide a comprehensive security solution with low impact on system performance. S<span><math><mo>×</mo></math></span>C ensures verification of the application behavior, described formally as a contract, against predefined XACML-based policies. UCON enables continuous monitoring and enforcement of security policies during application execution. The theoretical foundations of the methodology combining these frameworks are based on labeled state/transition systems and their model-checking-based verification. Through experimental validation on a real testbed, we explore the feasibility of the proposed approach by evaluating its performance across various test campaigns, offering insights into its ability to manage policy enforcement and revocation processes with low overhead.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"33 ","pages":"Article 101697"},"PeriodicalIF":7.6000,"publicationDate":"2025-07-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Exploiting usage control for implementation and enforcement of security by contract\",\"authors\":\"Marco Rasori , Paolo Mori , Andrea Saracino , Alessandro Aldini\",\"doi\":\"10.1016/j.iot.2025.101697\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>The widespread adoption of IoT-based smart home technologies has transformed how people interact with their living spaces, offering greater control over everyday tasks. However, this increased connectivity introduces significant security challenges, particularly in managing applications that can control devices within the smart home. Users need effective ways to define and enforce security policies that permit or deny specific behaviors of these applications. Such policies should allow users to control what actions applications can perform, ensuring that they comply with security and privacy preferences. This paper proposes a hybrid framework that combines Security by Contract (S<span><math><mo>×</mo></math></span>C) and Usage Control (UCON) to address these challenges and provide a comprehensive security solution with low impact on system performance. S<span><math><mo>×</mo></math></span>C ensures verification of the application behavior, described formally as a contract, against predefined XACML-based policies. UCON enables continuous monitoring and enforcement of security policies during application execution. The theoretical foundations of the methodology combining these frameworks are based on labeled state/transition systems and their model-checking-based verification. Through experimental validation on a real testbed, we explore the feasibility of the proposed approach by evaluating its performance across various test campaigns, offering insights into its ability to manage policy enforcement and revocation processes with low overhead.</div></div>\",\"PeriodicalId\":29968,\"journal\":{\"name\":\"Internet of Things\",\"volume\":\"33 \",\"pages\":\"Article 101697\"},\"PeriodicalIF\":7.6000,\"publicationDate\":\"2025-07-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Internet of Things\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2542660525002112\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet of Things","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2542660525002112","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
Exploiting usage control for implementation and enforcement of security by contract
The widespread adoption of IoT-based smart home technologies has transformed how people interact with their living spaces, offering greater control over everyday tasks. However, this increased connectivity introduces significant security challenges, particularly in managing applications that can control devices within the smart home. Users need effective ways to define and enforce security policies that permit or deny specific behaviors of these applications. Such policies should allow users to control what actions applications can perform, ensuring that they comply with security and privacy preferences. This paper proposes a hybrid framework that combines Security by Contract (SC) and Usage Control (UCON) to address these challenges and provide a comprehensive security solution with low impact on system performance. SC ensures verification of the application behavior, described formally as a contract, against predefined XACML-based policies. UCON enables continuous monitoring and enforcement of security policies during application execution. The theoretical foundations of the methodology combining these frameworks are based on labeled state/transition systems and their model-checking-based verification. Through experimental validation on a real testbed, we explore the feasibility of the proposed approach by evaluating its performance across various test campaigns, offering insights into its ability to manage policy enforcement and revocation processes with low overhead.
期刊介绍:
Internet of Things; Engineering Cyber Physical Human Systems is a comprehensive journal encouraging cross collaboration between researchers, engineers and practitioners in the field of IoT & Cyber Physical Human Systems. The journal offers a unique platform to exchange scientific information on the entire breadth of technology, science, and societal applications of the IoT.
The journal will place a high priority on timely publication, and provide a home for high quality.
Furthermore, IOT is interested in publishing topical Special Issues on any aspect of IOT.