{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,25]],"date-time":"2026-01-25T22:21:36Z","timestamp":1769379696695,"version":"3.49.0"},"reference-count":18,"publisher":"MDPI AG","issue":"19","license":[{"start":{"date-parts":[[2019,9,23]],"date-time":"2019-09-23T00:00:00Z","timestamp":1569196800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"Cybersecurity is one of the biggest challenges in the Internet of Things (IoT) domain, as well as one of its most embarrassing failures. As a matter of fact, nowadays IoT devices still exhibit various shortcomings. For example, they lack secure default configurations and sufficient security configurability. They also lack rich behavioural descriptions, failing to list provided and required services. To answer this problem, we envision a future where IoT devices carry behavioural contracts and Fog nodes store network policies. One requirement is that contract consistency must be easy to prove. Moreover, contracts must be easy to verify against network policies. In this paper, we propose to combine the security-by-contract (S \u00d7 C) paradigm with Fog computing to secure IoT devices. Following our previous work, first we formally define the pillars of our proposal. Then, by means of a running case study, we show that we can model communication flows and prevent information leaks. Last, we show that our contribution enables a holistic approach to IoT security, and that it can also prevent unexpected chains of events.<\/jats:p>","DOI":"10.3390\/s19194121","type":"journal-article","created":{"date-parts":[[2019,9,23]],"date-time":"2019-09-23T11:02:00Z","timestamp":1569236520000},"page":"4121","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":12,"title":["IoT Security Configurability with Security-by-Contract"],"prefix":"10.3390","volume":"19","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9293-7711","authenticated-orcid":false,"given":"Alberto","family":"Giaretta","sequence":"first","affiliation":[{"name":"Centre for Applied Autonomous Sensors Systems (AASS), \u00d6rebro University, 701 82 \u00d6rebro, Sweden"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9575-2990","authenticated-orcid":false,"given":"Nicola","family":"Dragoni","sequence":"additional","affiliation":[{"name":"Centre for Applied Autonomous Sensors Systems (AASS), \u00d6rebro University, 701 82 \u00d6rebro, Sweden"},{"name":"DTU Compute, Technical University of Denmark, 2800 Kgs. Lyngby, Denmark"}]},{"given":"Fabio","family":"Massacci","sequence":"additional","affiliation":[{"name":"Department of Information Science and Engineering, University of Trento, 38123 Trento, Italy"}]}],"member":"1968","published-online":{"date-parts":[[2019,9,23]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Ciancarini, P., Litvinov, S., Messina, A., Sillitti, A., and Succi, G. (2017). The Internet of hackable things. Proceedings of the 5th International Conference in Software Engineering for Defence Applications, Rome, Italy, 10 May 2016, Springer.","DOI":"10.1007\/978-3-319-70578-1"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"1606","DOI":"10.1109\/JIOT.2018.2847733","article-title":"The Effect of IoT New Features on Security and Privacy: New Threats, Existing Solutions, and Challenges Yet to Be Solved","volume":"6","author":"Zhou","year":"2019","journal-title":"IEEE Internet Things J."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Bessis, N., and Dobre, C. (2014). Fog computing: A platform for Internet of things and analytics. Big Data and Internet of Things: A Roadmap for Smart Environments, Springer.","DOI":"10.1007\/978-3-319-05029-4"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Lopez, J., Samarati, P., and Ferrer, J.L. (2007). Security-by-contract: Toward a semantics for digital signatures on mobile code. Public Key Infrastructure, Proceedings of the (PKI\u201907) 4th European PKI Workshop: Theory and Practice, Palma de Mallorca, Spain, 28\u201330 June 2007, Springer.","DOI":"10.1007\/978-3-540-73408-6"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"566","DOI":"10.1016\/j.cose.2009.06.005","article-title":"What the heck is this application doing? A security-by-contract architecture for pervasive services","volume":"28","author":"Dragoni","year":"2009","journal-title":"Comput. Secur."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Dragoni, N., Gadyatskaya, O., and Massacci, F. (2010, January 12\u201314). Supporting applications\u2019 evolution in multi-application smart cards by security-by-contract. Proceedings of the 4th Workshop in Information Security Theory and Practices (WISTP 2010), Passau, Germany.","DOI":"10.1007\/978-3-642-12368-9_16"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Athreya, A.P., DeBruhl, B., and Tague, P. (2013, January 20\u201323). Designing for self-configuration and self-adaptation in the Internet of Things. Proceedings of the 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, Austin, TX, USA.","DOI":"10.4108\/icst.collaboratecom.2013.254091"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Lear, E., and Weis, B. (2016, January 11\u201313). Slinging MUD: Manufacturer usage descriptions: How the network can protect things. Proceedings of the International Conference on Selected Topics in Mobile Wireless Networking (MoWNeT), Cairo, Egypt.","DOI":"10.1109\/MoWNet.2016.7496625"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Alirezaie, M., Renoux, J., Kockemann, U., Kristoffersson, A., Karlsson, L., Blomqvist, E., Tsiftes, N., Voigt, T., and Loutfi, A. (2017). An ontology-based context-aware system for smart homes: E-care@home. Sensors, 17.","DOI":"10.3390\/s17071586"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Giaretta, A., Dragoni, N., and Massacci, F. (2019, January 15\u201318). Protecting the Internet of Things with security-by-contract and Fog computing. Proceedings of the 2019 IEEE 5th World Forum on Internet of Things (WF-IoT), Limerick, Ireland.","DOI":"10.1109\/WF-IoT.2019.8767243"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Hamza, A., Ranathunga, D., Gharakheili, H.H., Roughan, M., and Sivaraman, V. (2018, January 20). Clear as MUD: Generating, validating and applying IoT behavioural profiles. Proceedings of the 2018 Workshop on IoT Security and Privacy, Budapest, Hungary.","DOI":"10.1145\/3229565.3229566"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"278","DOI":"10.1016\/j.cose.2017.06.008","article-title":"Stalking the stalkers\u2013detecting and deterring stalking behaviours using technology: A review","volume":"70","author":"Choo","year":"2017","journal-title":"Comput. Secur."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Agadakos, I., Chen, C.Y., Campanelli, M., Anantharaman, P., Hasan, M., Copos, B., Lepoint, T., Locasto, M., Ciocarlie, G.F., and Lindqvist, U. (November, January 30). Jumping the air gap: Modeling cyber-physical attack paths in the Internet-of-Things. Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and PrivaCy, Dallas, TX, USA.","DOI":"10.1145\/3140241.3140252"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"64","DOI":"10.1016\/j.csi.2018.08.003","article-title":"Risk-based automated assessment and testing for the cybersecurity certification and labelling of IoT devices","volume":"62","author":"Skarmeta","year":"2019","journal-title":"Comput. Standard. Interfaces"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Kuusij\u00e4rvi, J., Savola, R., Savolainen, P., and Evesti, A. (2016, January 5\u20137). Mitigating IoT security threats with a trusted network element. Proceedings of the 11th International Conference for Internet Technology and Secured Transactions (ICITST), Barcelona, Spain.","DOI":"10.1109\/ICITST.2016.7856708"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Al-Hasnawi, A., Mohammed, I., and Al-Gburi, A. (2018, January 3\u20135). Performance evaluation of the policy enforcement Fog module for protecting privacy of IoT data. Proceedings of the 2018 IEEE International Conference on Electro\/Information Technology (EIT), Rochester, MI, USA.","DOI":"10.1109\/EIT.2018.8500157"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Dsouza, C., Ahn, G., and Taguinod, M. (2014, January 13\u201315). Policy-driven security management for Fog computing: Preliminary framework and a case study. Proceedings of the 2014 IEEE 15th International Conference on Information Reuse and Integration (IRI 2014), Redwood City, CA, USA.","DOI":"10.1109\/IRI.2014.7051866"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Hamza, A., Gharakheili, H.H., and Sivaraman, V. (2018, January 20). Combining MUD policies with SDN for IoT intrusion detection. Proceedings of the 2018 Workshop on IoT Security and Privacy, Budapest, Hungary.","DOI":"10.1145\/3229565.3229571"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/19\/19\/4121\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T13:23:24Z","timestamp":1760189004000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/19\/19\/4121"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,9,23]]},"references-count":18,"journal-issue":{"issue":"19","published-online":{"date-parts":[[2019,10]]}},"alternative-id":["s19194121"],"URL":"https:\/\/doi.org\/10.3390\/s19194121","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,9,23]]}}}