{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,21]],"date-time":"2026-04-21T02:58:54Z","timestamp":1776740334965,"version":"3.51.2"},"reference-count":16,"publisher":"MDPI AG","issue":"8","license":[{"start":{"date-parts":[[2020,8,5]],"date-time":"2020-08-05T00:00:00Z","timestamp":1596585600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Symmetry"],"abstract":"<jats:p>The heterogeneity of Internet of Things (IoT) systems has so far prevented the definition of adequate standards, hence making it difficult to compare meaningfully the security degree of diverse architectural choices. This task can be nonetheless achieved with formal methodologies. However, the dedicated IoT literature shows no evidence of a universal model allowing the security evaluation of any arbitrary system. Based on these considerations, we propose a new model that aims at being global and all-encompassing. Our model can be used to fairly analyse the security level of different IoT systems and compare them in a significant way. It is designed to be adaptive with realistic definitions of the adversary\u2019s (1) actions of interacting with IoT systems; (2) capabilities of accessing the data generated by and exchanged in IoT systems with established rules; and (3) objectives of attacking IoT systems according to the four recognised security properties of confidentiality, integrity, availability and soundness. Such a design enables the straightforward characterization of new adversaries. It further helps in providing a fine-grained security evaluation of IoT systems by either accurately describing attacks against the analysed systems or formally proving their guaranteed level of security.<\/jats:p>","DOI":"10.3390\/sym12081305","type":"journal-article","created":{"date-parts":[[2020,8,5]],"date-time":"2020-08-05T06:02:21Z","timestamp":1596607341000},"page":"1305","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":16,"title":["Towards a Formal IoT Security Model"],"prefix":"10.3390","volume":"12","author":[{"given":"Tania","family":"Martin","sequence":"first","affiliation":[{"name":"European Commission, Joint Research Centre (JRC), 21027 Ispra, Italy"}]},{"given":"Dimitrios","family":"Geneiatakis","sequence":"additional","affiliation":[{"name":"European Commission, Joint Research Centre (JRC), 21027 Ispra, Italy"}]},{"given":"Ioannis","family":"Kounelis","sequence":"additional","affiliation":[{"name":"European Commission, Joint Research Centre (JRC), 21027 Ispra, Italy"}]},{"given":"St\u00e9phanie","family":"Kerckhof","sequence":"additional","affiliation":[{"name":"European Commission, Joint Research Centre (JRC), 21027 Ispra, Italy"}]},{"given":"Igor","family":"Nai Fovino","sequence":"additional","affiliation":[{"name":"European Commission, Joint Research Centre (JRC), 21027 Ispra, Italy"}]}],"member":"1968","published-online":{"date-parts":[[2020,8,5]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Ronen, E., Shamir, A., Weingarten, A.O., and O\u2019Flynn, C. (2017, January 22\u201326). IoT Goes Nuclear: Creating a ZigBee Chain Reaction. Proceedings of the IEEE Symposium on Security and Privacy\u2014SP 2017, San Jos\u00e9, CA, USA.","DOI":"10.1109\/SP.2017.14"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Mohsin, M., Anwar, Z., Husari, G., Al-Shaer, E., and Rahman, M.A. (2016, January 17\u201319). IoTSAT: A Formal Framework for Security Analysis of the Internet of Things (IoT). Proceedings of the Conference on Communications and Network Security\u2014CNS 2016, Philadelphia, PA, USA.","DOI":"10.1109\/CNS.2016.7860484"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Armando, A., Basin, D.A., Boichut, Y., Chevalier, Y., Compagna, L., Cu\u00e9llar, J., Drielsma, P.H., H\u00e9am, P.C., Kouchnarenko, O., and Mantovani, J. (2005, January 6\u201310). The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications. Proceedings of the International Conference on Computer Aided Verification\u2014CAV 2005, Edinburgh, Scotland, UK.","DOI":"10.1007\/11513988_27"},{"key":"ref_4","unstructured":"Cremers, C.J.F. (2008, January 7\u201314). The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols. Proceedings of the International Conference on Computer Aided Verification\u2014CAV 2008, Princeton, NJ, USA."},{"key":"ref_5","unstructured":"Jha, S., Sheyner, O., and Wing, J. (2002, January 24\u201326). Two Formal Analyses of Attack Graphs. Proceedings of the IEEE Computer Security Foundations Workshop\u2014CSFW-15, Cape Breton, NS, Canada."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Mauw, S., and Oostdijk, M. (2005, January 1\u20132). Foundations of Attack Trees. Proceedings of the 8th International Conference on Information Security and Cryptology\u2014ICISC 2005, Seoul, Korea.","DOI":"10.1007\/11734727_17"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Tabrizi, F.M., and Pattabiraman, K. (2016, January 5\u20139). Formal Security Analysis of Smart Embedded Systems. Proceedings of the 32nd Annual Conference on Computer Security Applications\u2014ACSAC 2016, Los Angeles, CA, USA.","DOI":"10.1145\/2991079.2991085"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"710275","DOI":"10.1155\/2013\/710275","article-title":"Untangling RFID Privacy Models","volume":"2013","author":"Coisel","year":"2013","journal-title":"J. Comput. Networks Commun."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"2397","DOI":"10.1109\/TMC.2013.161","article-title":"Untraceability Model for RFID","volume":"13","author":"Avoine","year":"2014","journal-title":"IEEE Trans. Mob. Comput."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Kayes, A.S.M., Han, J., Colman, A., and Islam, M.S. (2014). RelBOSS: A Relationship-Aware Access Control Framework for Software Services. On The Move to Meaningful Internet Systems\u2014OTM 2014, Springer.","DOI":"10.1007\/978-3-662-45563-0_15"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Kayes, A.S.M., Rahayu, W., Dillon, T.S., and Chang, E. (2018, January 1\u20133). Accessing Data from Multiple Sources Through Context-Aware Access Control. Proceedings of the 17th IEEE International Conference On Trust, Security And Privacy in Computing and Communications\/12th IEEE International Conference On Big Data Science And Engineering\u2014TrustCom\/BigDataSE, New York, NY, USA.","DOI":"10.1109\/TrustCom\/BigDataSE.2018.00084"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"743","DOI":"10.1007\/s00607-018-0654-1","article-title":"Critical Situation Management Utilizing IoT-Based Data Resources through Dynamic Contextual Role Modeling and Activation","volume":"101","author":"Kayes","year":"2019","journal-title":"Computing"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Tu, D.Q., Kayes, A.S.M., Rahayu, W., and Nguyen, K. (2019, January 27\u201329). ISDI: A New Window-Based Framework for Integrating IoT Streaming Data from Multiple Sources. Proceedings of the Advanced Information Networking and Applications\u2014AINA 2019, Matsue, Japan.","DOI":"10.1007\/978-3-030-15032-7_42"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Kayes, A.S.M., Kalaria, R., Sarker, I.H., Islam, M.S., Watters, P.A., Ng, A., Hammoudeh, M., Badsha, S., and Kumara, I. (2020). A Survey of Context-Aware Access Control Mechanisms for Cloud and Fog Networks: Taxonomy and Open Research Issues. Sensors, 20.","DOI":"10.3390\/s20092464"},{"key":"ref_15","unstructured":"UPnP Forum (2008). UPnP\u2122 Device Architecture 1.1, UPnP. Technical Report."},{"key":"ref_16","unstructured":"Shoup, V. (2004). Sequences of Games: A Tool for Taming Complexity in Security Proofs, IACR. Cryptology ePrint Archive, Report 2004\/332."}],"container-title":["Symmetry"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-8994\/12\/8\/1305\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T09:54:27Z","timestamp":1760176467000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-8994\/12\/8\/1305"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,8,5]]},"references-count":16,"journal-issue":{"issue":"8","published-online":{"date-parts":[[2020,8]]}},"alternative-id":["sym12081305"],"URL":"https:\/\/doi.org\/10.3390\/sym12081305","relation":{},"ISSN":["2073-8994"],"issn-type":[{"value":"2073-8994","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,8,5]]}}}