IoT device profiling: From MUD files to S×C contracts

Guoni Matthíasson; Alberto Giaretta; Nicola Dragoni

IoT device profiling: From MUD files to S×C contracts

Guoni Matthíasson, Alberto Giaretta, Nicola Dragoni

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

11 Downloads (Pure)

Abstract

Security is a serious, and often neglected, issue in the Internet of Things (IoT). In order to improve IoT security, researchers proposed to use Security-by-Contract (S×C), a paradigm originally designed for mobile application platforms. However, S×C assumes that manufacturers equip their devices with security contracts, which makes hard to integrate legacy devices with S×C. In this paper, we explore a method to extract S×C contracts from legacy devices' Manufacturer Usage Descriptions (MUDs). We tested our solution on 28 different MUD files, and we show that it is possible to create basic S×C contracts, paving the way to complete extraction tools.

Original language	English
Title of host publication	Proceedings of 2020 Open Identity Summit
Volume	P-305
Publisher	Gesellschaft fur Informatik (GI)
Publication date	2020
Pages	143-154
ISBN (Print)	9783885796992
Publication status	Published - 2020
Event	Open Identity Summit 2020 - OID 2020 is publication only. Duration: 26 May 2020 → 27 May 2020 https://oid2020.compute.dtu.dk/

Conference

Conference	Open Identity Summit 2020
Location	OID 2020 is publication only.
Period	26/05/2020 → 27/05/2020
Internet address	https://oid2020.compute.dtu.dk/

Series	Lecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI)
Volume	P-305
ISSN	1617-5468

Keywords

Internet of Things
S×C
Security-by-Contract
MUD
Manufacturer Usage Description
Device proĄling

Access to Document

FulltextFinal published version, 169 KB

SFX availability

Full text

Cite this

@inproceedings{83a87d0ccae74a9baa05d5ec5e57291a,

title = "IoT device profiling: From MUD files to S×C contracts",

abstract = "Security is a serious, and often neglected, issue in the Internet of Things (IoT). In order to improve IoT security, researchers proposed to use Security-by-Contract (S×C), a paradigm originally designed for mobile application platforms. However, S×C assumes that manufacturers equip their devices with security contracts, which makes hard to integrate legacy devices with S×C. In this paper, we explore a method to extract S×C contracts from legacy devices' Manufacturer Usage Descriptions (MUDs). We tested our solution on 28 different MUD files, and we show that it is possible to create basic S×C contracts, paving the way to complete extraction tools.",

keywords = "Internet of Things, S×C, Security-by-Contract, MUD, Manufacturer Usage Description, Device pro{\c A}ling",

author = "Guoni Matth{\'i}asson and Alberto Giaretta and Nicola Dragoni",

year = "2020",

language = "English",

isbn = "9783885796992",

volume = "P-305",

series = "Lecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI)",

publisher = "Gesellschaft fur Informatik (GI)",

pages = "143--154",

booktitle = "Proceedings of 2020 Open Identity Summit",

address = "Germany",

note = " Open Identity Summit 2020, OID2020 ; Conference date: 26-05-2020 Through 27-05-2020",

url = "https://oid2020.compute.dtu.dk/",

}

IoT device profiling: From MUD files to S×C contracts. / Matthíasson, Guoni; Giaretta, Alberto; Dragoni, Nicola.

Proceedings of 2020 Open Identity Summit. Vol. P-305 Gesellschaft fur Informatik (GI), 2020. p. 143-154 (Lecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI), Vol. P-305).

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

TY - GEN

T1 - IoT device profiling: From MUD files to S×C contracts

AU - Matthíasson, Guoni

AU - Giaretta, Alberto

AU - Dragoni, Nicola

PY - 2020

Y1 - 2020

N2 - Security is a serious, and often neglected, issue in the Internet of Things (IoT). In order to improve IoT security, researchers proposed to use Security-by-Contract (S×C), a paradigm originally designed for mobile application platforms. However, S×C assumes that manufacturers equip their devices with security contracts, which makes hard to integrate legacy devices with S×C. In this paper, we explore a method to extract S×C contracts from legacy devices' Manufacturer Usage Descriptions (MUDs). We tested our solution on 28 different MUD files, and we show that it is possible to create basic S×C contracts, paving the way to complete extraction tools.

AB - Security is a serious, and often neglected, issue in the Internet of Things (IoT). In order to improve IoT security, researchers proposed to use Security-by-Contract (S×C), a paradigm originally designed for mobile application platforms. However, S×C assumes that manufacturers equip their devices with security contracts, which makes hard to integrate legacy devices with S×C. In this paper, we explore a method to extract S×C contracts from legacy devices' Manufacturer Usage Descriptions (MUDs). We tested our solution on 28 different MUD files, and we show that it is possible to create basic S×C contracts, paving the way to complete extraction tools.

KW - Internet of Things

KW - S×C

KW - Security-by-Contract

KW - MUD

KW - Manufacturer Usage Description

KW - Device proĄling

M3 - Article in proceedings

SN - 9783885796992

VL - P-305

T3 - Lecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI)

SP - 143

EP - 154

BT - Proceedings of 2020 Open Identity Summit

PB - Gesellschaft fur Informatik (GI)

T2 - Open Identity Summit 2020

Y2 - 26 May 2020 through 27 May 2020

ER -

IoT device profiling: From MUD files to S×C contracts

Abstract

Conference

Keywords

Access to Document

SFX availability

Fingerprint

Cite this