IoT device profiling: From MUD files to S×C contracts

Guoni Matthíasson, Alberto Giaretta, Nicola Dragoni

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

11 Downloads (Pure)


Security is a serious, and often neglected, issue in the Internet of Things (IoT). In order to improve IoT security, researchers proposed to use Security-by-Contract (S×C), a paradigm originally designed for mobile application platforms. However, S×C assumes that manufacturers equip their devices with security contracts, which makes hard to integrate legacy devices with S×C. In this paper, we explore a method to extract S×C contracts from legacy devices' Manufacturer Usage Descriptions (MUDs). We tested our solution on 28 different MUD files, and we show that it is possible to create basic S×C contracts, paving the way to complete extraction tools.
Original languageEnglish
Title of host publicationProceedings of 2020 Open Identity Summit
PublisherGesellschaft fur Informatik (GI)
Publication date2020
ISBN (Print)9783885796992
Publication statusPublished - 2020
Event Open Identity Summit 2020 - OID 2020 is publication only.
Duration: 26 May 202027 May 2020


Conference Open Identity Summit 2020
LocationOID 2020 is publication only.
Internet address
SeriesLecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI)


  • Internet of Things
  • S×C
  • Security-by-Contract
  • MUD
  • Manufacturer Usage Description
  • Device proĄling


Dive into the research topics of 'IoT device profiling: From MUD files to S×C contracts'. Together they form a unique fingerprint.

Cite this