Abstract

Internet of Things (IoT) ecosystems are recently experiencing a significant growth in complexity. Most IoT applications in domains like healthcare, industry, automotive, and smart energy are composed of several interconnected subsystems that produce, collect, process, and exchange a huge amount of data, and that offer composite services to the end users based on these data. This scenario is exacerbated by the dynamism of the IoT device layer, which may be subject to structural or technological changes over time, to cope for example with the need for new sensing/actuation capabilities requirements or with technical issues. Due to the inherent sensitive nature of the data that is typically processed by IoT applications, security represents one of the primary issues to address. It is worth noting that each subsystem integrated within a composite IoT application may have different requirements and enforce different local security policies, and the policies that result globally enforced at the system level may not comply with the existing global requirements. In general, the analysis and validation of security properties in a composite IoT system represents a very complex task, made even more complex by the introduction of new laws and regulations during system life. To cope with the above issues, in this article, we propose a methodology that leverages both workflow languages and semantics in order to enable the validation of the security features offered by a composite IoT system, with the goal of verifying whether they match with global end-user policies and even with national and international laws and rules.