Repository logo

Big Ideas paper: Policy-driven middleware for a legally-compliant Internet of Things.

Accepted version


Conference Object

Change log


Singh, Jatinder 
Pasquier, Thomas 
Bacon, Jean 
Diaconu, Raluca 
Powles, Julia 


Internet of Things (IoT) applications, systems and services are subject to law. We argue that for the IoT to develop lawfully, there must be technical mechanisms that allow the enforcement of speci ed policy, such that systems align with legal realities. The audit of policy enforcement must assist the apportionment of liability, demonstrate compliance with regulation, and indicate whether policy correctly captures le- gal responsibilities. As both systems and obligations evolve dynamically, this cycle must be continuously maintained. This poses a huge challenge given the global scale of the IoT vision. The IoT entails dynamically creating new ser- vices through managed and exible data exchange . Data management is complex in this dynamic environment, given the need to both control and share information, often across federated domains of administration. We see middleware playing a key role in managing the IoT. Our vision is for a middleware-enforced, uni ed policy model that applies end-to-end, throughout the IoT. This is because policy cannot be bound to things, applications, or administrative domains, since functionality is the result of composition, with dynamically formed chains of data ows. We have investigated the use of Information Flow Control (IFC) to manage and audit data ows in cloud computing; a domain where trust can be well-founded, regulations are more mature and associated responsibilities clearer. We feel that IFC has great potential in the broader IoT context. However, the sheer scale and the dynamic, federated nature of the IoT pose a number of signi cant research challenges.



Law, regulation, policy specification and enforcement, audit

Journal Title

ACM 17th ACM/IFIP/Usenix Middleware

Conference Name

Middleware 2016

Journal ISSN

Volume Title



Engineering and Physical Sciences Research Council (EP/K011510/1)
Engineering and Physical Sciences Research Council (Grant ID: EP/K011510 CloudSafetyNet: End-to-End Application Security in the Cloud), Microsoft (through the Microsoft Cloud Computing Research Centre)
Is supplemented by: