Matthíasson, GuðniGiaretta, AlbertoDragoni, NicolaRoßnagel, HeikoSchunck, Christian H.Mödersheim, SebastianHühnlein, Detlef2020-05-272020-05-272020978-3-88579-699-2https://dl.gi.de/handle/20.500.12116/33171Security is a serious, and often neglected, issue in the Internet of Things (IoT). In order to improve IoT security, researchers proposed to use Security-by-Contract (S×C), a paradigm originally designed for mobile application platforms. However, S×C assumes that manufacturers equip their devices with security contracts, which makes hard to integrate legacy devices with S×C. In this paper, we explore a method to extract S×C contracts from legacy devices’ Manufacturer Usage Descriptions (MUDs). We tested our solution on 28 different MUD files, and we show that it is possible to create basic S×C contracts, paving the way to complete extraction tools.enInternet of ThingsS×CSecurity-by-ContractMUDManufacturer Usage DescriptionDevice profilingText/Conference Paper10.18420/ois2020_121617-5468