Nowadays, networked embedded systems (NESs) are required to be reconfigurable in order to be customizable to different operating environments and/or
adaptable to changes in operating environment. However,
reconfigurability acts against security as it introduces new
sources of vulnerability. In this paper, we propose a security
architecture that integrates, enriches and extends a compo-
nent-based middleware layer with abstractions and mecha-
nisms for secure reconfiguration and secure communication.
The architecture provides a secure communication service
that enforces application-specific fine-grained security pol-
icy. Furthermore, in order to support secure reconfiguration
at the middleware level, the architecture provides a basic
mechanism for authenticated downloading from a remote
source. Finally, the architecture provides a rekeying service
that performs key distribution and revocation. The archi-
tecture provides the services as a collection of middleware
components that an application developer can instantiate
according to the application requirements and constraints.
The security architecture extends the middleware by
exploiting the decoupling and encapsulation capabilities
provided by components. It follows that the architecture
results itself reconfigurable and can span heterogeneous
devices. The security architecture has been implemented for
different platforms including low-end, resource-poor ones
such as Tmote Sky sensor devices