A growing number of deployments of Wireless Sensor Networks (WSNs) position the nodes as multi-purpose albeit limited platforms. These platforms offer services to a set of applications of different owners. This view introduces security problems complementary to protection against
outsiders requiring mechanisms beyond the existing physical, base crypto and network-level protection. Limited trust in the different applications mandates a security solution providing granular control over resources and data. Due to the constrained nature of network embedded systems transferring solutions from the distributed systems domain to the embedded system requires optimization. Distributed monitors can provide adequate security but must be concise and controllable by lightweight run-time artifacts as well as be deployed only where needed. Presented research consists of an operational model that inserts controls by instrumentation of local or remote interaction in the resource-rich backend, subsequently enforcing control at the nodes by using scaled down policy engines. The selective injection is achieved through aspect-oriented techniques. The solution is demonstrated for two paradigms encountered when building WSN applications thus achieving local resource protection and protection of distributed event-based data flow. The costs and benefits of the selective injection approach are validated and quantified through a river monitoring case and associated simulation experiments.