Both people and organizations are widely accepting and adopting of the functionalities offered by the smart home or smart building applications. This is due to the many advantages, in easing users' everyday life and work, provided by the emerging Internet of Things (IoT) technologies and devices—equipped with sensors, cameras, or actuators—and the ability to either to acquire information from the environment or to perform proper tasks. The main features of smart homes/buildings include real‐time monitoring, remote control, safety from intruders, gas/fire alarm, and so on. Because sensitive and private information is managed within smart homes/buildings, security and privacy solutions must be put in place in order to protect users/businesses' data against violation attempts as well as to guarantee the provision of reliable services. To this end, rules—in the form of policies—associated with the smart home/building resources must be defined and correctly enforced by means of a robust framework for handling the huge amount of IoT data managed. In this paper, the effectiveness and potentialities of a strategy based on sticky policies, integrated into a security and privacy‐aware IoT middleware, are demonstrated within a smart home scenario. A test bed is developed using real datasets in order to conduct analysis on the execution times, response times to detected attacks, and memory occupancy of the proposed approach.