ABSTRACT
Rapid advances in ıotn~ have led to the proliferation of several end-user ıot devices. A modern day home ıot environment now resembles a complete network ecosystem with a variety of devices co-existing and operating concurrently. It is necessary that these devices do not disrupt the operations of other devices, either accidentally or maliciously. Accidental disruptions are usually due to misconfigured devices, which may, for instance, result in a device sending network broadcasts and flooding the network. Malicious disruptions may be caused by devices being compromised by attackers or due to devices purchased from untrusted manufacturers. An intentional disruption can include sending control information to other devices to manipulate their operations, and requesting for sensitive information such as surveillance videos or camera pictures. One way of preventing such disruptions is by enforcing access control on ıot devices. Attribute-Based Access Control is the most appropriate model because of its ability to enforce access control based on the attributes of the devices, users, and environment context. We consider the NIST Next Generation Access Control (NGAC) specification for our ABAC requirements because of several reasons, including its support for adaptive policies, efficiency, and ease of policy management.
- M. Alramadhan and K. Sha. 2017. An Overview of Access Control Mechanisms for Internet of Things 26th International Conference on Computer Communication and Networks (ICCCN). 1--6.Google Scholar
- Jorge Bernal Bernabe, Jose Luis Hernandez Ramos, and Antonio F Skarmeta Gomez. 2016. TACIoT: multidimensional trust-aware access control system for the Internet of Things. Soft Computing Vol. 20, 5 (2016), 1763--1779. Google ScholarDigital Library
- Smriti Bhatt, Farhan Patwa, and Ravi Sandhu. 2017 a. An Access Control Framework for Cloud-Enabled Wearable Internet of Things Collaboration and Internet Computing (CIC). IEEE, 328--338.Google Scholar
- Smriti Bhatt, Farhan Patwa, and Ravi Sandhu. 2017 b. Access Control Model for AWS Internet of Things. In International Conference on Network and System Security (NSS). Springer, 721--736.Google Scholar
- Michael J. Covington, Matthew J. Moyer, and Mustaque Ahamad. 2000. Generalized role-based access control for securing future applications. National Information Systems Security Conference (NISSC). 40--51.Google Scholar
- David Ferraiolo, Ramaswamy Chandramouli, Vincent Hu, and Rick Kuhn. 2016. A Comparison of Attribute Based Access Control (ABAC) Standards for Data Services. Technical Report. Draft NIST Special Publication 800--178, National Institute of Standards and Technology.Google Scholar
- David F. Ferraiolo, Vijayalakshmi Atluri, and Serban I. Gavrila. 2011. The Policy Machine: A novel architecture and framework for access control policy specification and enforcement. Journal of Systems Architecture - Embedded Systems Design Vol. 57, 4 (2011), 412--424. Google ScholarDigital Library
- David F. Ferraiolo, Serban I. Gavrila, and Wayne A. Jansen. 2013 a. Enabling an Enterprise-Wide, Data-Centric Operating Environment. IEEE Computer Vol. 46, 4 (2013), 94--96. Google ScholarDigital Library
- David F. Ferraiolo, Serban I. Gavrila, and Wayne A. Jansen. 2013 b. Enabling an Enterprise-Wide, Data-Centric Operating Environment. IEEE Computer Vol. 46, 4 (2013), 94--96. Google ScholarDigital Library
- David F. Ferraiolo, Ravi S. Sandhu, Serban I. Gavrila, D. Richard Kuhn, and Ramaswamy Chandramouli. 2001. Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. Vol. 4, 3 (2001), 224--274. Google ScholarDigital Library
- David Formby, Preethi Srinivasan, Andrew Leonard, Jonathan Rogers, and Raheem A. Beyah. 2016. Who's in Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems. In Annual Network and Distributed System Security Symposium (NDSS).Google Scholar
- Jérôme Franccois, Humberto J. Abdelnur, Radu State, and Olivier Festor. 2009. Automated Behavioral Fingerprinting. In Recent Advances in Intrusion Detection (RAID). 182--201. Google ScholarDigital Library
- Jérôme Franccois, Humberto J. Abdelnur, Radu State, and Olivier Festor. 2010. Machine Learning Techniques for Passive Network Inventory. IEEE Trans. Network and Service Management Vol. 7, 4 (2010), 244--257. Google ScholarDigital Library
- Paul M. Hayton, Bernhard Schölkopf, Lionel Tarassenko, and Paul Anuzis. 2000. Support Vector Novelty Detection Applied to Jet Engine Vibration Spectra Advances in Neural Information Processing Systems 13. 946--952. Google ScholarDigital Library
- José L Hernández-Ramos, Antonio J Jara, Leandro Marın, and Antonio F Skarmeta Gómez. 2016. DCapBAC: embedding authorization logic into smart things through ECC optimizations. International Journal of Computer Mathematics Vol. 93, 2 (2016), 345--366. Google ScholarDigital Library
- Vincent C. Hu, D. Richard Kuhn, and David F. Ferraiolo. 2015. Attribute-Based Access Control. IEEE Computer Vol. 48, 2 (2015), 85--88.Google ScholarDigital Library
- Wayne Jansen, David Ferraiolo, and Serban Gavrila. 2012. Policy machine: Features, architecture, and specification. Technical Report. NIST.Google Scholar
- Steffen Elmstrøm Holst Jensen and Rune Hylsberg Jacobsen. {n. d.}. Access Control with RFID in the Internet of Things Advanced Information Networking and Applications (AINA) Workshops. IEEE, 554--559. Google ScholarDigital Library
- Sun Kaiwen and Yin Lihua. 2014. Attribute-Role-Based Hybrid Access Control in the Internet of things Asia-Pacific Web (APWeb) Workshops. Springer, 333--343.Google Scholar
- Tadayoshi Kohno, Andre Broido, and Kimberly C. Claffy. 2005. Remote Physical Device Fingerprinting. IEEE Trans. Dependable Sec. Comput. Vol. 2, 2 (2005), 93--108. Google ScholarDigital Library
- Brian Krebs. 2016. KrebsOnSecurity Hit With Record DDoS. https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/. (September. 2016).Google Scholar
- Jing Liu, Yang Xiao, and CL Philip Chen. 2012. Authentication and Access Control in the Internet of Things Distributed Computing Systems (ICDCS) Workshops. IEEE, 588--592. Google ScholarDigital Library
- Parikshit N Mahalle, Pravin A Thakre, Neeli Rashmi Prasad, and Ramjee Prasad. 2013. A Fuzzy Approach to Trust Based Access Control in Internet of Things Wireless Communications, Vehicular Technology, Information Theory and Aerospace & Electronic Systems (VITAE). IEEE, 1--5.Google Scholar
- Markus Miettinen, Samuel Marchal, Ibbad Hafeez, N. Asokan, Ahmad-Reza Sadeghi, and Sasu Tarkoma. 2017. IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT. In Distributed Computing Systems (ICDCS). IEEE, 2177--2184.Google Scholar
- Sue B. Moon, Paul Skelly, and Donald F. Towsley. 1999. Estimation and Removal of Clock Skew from Network Delay Measurements The Conference on Computer Communications (INFOCOM). 227--234.Google Scholar
- Aafaf Ouaddah, Hajar Mousannif, Anas Abou Elkalam, and Abdellah Ait Ouahman. 2017. Access control in The Internet of Things: Big challenges and new opportunities. Computer Networks Vol. 112 (2017), 237--262. Google ScholarDigital Library
- Sakthi Vignesh Radhakrishnan, A. Selcuk Uluagac, and Raheem A. Beyah. 2015. GTID: A Technique for Physical Device and Device Type Fingerprinting. IEEE Trans. Dependable Sec. Comput. Vol. 12, 5 (2015), 519--532.Google ScholarCross Ref
- José Luis Hernández Ramos, Antonio J. Jara, Leandro Mar'ın, and Antonio F. Skarmeta. 2013. Distributed Capability-based Access Control for the Internet of Things. J. Internet Serv. Inf. Secur. Vol. 3, 3 (2013), 1--16.Google Scholar
- Ravi S. Sandhu. 1998. Role-Based Access Control. Advances in Computers Vol. 46 (1998), 237--286.Google ScholarCross Ref
- Qixu Wang, Dajiang Chen, Ning Zhang, Zhen Qin, and Zhiguang Qin. 2017. LACS: A Lightweight Label-Based Access Control Scheme in IoT-Based 5G Caching Context. IEEE Access Vol. 5 (2017), 4018--4027.Google ScholarCross Ref
- Yunpeng Zhang and Xuqing Wu. 2016. Access Control in Internet of Things: A Survey. CoRR Vol. abs/1610.01065 (2016). {arxiv}1610.01065 http://arxiv.org/abs/1610.01065Google Scholar
Index Terms
- Securing Home IoT Environments with Attribute-Based Access Control
Recommendations
Mining Positive and Negative Attribute-Based Access Control Policy Rules
SACMAT '18: Proceedings of the 23nd ACM on Symposium on Access Control Models and TechnologiesMining access control policies can reduce the burden of adopting more modern access control models by automating the process of generating policies based on existing authorization information in a system. Previous work in this area has focused on mining ...
Incorporating Off-Line Attribute Delegation into Hierarchical Group and Attribute-Based Access Control
Foundations and Practice of SecurityAbstractEfforts towards incorporating user-to-user delegation into Attribute-Based Access Control (ABAC) is an emerging new direction in ABAC research. A number of potential strategies for integrating delegation have been proposed in recent literature but ...
Semantic Attribute-Based Access Control: A review on current status and future perspectives
AbstractAttribute-based access control (ABAC) uses the attributes of the involved entities (i.e., subject, object, action, and environment) to provide access control. Despite various advantages offered by ABAC, it is not the best fit for ...
Comments