DACIoT: Dynamic Access Control Framework for IoT Deployments

This article presents a dynamic access control framework for the Internet of Things (DACIoT). The main objective of DACIoT is to prevent unauthorized access to IoT devices and tightens the authorized access while an IoT device is in use. The rigidness of existing access control (AC) techniques in terms of manual policy specification, discontinuity of access decision making, and immutability to changing access behaviors makes these solutions fall short in highly dynamic IoT environments. DACIoT supports three functionalities that are lacking in existing AC solutions: 1) automatic policy generation; 2) continuous policy enforcement; and 3) adaptive policy adjustment. The DACIoT extends the standard reference model of the extensible AC markup language (XACML) with the added three functionalities to improve the adaptability of attribute-based AC policies to highly dynamic IoT environments. Results show that DACIoT provides improved security, dynamic adaptability, and can scale efficiently to IoT environments.

[1]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[2]  Guoping Zhang,et al.  An extended role based access control model for the Internet of Things , 2010, 2010 International Conference on Information, Networking and Automation (ICINA).

[3]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[4]  Zibin Zheng,et al.  An Overview of Blockchain Technology: Architecture, Consensus, and Future Trends , 2017, 2017 IEEE International Congress on Big Data (BigData Congress).

[5]  Jon Louis Bentley,et al.  Multidimensional binary search trees used for associative searching , 1975, CACM.

[6]  Geoffrey E. Hinton,et al.  Learning representations by back-propagating errors , 1986, Nature.

[7]  Aissam Outchakoucht,et al.  Dynamic Access Control Policy based on Blockchain and Machine Learning for the Internet of Things , 2017 .

[8]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[9]  Felix Wortmann,et al.  Internet of Things , 2015, Business & Information Systems Engineering.

[10]  Yuval Elovici,et al.  N-BaIoT—Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders , 2018, IEEE Pervasive Computing.

[11]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[12]  David F. Ferraiolo,et al.  Guide to Attribute Based Access Control (ABAC) Definition and Considerations , 2014 .

[13]  Kevin Ashton,et al.  That ‘Internet of Things’ Thing , 1999 .

[14]  Gary B. Wills,et al.  XACML for Building Access Control Policies in Internet of Things , 2018, IoTBDS.

[15]  Karen A. Scarfone,et al.  Guide to Attribute Based Access Control (ABAC) Definition and Considerations [includes updates as of 02-25-2019] , 2019 .

[16]  Cheng Cheng,et al.  Access Control Method for Web of Things Based on Role and SNS , 2012, 2012 IEEE 12th International Conference on Computer and Information Technology.

[17]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[18]  Li Gong,et al.  A secure identity-based capability system , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[19]  Tao Xie,et al.  Designing Fast and Scalable XACML Policy Evaluation Engines , 2011, IEEE Transactions on Computers.

[20]  Xiaohong Jiang,et al.  Smart Contract-Based Access Control for the Internet of Things , 2018, IEEE Internet of Things Journal.

[21]  Keven G. Ruby,et al.  The Insider Threat to Information Systems , 2022 .

[22]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[23]  Audun Jøsang A Consistent Definition of Authorization , 2017, STM.

[24]  Constantinos Patsakis,et al.  Hey Doc, Is This Normal?: Exploring Android Permissions in the Post Marshmallow Era , 2017, SPACE.

[25]  Gary B. Wills,et al.  Developing an Adaptive Risk-Based Access Control Model for the Internet of Things , 2017, 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[26]  Mustaque Ahamad,et al.  Generalized role-based access control , 2001, Proceedings 21st International Conference on Distributed Computing Systems.

[27]  Antonio F. Gómez-Skarmeta,et al.  DCapBAC: embedding authorization logic into smart things through ECC optimizations , 2016, Int. J. Comput. Math..

[28]  Ramjee Prasad,et al.  Capability-based access control delegation model on the federated IoT network , 2012, The 15th International Symposium on Wireless Personal Multimedia Communications.

[29]  Jorge Lobo,et al.  A Similarity Measure for Comparing XACML Policies , 2013, IEEE Transactions on Knowledge and Data Engineering.

[30]  Carles Gomez,et al.  Overview and Evaluation of Bluetooth Low Energy: An Emerging Low-Power Wireless Technology , 2012, Sensors.

[31]  Ramjee Prasad,et al.  Identity Authentication and Capability Based Access Control (IACAC) for the Internet of Things , 2012, J. Cyber Secur. Mobil..

[32]  Hossam S. Hassanein,et al.  CAPE: Continuous Access Policy Enforcement for IoT Deployments , 2019, 2019 15th International Wireless Communications & Mobile Computing Conference (IWCMC).

[33]  Hossam S. Hassanein,et al.  Context-aware Automatic Access Policy Specification for IoT Environments , 2018, 2018 14th International Wireless Communications & Mobile Computing Conference (IWCMC).

[34]  Jun Han,et al.  A Semantic Policy Framework for Context-Aware Access Control Applications , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.