Critical situation management utilizing IoT-based data resources through dynamic contextual role modeling and activation

New opportunities have been created for the management of critical situations utilizing the Internet of Things (IoT). However, one of the difficulties in providing services for critical situation management using IoT is that access will often be needed by users at the critical events, where access to data and resources is usually restricted by means of their normal roles. In Role-Based Access Control, these roles are organized in static hierarchies and users are authorized to play such roles in order to exercise their organizational functions. However, some of these roles cannot be organized in the same way in static hierarchies as the authorizations granted to such roles directly correspond to the dynamic contextual conditions (e.g., body sensors data). Users need to satisfy these conditions to exercise the functions of such dynamic contextual roles. These dynamic conditions can be effectively derived from the IoT devices in order to manage the critical situations. However, a large number of static roles and contextual conditions has led to the high administrative and processing overheads. In this paper, we present a formal approach to CAAC for dynamically specifying the contextual roles based on the relevant contextual conditions derived from information provided through IoT. We also introduce an ontology-based approach which models the dynamic contextual roles and its associated access control policies. We demonstrate the feasibility of our proposal by providing a walkthrough of the whole mechanism. We also carry out an experimental study on the performance of our approach compared to our previous approach.

[1]  Mark Strembeck,et al.  An integrated approach to engineer and enforce context constraints in RBAC environments , 2004, TSEC.

[2]  Giancarlo Fortino,et al.  Cloud-based Activity-aaService cyber-physical framework for human activity monitoring in mobility , 2017, Future Gener. Comput. Syst..

[3]  Ravi S. Sandhu,et al.  Risk-Aware RBAC Sessions , 2012, ICISS.

[4]  Johan Lilius,et al.  A semantic security framework and context-aware role-based access control ontology for smart spaces , 2016, SBD '16.

[5]  Anand R. Tripathi,et al.  Context-aware role-based access control in pervasive computing systems , 2008, SACMAT '08.

[6]  Piero A. Bonatti,et al.  Event-driven RBAC , 2015, J. Comput. Secur..

[7]  Jun Han,et al.  PO-SAAC: A Purpose-Oriented Situation-Aware Access Control Framework for Software Services , 2014, CAiSE.

[8]  Sylvia L. Osborn,et al.  Current Research and Open Problems in Attribute-Based Access Control , 2017, ACM Comput. Surv..

[9]  Tharam S. Dillon,et al.  Web of Things as a Framework for Ubiquitous Intelligence and Computing , 2009, UIC.

[10]  Elisa Bertino,et al.  X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control , 2005, TSEC.

[11]  James B. D. Joshi,et al.  LoT-RBAC: A Location and Time-Based RBAC Model , 2005, WISE.

[12]  Jun Han,et al.  OntCAAC: An Ontology-Based Approach to Context-Aware Access Control for Software Services , 2015, Comput. J..

[13]  Elisa Bertino,et al.  TRBAC: a temporal role-based access control model , 2000, RBAC '00.

[14]  Young-Gab Kim,et al.  Dynamic Activation of Role on RBAC for Ubiquitous Applications , 2007, International Conference on Communications and Information Technology.

[15]  Tomás Cerný,et al.  On security level usage in context-aware role-based access control , 2016, SAC.

[16]  Claudio Bettini,et al.  OWL 2 modeling and reasoning with complex human activities , 2011, Pervasive Mob. Comput..

[17]  Edward J. Coyne,et al.  ABAC and RBAC: Scalable, Flexible, and Auditable Access Management , 2013, IT Professional.

[18]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[19]  J. Wenny Rahayu,et al.  Context-Aware Access Control with Imprecise Context Characterization Through a Combined Fuzzy Logic and Ontology-Based Approach , 2017, OTM Conferences.

[20]  Jukka Hyönä,et al.  Dynamic binding of identity and location information: A serial model of multiple identity tracking , 2008, Cognitive Psychology.

[21]  Yeping He,et al.  Spatial Context in Role-Based Access Control , 2006, ICISC.

[22]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[23]  J. Wenny Rahayu,et al.  An Ontology-Based Approach to Dynamic Contextual Role for Pervasive Access Control , 2018, 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA).

[24]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[25]  Tharam S. Dillon,et al.  Web‐of‐things framework for cyber–physical systems , 2011, Concurr. Comput. Pract. Exp..

[26]  Xin Jin,et al.  RABAC: Role-Centric Attribute-Based Access Control , 2012, MMM-ACNS.

[27]  Jun Han,et al.  An ontological framework for situation-aware access control of software services , 2015, Inf. Syst..

[28]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[29]  Md. Saiful Islam,et al.  RelBOSS: A Relationship-Aware Access Control Framework for Software Services , 2014, OTM Conferences.