Authorization Architecture for SWoT

Social Web of Things (SWoT) is a user centric framework which facilitates interaction between software agents deployed on smart things and in the cloud. Software agents deployed on smart things are remotely accessible, host sensitive resources, and often represent high value targets. SWoT currently does not feature adequate security mechanisms which could protect software agents from unauthorized access. In this thesis, we aim to rectify this deficiency by introducing platform independent, exible, and user centric authorization mechanism inSWoT.We derive requirements and design of abstract authorization architecture from the preceding seminal work performed in SENSEI project. SENSEI and SWoT share same problem domain, but while SENSEI addresses enterprise use cases SWoT focusses on consumer use cases. This single but fundamental difference motivates adaptations of SENSEI contributions for application in SWoT. To realize concrete authorization architecture we perform extensive study of various authorization solutions. Results of our study indicate that novel User Managed Access (UMA) protocol represents promising solution for SWoT.We present the Authorization as a Service solution for SWoT framework, based on UMA protocol. This solution enables users to manage and control communication between software agents deployed on smart things and in the cloud from single centralized location. It also features runtime association of software agents, management, evaluation, and enforcement of access permissions for resources provided by software agents.

[1]  Dave Evans,et al.  How the Next Evolution of the Internet Is Changing Everything , 2011 .

[2]  Eve Maler,et al.  User-managed access to web resources , 2010, DIM '10.

[3]  Antonio Pintus,et al.  The anatomy of a large scale social web for internet enabled objects , 2011, WoT '11.

[4]  Jeff Hodges,et al.  Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2. 0 , 2001 .

[5]  John Hughes,et al.  Security Assertion Markup Language (SAML) 2.0 Technical Overview , 2004 .

[6]  Jaron Lanier,et al.  Who Owns the Future , 2013 .

[7]  Rolf H. Weber,et al.  Accountability in the Internet of Things , 2011, Comput. Law Secur. Rev..

[8]  Maurizio Tomasella,et al.  Vision and Challenges for Realising the Internet of Things , 2010 .

[9]  Alexander Galloway,et al.  Protocol, or, How Control Exists after Decentralization , 2001 .

[10]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[11]  Ed Dawson,et al.  On a Taxonomy of Delegation , 2009, SEC.

[12]  Dominique Guinard,et al.  A Web of things application architecture , 2011 .

[13]  Roy H. Campbell,et al.  Towards Security and Privacy for Pervasive Computing , 2002, ISSS.

[14]  Giovanni Denaro,et al.  Early performance testing of distributed software applications , 2004, WOSP '04.

[15]  Roy H. Campbell,et al.  Cerberus: a context-aware security scheme for smart spaces , 2003, Proceedings of the First IEEE International Conference on Pervasive Computing and Communications, 2003. (PerCom 2003)..

[16]  Peter Mularien Spring Security 3 , 2010 .

[17]  Rolf H. Weber,et al.  Internet of Things - New security and privacy challenges , 2010, Comput. Law Secur. Rev..

[18]  More than 50 billion connected devices , 2011 .

[19]  Dick Hardt,et al.  The OAuth 2.0 Authorization Framework , 2012, RFC.

[20]  John Domingue,et al.  Investigating Web APIs on the World Wide Web , 2010, 2010 Eighth IEEE European Conference on Web Services.

[21]  Kay Römer,et al.  WebPlug: A framework for the Web of Things , 2010, 2010 8th IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops).

[22]  Leon Gommans,et al.  AAA Authorization Framework , 2000, RFC.

[23]  Mustaque Ahamad,et al.  A context-aware security architecture for emerging applications , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[24]  Thomas Hardjono,et al.  Binding Obligations on User-Managed Access (UMA) Participants , 2015 .

[25]  Aad P. A. van Moorsel,et al.  Design and implementation of user-managed access framework for web 2.0 applications , 2010, MW4SOC '10.

[26]  Rolf H. Weber,et al.  Internet of things - Need for a new legal environment? , 2009, Comput. Law Secur. Rev..

[27]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[28]  Helmut G. Stiegler A structure for access control lists , 1979, Softw. Pract. Exp..

[29]  Behcet Sarikaya,et al.  Security Bootstrapping Solution for Resource-Constrained Devices , 2012 .

[30]  Roy H. Campbell,et al.  Security Architecture in Gaia , 2001 .

[31]  Daniel Mossé,et al.  Seamless Integration of Heterogeneous Devices and Access Control in Smart Homes , 2012, 2012 Eighth International Conference on Intelligent Environments.

[32]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[33]  Benedict G. E. Wiedemann Protection? , 1998, Science.

[34]  Eran Hammer-Lahav,et al.  The OAuth 1.0 Protocol , 2010, RFC.

[35]  Eric Rescorla,et al.  HTTP Over TLS , 2000, RFC.

[36]  李幼升,et al.  Ph , 1989 .

[37]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[38]  Phil Hunt,et al.  OAuth 2.0 Threat Model and Security Considerations , 2013, RFC.

[39]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[40]  Elgar Fleisch,et al.  WHAT IS THE INTERNET OF THINGS? AN ECONOMIC PERSPECTIVE , 2010 .

[41]  Simon Mayer,et al.  Moving Application Logic from the Firmware to the Cloud: Towards the Thin Server Architecture for the Internet of Things , 2012, 2012 Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[42]  Michael B. Jones,et al.  OAuth 2.0 Dynamic Client Registration Protocol , 2015, RFC.

[43]  Oscar Garcia-Morchon,et al.  Security Considerations in the IP-based Internet of Things , 2013 .

[44]  Messaoud Benantar,et al.  Access Control Systems: Security, Identity Management and Trust Models , 2005 .

[45]  Vlad Trifa,et al.  Sharing using social networks in a composable Web of Things , 2010, 2010 8th IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops).

[46]  D. Guinard A Web of Things Application Architecture Integrating the Real-World into the Web , 2011 .

[47]  Vlad Mihai Trifa,et al.  Building Blocks for a Participatory Web of Things: Devices, Infrastructures, and Programming Frameworks , 2011 .

[48]  Markus Eurich,et al.  The SENSEI project: integrating the physical world with the digital world of the network of the future , 2009 .

[49]  Vlad Trifa,et al.  Towards the Web of Things: Web Mashups for Embedded Devices , 2009 .

[50]  Michael Friedewald,et al.  Safeguards in a world of ambient intelligence , 2008 .

[51]  Artemis Moroni,et al.  Vision and Challenges for Realising the Internet of Things , 2010 .