Managing access control for things: a capability based approach

Traditional and widely used access control mechanisms have been proved to be not able to effectively support the dynamicity and scaling needs of IoT contexts. Furthermore, as more end-users start using smart devices (e.g. smart phones, smart home appliances, etc.) the need to have more understandable and easy to use access control mechanisms increases. In this paper we present a capability based access control system, which is being developed in a EU project harnessing IoT technologies in industrial and automation environments, showing that it can better address IoT needs and can be more easily applied to end users-centric scenarios like smart houses and e-Health.

[1]  A. Karp,et al.  From ABAC to ZBAC : The Evolution of Access Control Models , 2009 .

[2]  Ka-Ping Yee Secure Interaction Design and the Principle of Least Authority , 2003 .

[3]  Norman Hardy,et al.  The Confused Deputy: (or why capabilities might have been invented) , 1988, OPSR.

[4]  Alan H. Karp,et al.  Solving the Transitive Access Problem for the Services Oriented Architecture , 2010, 2010 International Conference on Availability, Reliability and Security.

[5]  Adam Lackorzynski,et al.  Taming subsystems: capabilities as universal resource access control in L4 , 2009, IIES '09.

[6]  Geoff Skinner Cyber Security Management of Access Controls in Digital Ecosystems and Distributed Environments , 2009 .

[7]  Dennis Gannon,et al.  XPOLA – An Extensible Capability-based Authorization Infrastructure for Grids , 2005 .

[8]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[9]  Alan H. Karp,et al.  Access control for the services oriented architecture , 2007, SWS '07.

[10]  Philippe Dobbelaere,et al.  Towards Abundant DiY Service Creativity Successfully Leveraging the Internet-of-Things in the City and at Home , 2009 .

[11]  Mark S. Miller,et al.  Capability Myths Demolished , 2003 .

[12]  Mathieu Boussard,et al.  The Web of things vision: Things as a service and interaction patterns , 2011, Bell Labs Technical Journal.

[13]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[14]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[15]  Jorge Lobo,et al.  Usability meets access control: challenges and research opportunities , 2009, SACMAT '09.

[16]  Alan H. Karp Authorization-Based Access Control for the Services Oriented Architecture , 2006, Fourth International Conference on Creating, Connecting and Collaborating through Computing (C5'06).

[17]  Robbert van Renesse,et al.  Using Sparse Capabilities in a Distributed Operating System , 1986, ICDCS.

[18]  Dalit Naor,et al.  Capability based Secure Access Control to Networked Storage Devices , 2007, 24th IEEE Conference on Mass Storage Systems and Technologies (MSST 2007).

[19]  Florian Michahelles,et al.  Architecting the Internet of Things , 2011 .

[20]  Russ Housley,et al.  An Internet Attribute Certificate Profile for Authorization , 2010, RFC.

[21]  Jack B. Dennis,et al.  Programming semantics for multiprogrammed computations , 1966, CACM.

[22]  David W. Chadwick,et al.  Federated Identity Management , 2009, FOSAD.

[23]  Henry M. Levy,et al.  Capability-Based Computer Systems , 1984 .

[24]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[25]  Lujo Bauer,et al.  Access Control for Home Data Sharing: Attitudes, Needs and Practices , 2010, CHI.

[26]  Virpi Roto,et al.  Usable Access Control inside Home Networks , 2007, 2007 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks.

[27]  Marco Aurélio Gerosa,et al.  Service-oriented middleware for the Future Internet: state of the art and research directions , 2011, Journal of Internet Services and Applications.

[28]  X Itu,et al.  Information technology-open systems interconnection-the directory: Public-key and attribute certific , 2000 .

[29]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[30]  Simon S. Y. Shim,et al.  Federated Identity Management , 2005, Computer.

[31]  Pankaj Mehra Context-Aware Computing: Beyond Search and Location-Based Services , 2012, IEEE Internet Comput..