Automatic Device Selection and Access Policy Generation Based on User Preference for IoT Activity Workflow

The emerging Internet of Things (IoT) leads to a dramatic increase in type, quantity, and the number of functions that it can perform in a smart environment. Future smart environments will be even more abundant in terms of the number of devices and functionality that they can provide. This poses two main challenges for end users when automating their activities; a) they have to search through a vast number of IoT devices to identify the suitable devices that satisfy their preferences; and b) it is extremely difficult for users to define fine-grained security policies to support activities workflows. This paper introduces a new intelligent approach to overcome these challenges by a) enabling users to describe their required functionalities in the form of activity workflow; b) automatically selecting a group of devices to satisfy users functional requirements and maximise their preferences over device usage; c) systematically generating local network access control policies to ensure enforce the principle of least privilege. We study different heuristic search algorithms to find the preferred devices for a given workflow. Experiments results show that the Genetic Algorithm is the best, among the algorithms that we test, as it offers a balance between efficiency and effectiveness.

[1]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[2]  Cheng Cheng,et al.  Access Control Method for Web of Things Based on Role and SNS , 2012, 2012 IEEE 12th International Conference on Computer and Information Technology.

[3]  Roksana Boreli,et al.  Smart-Phones Attacking Smart-Homes , 2016, WISEC.

[4]  Robert Brzoza-Woch,et al.  Flow-Based Programming for IoT Leveraging Fog Computing , 2017, 2017 IEEE 26th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE).

[5]  Mumbai,et al.  Internet of Things (IoT): A Literature Review , 2015 .

[6]  Guoping Zhang,et al.  The Research of Access Control Based on UCON in the Internet of Things , 2011, J. Softw..

[7]  Diane J. Cook,et al.  Keeping the Resident in the Loop: Adapting the Smart Home to the User , 2009, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[8]  Sarit Kraus,et al.  A Study of WhatsApp Usage Patterns and Prediction Models without Message Content , 2018, ArXiv.

[9]  Guoping Zhang,et al.  An extended role based access control model for the Internet of Things , 2010, 2010 International Conference on Information, Networking and Automation (ICINA).

[10]  Vijay Sivaraman,et al.  Combining MUD Policies with SDN for IoT Intrusion Detection , 2018, IoT S&P@SIGCOMM.

[11]  Kouichi Sakurai,et al.  Lightweight Classification of IoT Malware Based on Image Recognition , 2018, 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC).

[12]  Gabriella Pigozzi,et al.  Preferences in artificial intelligence , 2016, Annals of Mathematics and Artificial Intelligence.

[13]  Ítalo S. Cunha,et al.  AoT: Authentication and Access Control for the Entire IoT Device Life-Cycle , 2016, SenSys.

[14]  Ru-chuan Wang,et al.  An efficient authentication and access control scheme for perception layer of Internet of Things , 2014 .

[15]  Diane J. Cook,et al.  Using Bayesian Networks for Daily Activity Prediction , 2013, AAAI Workshop: Plan, Activity, and Intent Recognition.

[16]  Hajar Mousannif,et al.  Access control in the Internet of Things: Big challenges and new opportunities , 2017, Comput. Networks.

[17]  Marco Furini,et al.  IoT: Science Fiction or Real Revolution? , 2016, GOODTECHS.

[18]  Winston Khoon Guan Seah,et al.  Network-wide virtual firewall using SDN/OpenFlow , 2016, 2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN).

[19]  Victor C. M. Leung,et al.  Developing IoT applications in the Fog: A Distributed Dataflow approach , 2015, 2015 5th International Conference on the Internet of Things (IOT).

[20]  Vijay Sivaraman,et al.  Systematically Evaluating Security and Privacy for Consumer IoT Devices , 2017, IoT S&P@CCS.

[21]  Robin Sommer,et al.  Providing Dynamic Control to Passive Network Security Monitoring , 2015, RAID.

[22]  Matthew Roughan,et al.  Clear as MUD: Generating, Validating and Applying IoT Behavioral Profiles , 2018, IoT S&P@SIGCOMM.

[23]  Mohamed Amine Ferrag,et al.  Authentication Protocols for Internet of Things: A Comprehensive Survey , 2016, Secur. Commun. Networks.

[24]  J. Paul Morrison,et al.  Flow-Based Programming, 2nd Edition: A New Approach to Application Development , 2010 .

[25]  Adel Mahfoudhi,et al.  Bayesian networks for user modeling: Predicting the user's preferences , 2013, 13th International Conference on Hybrid Intelligent Systems (HIS 2013).

[26]  Hongxin Hu,et al.  On the Safety of IoT Device Physical Interaction Control , 2018, CCS.

[27]  Alan Liu,et al.  A Bayesian network based method for activity prediction in a smart home system , 2016, 2016 IEEE International Conference on Systems, Man, and Cybernetics (SMC).

[28]  Srinivasan Seshan,et al.  Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the Internet-of-Things , 2015, HotNets.

[29]  Pedro M. Domingos,et al.  Learning Bayesian network classifiers by maximizing conditional likelihood , 2004, ICML.

[30]  Ralph E. Droms,et al.  Manufacturer Usage Description Specification , 2019, RFC.

[31]  Ian Welch,et al.  Towards Secure Smart Home IoT: Manufacturer and User Network Access Control Framework , 2018, 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA).

[32]  Bin Xu,et al.  Vigilia: Securing Smart Home Edge Computing , 2018, 2018 IEEE/ACM Symposium on Edge Computing (SEC).

[33]  Michael Blackstock,et al.  FRED: A Hosted Data Flow Platform for the IoT , 2016, MOTA@Middleware.

[34]  Qiang Shen,et al.  Learning Bayesian networks: approaches and issues , 2011, The Knowledge Engineering Review.

[35]  Anandha Gopalan,et al.  Home Network Management Policies: Putting the User in the Loop , 2012, 2012 IEEE International Symposium on Policies for Distributed Systems and Networks.

[36]  Zhao Li,et al.  SIFT: building an internet of safe things , 2015, IPSN.

[37]  Ragib Hasan,et al.  Towards an Analysis of Security Issues, Challenges, and Open Problems in the Internet of Things , 2015, 2015 IEEE World Congress on Services.

[38]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.