Deploying Access Control Enforcement for IoT in the Cloud-Edge Continuum with the help of the CAP Theorem

The CAP Theorem is used by distributed system practitioners to investigate the necessary trade-offs in the design and development of distributed systems, mainly databases and web applications. In this paper, we use it to reason about access control systems designed for the Internet of Things (IoT). We validate our approach by experimentally investigating alternative architectural designs to enforce access control in a smart lock system using the cloud-edge IoT platform offered by Amazon Web Services. We discuss the trade-off between security and performance that may help IoT designers choose the most suitable architecture supporting their requirements.

[1]  Martin Kleppmann,et al.  A Critique of the CAP Theorem , 2015, ArXiv.

[2]  Tahir Ahmad,et al.  A Lazy Approach to Access Control as a Service (ACaaS) for IoT: An AWS Case Study , 2018, SACMAT.

[3]  Yunpeng Zhang,et al.  Access Control in Internet of Things: A Survey , 2016, ArXiv.

[4]  Eric Bauer,et al.  Service Quality of Cloud-Based Applications , 2013 .

[5]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[6]  Ravi S. Sandhu,et al.  Access Control Model for AWS Internet of Things , 2017, NSS.

[7]  Dawn Song,et al.  Smart Locks: Lessons for Securing Commodity Internet of Things Devices , 2016, AsiaCCS.

[8]  Amin Vahdat,et al.  Building replicated Internet services using TACT: a toolkit for tunable availability and consistency tradeoffs , 2000, Proceedings Second International Workshop on Advanced Issues of E-Commerce and Web-Based Information Systems. WECWIS 2000.

[9]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[10]  Silvio Ranise,et al.  MQTTSA: A Tool for Automatically Assisting the Secure Deployments of MQTT Brokers , 2019, 2019 IEEE World Congress on Services (SERVICES).

[11]  E. Brewer,et al.  CAP twelve years later: How the "rules" have changed , 2012, Computer.

[12]  Tahir Ahmad,et al.  Validating Requirements of Access Control for Cloud-Edge IoT Solutions (Short Paper) , 2018, FPS.

[13]  Nancy A. Lynch,et al.  Perspectives on the CAP Theorem , 2012, Computer.