IoT Access Control Issues: A Capability Based Approach

Resource and information protection plays a relevant role in distributed systems. Most of the currently proposed authorization frameworks do not provide scalable, manageable, effective, and efficient mechanisms to support distributed systems with many interacting services. The advent of IoT will further increase the need for scalable and manageable solutions able to face the potentially unbound number of sensors, actuators and related resources, services and subjects. This is even more relevant if we take into account that IoT environments can envisage not only a greater number of resources to manage, but also a substantial increase of the interaction dynamics. This paper presents a capability based access control system that enterprises, or even individuals, can use to manage their own access control processes to services and information. The proposed mechanism supports rights delegation and a more sophisticated access control customization. The proposed approach is being developed within the European FP7 IoT@Work project to manage access control for some of the project's services deployed in the shop floor.

[1]  Adam Lackorzynski,et al.  Taming subsystems: capabilities as universal resource access control in L4 , 2009, IIES '09.

[2]  Dennis Gannon,et al.  XPOLA – An Extensible Capability-based Authorization Infrastructure for Grids , 2005 .

[3]  A. Karp,et al.  From ABAC to ZBAC : The Evolution of Access Control Models , 2009 .

[4]  Geoff Skinner Cyber Security Management of Access Controls in Digital Ecosystems and Distributed Environments , 2009 .

[5]  Alan H. Karp,et al.  Access control for the services oriented architecture , 2007, SWS '07.

[6]  X Itu,et al.  Information technology-open systems interconnection-the directory: Public-key and attribute certific , 2000 .

[7]  Philippe Dobbelaere,et al.  Towards Abundant DiY Service Creativity Successfully Leveraging the Internet-of-Things in the City and at Home , 2009 .

[8]  D. Richard Kuhn,et al.  Adding Attributes to Role-Based Access Control , 2010, Computer.

[9]  Alan H. Karp Authorization-Based Access Control for the Services Oriented Architecture , 2006, Fourth International Conference on Creating, Connecting and Collaborating through Computing (C5'06).

[10]  Henry M. Levy,et al.  Capability-Based Computer Systems , 1984 .

[11]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[12]  Mark S. Miller,et al.  Capability Myths Demolished , 2003 .

[13]  Russ Housley,et al.  An Internet Attribute Certificate Profile for Authorization , 2010, RFC.

[14]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[15]  Alan H. Karp,et al.  Solving the Transitive Access Problem for the Services Oriented Architecture , 2010, 2010 International Conference on Availability, Reliability and Security.

[16]  Florian Michahelles,et al.  Architecting the Internet of Things , 2011 .

[17]  Jack B. Dennis,et al.  Programming semantics for multiprogrammed computations , 1966, CACM.

[18]  Norman Hardy,et al.  The Confused Deputy: (or why capabilities might have been invented) , 1988, OPSR.

[19]  Robbert van Renesse,et al.  Using Sparse Capabilities in a Distributed Operating System , 1986, ICDCS.