论文信息 - Adaptive Risk-Aware Access Control Model for Internet of Things

Adaptive Risk-Aware Access Control Model for Internet of Things

IoT technology allows people to connect to and control devices remotely anywhere and anytime. However, serious concerns are raised over access control of sensitive IoT devices (e.g. portable health device) and personal information pertaining to them. The static access control model used in conventional system, which does not take into account the profile and behaviour of the agent requesting access to the system to determine the risk associated with the request, does not fit well to be used in some scenarios of some IoT application domains (e.g. smart healthcare). In this paper, we propose an adaptive risk-aware access control and the integration of this concept into the existing access control models, such as attribute-based and privacy-aware role-based access control. The proposed model is designed to address both security and privacy concerns for data sharing in IoT system. A prototype of the access control system implemented in XACML based on the proposed model is also presented in this paper.

Jean-Noel Colin | Annanda Thavymony Rath

[1] Ramjee Prasad,et al. Proposed Security Model and Threat Taxonomy for the Internet of Things (IoT) , 2010, CNSA.

[2] Sanggon Lee,et al. Security Analysis and Improvements of Authentication and Access Control in the Internet of Things , 2014, Sensors.

[3] Dhiren Patel,et al. A Survey on Internet of Things: Security and Privacy Issues , 2014 .

[4] Gary B. Wills,et al. An Overview of Risk Estimation Techniques in Risk-based Access Control for the Internet of Things , 2017, IoTBDS.

[5] Ricardo Neisse,et al. A Model-Based Security Toolkit for the Internet of Things , 2014, 2014 Ninth International Conference on Availability, Reliability and Security.

[6] Ravi S. Sandhu,et al. A framework for risk-aware role based access control , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[7] Hamid Mcheick,et al. Toward an Access Control Model for IOTCollab , 2015, ANT/SEIT.

[8] Jorge Lobo,et al. Privacy-aware role-based access control , 2010 .

[9] Das Amrita,et al. Mining Association Rules between Sets of Items in Large Databases , 2013 .

[10] Blase Ur,et al. The Current State of Access Control for Smart Devices in Homes , 2013 .

[11] Jorge Lobo,et al. Privacy-Aware Role-Based Access Control , 2007, IEEE Security & Privacy.