Top

Published in:

2019 | OriginalPaper | Chapter

Towards Indeterminacy-Tolerant Access Control in IoT

Authors : Mohammad Heydari, Alexios Mylonas, Vasileios Katos, Dimitris Gritzalis

Published in: Handbook of Big Data and IoT Security

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The ultimate goal of any access control system is to assign precisely the necessary level of access (i.e., no more and no less) to each subject. Meeting this goal is challenging in an environment that is inherently scalable, heterogeneous and dynamic as the Internet of Things (IoT). This holds true as the volume, velocity and variety of data produced by wireless sensors, RFID tags and other enabling technologies in IoT introduce new challenges for data access. Traditional access control methods that rely on static, pre-defined access policies do not offer flexibility in dealing with the new challenges of the dynamic environment of IoT, which has been extensively studied in the relevant literature. This work, defines and studies the indeterminacy challenge for access control in the context of IoT, which to the best of our knowledge has not been studied in the relevant literature. The current access control models, even those that introduce some form of resiliency into the access decision process, cannot make a correct access decision in unpredicted scenarios, which are typically found in IoT due to its inherent characteristics that amplify indeterminacy. Therefore, this work stresses the need for a scalable, heterogeneous, and dynamic access control model that is able cope with indeterminate data access scenarios. To this end, this work proposes a conceptual framework for indeterminacy-tolerant access control in IoT.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter A Bibliometric Analysis of Authentication and Access Control in IoT Devices

next chapter Private Cloud Storage Forensics: Seafile as a Case Study

At: www.probe-it.eu

C. Perera, A. Zaslavsky, P. Christen, and D. Georgakopoulos, “Context aware computing for the Internet of Things: A survey”, IEEE Communication surveys and tutorials, vol. 16, no. 1, 2014.

Wei Zhou, Yan Jia, Anni Peng, Yuqing Zhang, and Peng Liu, “The Effect of IoT New Features on Security and Privacy: New Threats, Existing Solutions, and Challenges Yet to Be Solved,” IEEE Internet of Things Journal, pp. 1–11, 2018.

Elisa Bertino, Kim-Kwang Raymond Choo, Dimitrios Georgakopolous, Surya Nepal, “Internet of Things (IoT): Smart and Secure Service Delivery,” ACM Transactions on Internet Technology,, vol. 16, no. 4, pp. 22–29, 2016.

Francesco Restuccia, Salvatore D’Oro and Tommaso Melodia, “Securing the Internet of Things in the Age of Machine Learning and Software-defined Networking,” IEEE Internet of Things, vol. 1, no. 1, p. IEEE Early Access Service, 2018.

H. Reza Ghorbani; M. Hossein Ahmadzadegan, “Security challenges in internet of things: survey,” in IEEE Conference on Wireless Sensors (ICWiSe), 2017.

Mario Frustaci; Pasquale Pace; Gianluca Aloi; Giancarlo Fortino, “Evaluating critical security issues of the IoT world: Present and Future challenges,” IEEE Internet of Things Journal, pp. 2327–4662, 2017.

C. Zhang and R. Green, “Communication Security in Internet of Thing: Preventive measure and avoid DDoS attack over IoT network,” in IEEE Symposium on Communications & Networking, 2015.

A. Nordrum, “The Internet of Fewer Things,” IEEE Spectrum, vol. 10, pp. 12–13, 2016.

Yuankun Xue, Ji Li, Shahin Nazarian, and Paul Bogdan, “Fundamental Challenges Toward Making the IoT a Reachable Reality: A Model-Centric Investigation,” ACM Transactions on Design Automation of Electronic Systems, vol. 22, no. 3, 2017.

10.

Raffaele Giaffreda; Luca Capra; Fabio Antonelli, “A pragmatic approach to solving IoT interoperability and security problems in an eHealth context,” in Internet of Things (WF-IoT), 2016 IEEE 3rd World Forum on, 2016.

11.

Yanping Li; Yanjiao Qi; Laifeng Lu, “Secure and Efficient V2V Communications for Heterogeneous Vehicle Ad Hoc Networks,” in International Conference on Networking and Network Applications (NaNA), 2017.

12.

Bo Cheng, Member, IEEE, Ming Wang, Shuai Zhao, Zhongyi Zhai, Da Zhu, and Junliang Chen, “Situation-Aware Dynamic Service Coordination in an IoT Environment,” IEEE/ACM Transactions On Networking, vol. 25, no. 4, pp. 2082–2095, 2017.

13.

Sadegh Dorri, Rasool Jalili, “TIRIAC: A trust-driven risk-aware acces control framework for Grid enviroments,” Future Generation Computer Systems, vol. 55, pp. 238–254, 2016.

14.

Jiawen Kang, Rong Yu, Xumin Huang, Magnus Jonsson, Hanna Bogucka, Stein Gjessing, and Yan Zhang, “Location Privacy Attacks and Defenses in Cloud-Enabled Internet of Vehicles,” IEEE Wireless Communications, pp. 52–59, 2016.

15.

Vilem Novák, Irina Perfilieva, Antonin Dvorak, “What is fuzzy modelling?,” in Insight into Fuzzy Modeling, Wiley, 2016, pp. 3–9.

16.

Dong Xie, Yongrui Qin, Quan Z. Sheng, “Managing Uncertainties in RFID Applications: A Survey,” in 11th IEEE International Conference on e-Business Engineering, 2014.

17.

“Information on RFC 4949,” IETF, 1 1 2018. [Online]. Available: https://www.rfc-editor.org/info/rfc4949. [Accessed 1 1 2018].

18.

William Stallings, “Access Control,” in Computer Security, principles and practice, Pearson, 2017.

19.

D. Gollmann, “Access Control,” in Computer Security, Wiley, 2011.

20.

Aafaf Ouaddah, Hajar Mousannif, Anas Abou Elkalam, Abdellah Ait Ouahman, “Access control in the Internet of Things: Big challenges and new opportunities,” Elsevier Computer Networks, vol. 112, pp. 237–262, 2017.

21.

William Stallings, Lawrie Brown, “Access Control,” in Computer Security: Principles and Practice, 3rd Edition, Pearson, 2015, pp. 113–154.

22.

D. Gollmann, “Chapter 5: Access Control,” in Computer Security, John Wiley & Sons, 2011.

23.

Jin, X., Krishnan, R., & Sandhu, R., “A Unified Attribute-Based Access Control Model Covering DAC, MAC And RBAC,” Springer Lecture Notes in Computer Science: Data and Applications Security and Privacy, vol. 7371, pp. 41–55, 2012.

24.

R.S. Sandhu and P. Samarati, “Access control: Principle and practice,” IEEE Communication Magazine, vol. 32, pp. 40–48, 1994.

25.

Vijayakumar, H., Jakka, G., Rueda, S., Schiffman, J., & Jaeger, T., “Integrity Walls: Finding Attack Surfaces from Mandatory Access Control Policies,” in Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, 2012.

26.

K. J. Biba, “Integrity consideration for secure computer systems. Technical Report,” The MITRE Corporation, Bedford, MA, 1977.

27.

D. Clark, and D. Wilson, “A comparison of commercial and military computer security policy,” in IEEE Symposium on Security and Privacy, 1987.

28.

D. F. C. Brewer and M. J. Nash., “The Chinese Wall security policy.,” in In Proceedings of 1989 IEEE symposium on Security and Privacy, 1989.

29.

D. K. Ferraiolo, D. Kuhn, “Role Based Access Control,” in 15Th International Computer Security Conference, 1992.

30.

V. Suhendra, “A Survey on Access Control Deployment,” in International Conference on Security Technology (FGIT), 2014.

31.

Lagutin, D., Visala, K., Zahemszky, A., Burbridge, T., & Marias, G. F, “Roles and Security in a Publish/Subscribe Network Architecture,” in IEEE Symposium on Computers and Communications (ISCC), 2012.

32.

A. Singh, “Role Based Trust Management Security Policy Analysis,” in International Journal of Engineering Research and Applications (IJERA), 2012.

33.

W.W. Smari, P. Clemente, J.-F. Lalande, “An extended attribute based ac- cess control model with trust and privacy: application to a collabora- tive crisis management system,” Future Generation of Computer System, vol. 31, pp. 147–168, 2014.

34.

Li, J., Chen, X., Li, J., Jia, C., Ma, J., & Lou, W, “Fine-Grained Access Control System Based on Outsourced Attribute-Based Encryption,” Springer Computer Security, vol. 8134, pp. 592–602, 2014.

35.

J.B. Dennis, E.C. Van Horn, “Programming semantics for multiprogrammed computations,” ACM Communication, vol. 3, pp. 143–155, 1966.

36.

A. Lazouski, F. Martinelli, P. Mori, “Usage control in computer security: a survey,” Elsevier Journal of Computer Science, vol. 4, 2010.

37.

X. Zhang, M. Nakae, M.J. Covington, R. Sandhu,, “Toward a usage-based security framework for collaborative computing systems,” ACM Transaction on Information system security, vol. 11, 2008.

38.

A. Kalam, R. Baida, P. Balbiani, S. Benferhat, F. Cuppens, Y. Deswarte, A. Miege, C. Saurel, G. Trouessin, “Organization based access control,” in IEEE 4th International Workshop on Policies for Distributed Systems and Networks, 2003.

39.

Srdjan Marinovic, Robert Craven, Jiefei Ma, “Rumpole: A Flexible Break-glass Access Control Model,” in The ACM Symposium on Access Control Models and Technologies (SACMAT), Austria, 2011.

40.

Syed Zain R. Rizvi Philip W. L. Fong, “Interoperability of Relationship- and Role-Based Access Model,” in Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy, 2016.

41.

Sun Kaiwen Yin Lihua, “Attribute-Role-Based Hybrid Access Control in the Internet of Things,” in Web Technologies and Applications, Springer, 2014.

42.

Sun Kaiwen Yin Lihua, “Attribute-Role-Based Hybrid Access Control in the Internet of Things,” in International Conference on Web Technologies and Applications. APWeb, 2014.

43.

Prosunjit Biswas, Ravi Sandhu, Ram Krishnan, “Attribute Transformation for Attribute-Based Access Control,” in Proceedings of the 2nd ACM International Workshop on Attribute-Based Access Control, 2017.

44.

Bayu Anggorojati; Ramjee Prasad, “Securing communication in inter domains Internet of Things using identity-based cryptography,” in International Workshop on Big Data and Information Security (IWBIS), 2017.

45.

Y. Sakai, “J. M. Keynes on probability versus F. H. Knight on uncertainty: reflections on the miracle year of 1921,” Springer Japan Association for Evolutionary Economics, 2016.

46.

Zhiguo Zeng, Rui Kang, Meilin Wen and Enrico Zio, “A Model-Based Reliability Metric Considering Aleatory and Epistemic Uncertainty,” IEEE Access Journal, vol. 5, 2017.

47.

T. Aven and E. Zio, “Some considerations on the treatment of uncertainties in risk assessment for practical decision making,” Reliability Engineering & System Safety, vol. 96, no. 1, pp. 64–74, 2011.

48.

A. P. Dempster, “Upper and Lower Probabilities Induced by a Multivalued Mapping,” The Annals of Mathematical Statistics, vol. 38, no. 2, pp. 325–339, 1967.

49.

G. Shafer, A mathematical theory of evidence, Princeton University, 1976.

50.

Baudrit, C. and Dubois, D., “Practical representations of incomplete probabilistic knowledge,” Elsevier Journal of Computational Statistics & Data Analysis, vol. 51, no. 1, 2006.

51.

L. B, Uncertainty Theory, Springer, 2017.

52.

Mirza, N. A. S., Abbas, H., Khan, F., & Al Muhtadi, “Anticipating Advanced Persistent Threat (APT) countermeasures using collaborative security mechanisms,” in IEEE International Symposium on Biometrics and Security Technologies (ISBAST), 2014.

53.

S. Savinov, “A Dynamic Risk-Based Access Control Approach: Model and Implementation,” PhD Thesis, University of Waterloo, 2017.

54.

F. Salim, “Approaches to Access Control Under Uncertainty,” PhD Thesis, Queensland University of Technology, 2012.

55.

A. Ferreira, R. Cruz-Correia and L. Antunes, “How to Break Access Control in a Controlled Manner,” in 19th IEEE International Symposium on Computer-Based Medical Systems, 2006.

56.

Htoo Aung Maw, Hannan Xiao, Bruce Christianson, and James A. Malcolm, “BTG-AC: Break-the-Glass Access Control Model for Medical Data in Wireless Sensor Networks,” IEEE Journal Of Biomedical And Health Informatics, , vol. 20, no. 3, pp. 763–774, 2016.

57.

Schefer-Wenzl, S., & Strembeck, M., “Generic Support for RBAC Break-Glass Policies in Process-Aware Information Systems,” in 28Th Annual ACM Symposium on Applied Computing, 2013.

58.

D. Povey, “Optimistic Security: A New Access Control Paradigm,” in ACM workshop on New security paradigms, 1999.

59.

Patrick D. Gallagher, “NISP SP800-30 Guide for Conducting Risk Assesment,” NIST, 2012.

60.

Molloy, I., Dickens, L., Morisset, C., Cheng, P. C., Lobo, J., & Russo, A., “Risk-Based Security Decisions under Uncertainty,” in Proceedings of the Second ACM Conference on Data and Application Security and Privacy, 2012.

61.

Fugini, M., Teimourikia, M., & Hadjichristofi, G., “A web-based cooperative tool for risk management with adaptive security,” Elsevier Journal of Future Generation Computer Systems, 2015.

62.

63.

Hany F. Atlam, Ahmed Alenezi, Robert J. Walters, Gary B. Wills, Joshua Daniel, “Developing an adaptive Risk-based access control model for the Internet of Things,” in IEEE International Conference on Internet of Things (iThings), 2017.

64.

Hemanth Khambhammettu, Sofiene Boulares, Kamel Adi, Luigi Logrippo, “A framework for risk assessment in access control systems,” Elsevier Computers and Security, vol. 39, pp. 86–103, 2013.

65.

Gritzalis D., Giulia Iseppi, Alexios Mylonas and Vasilis Stavrou, “Exiting the Risk Assessment maze: A meta-survey,” ACM Computing Surveys, 2018.

66.

Khalid Zaman Bijon, Ram Krishnan, Ravi Sandhu, “A framework for risk-aware role based access control,” in IEEE Conference on Communications and Network Security (CNS), 2013.

67.

Giuseppe Petracca, Frank Capobianco, Christian Skalka, Trent Jaeger, “On Risk in Access Control Enforcement,” in Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies, Indianapolis, Indiana, USA, 2017.

68.

Divya Muthukumaran, Trent Jaeger, and Vinod Ganapathy, “Leveraging “Choice” to Automate Authorization Hook Placement.,” in ACM Conference on Computer and Communications Security, 2012.

69.

Sooel Son, Kathryn S. McKinley, and Vitaly Shmatikov, “Fix Me Up: Repairinging Access-Control Bugs in Web Applications,” in Proceedings of the 20th Annual Network and Distributed System Security Symposium., 2013.

70.

Salehie, M., Pasquale, L., Omoronyia, I., Ali, R., & Nuseibeh, B., “Requirements-driven adaptive security: Protecting variable assets at runtime,” in 20th IEEE International Conference on Requirements Engineering Conference (RE), 2012.

71.

Zhao, Z., Hu, H., Ahn, G. J., & Wu, R., “Risk-aware mitigation for MANET routing attacks.,” IEEE Transactions on Dependable and Secure Computing, vol. 9, no. 2, pp. 250–260, 2012.

72.

Nick Firoozye, Fauzian Arrif, Managing Uncertainty Mitigation Risk, Springer, 2016.

73.

J. Bancroft, Tolerance of Uncertainty, Author House, 2014.

74.

J. Barnes, The Complete Works of Aristotle: The Revised Oxford Translation, Princeton, 1984.

75.

“Towards Fuzzy Type Theory with Partial Functions,” Springer Journal of Advances in Fuzzy Logic and Technology, 2018.

76.

L.A. Zadeh, “Fuzzy sets,” Information and Control, vol. 8, no. 3, 1965.

77.

Ava Ahadipour, Martin Schanzenbach, “A Survey on Authorization in Distributed Systems: Information Storage, Data Retrieval and Trust Evaluation,” in The 16th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (IEEE TrustCom-17), 2017.

78.

Loubna Mekouar, Youssef Iraqi, Raouf Boutaba, “Reputation-Based Trust Management in Peer-to-Peer Systems: Taxonomy and Anatomy,” in Handbook of Peer-to-Peer Networking, Springer, 2009, pp. 689–732.

79.

“CASTRA: Seamless and Unobtrusive Authentication of Users to Diverse Mobile Services,” IEEE Internet of Things Journal, vol. Early Access, pp. 1–16, 2018.

80.

Guoyuan Lin; Danru Wang; Yuyu Bie; Min Lei, “MTBAC: A mutual trust based access control model in Cloud computing,” IEEE Communication, vol. 11, no. 4, 2014.

81.

Zheng Yan, Xueyun Li, Mingjun Wang and Athanasios V. Vasilakos, “Flexible Data Access Control Based on Trust and Reputation in Cloud Computing,” IEEE TRANSACTIONS ON CLOUD COMPUTING, vol. 5, no. 3, pp. 485–498, 2017.

82.

Lan Zhou, Vijay Varadharajan, and Michael Hitchens, “Trust Enhanced Cryptographic Role-Based Access Control for Secure Cloud Data Storage,” IEEE Transactions On Information Forensics And Security, vol. 10, no. 11, pp. 2381–2395, 2015.

Title: Towards Indeterminacy-Tolerant Access Control in IoT
Authors: Mohammad Heydari
Alexios Mylonas
Vasileios Katos
Dimitris Gritzalis
Publisher: Springer International Publishing
Book: Handbook of Big Data and IoT Security
Print ISBN: 978-3-030-10542-6

Electronic ISBN: 978-3-030-10543-3

Copyright Year: 2019
DOI: https://doi.org/10.1007/978-3-030-10543-3_4

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner