Managing access control for things: a capability based approach

@inproceedings{Rotondi2012ManagingAC,
  title={Managing access control for things: a capability based approach},
  author={Domenico Rotondi and Salvatore Piccione},
  booktitle={BODYNETS},
  year={2012}
}
Traditional and widely used access control mechanisms have been proved to be not able to effectively support the dynamicity and scaling needs of IoT contexts. Furthermore, as more end-users start using smart devices (e.g. smart phones, smart home appliances, etc.) the need to have more understandable and easy to use access control mechanisms increases. In this paper we present a capability based access control system, which is being developed in a EU project harnessing IoT technologies in… 

Figures from this paper

Extending access control in AWS IoT through event-driven functions: an experimental evaluation using a smart lock system

TLDR
A thorough experimental evaluation of cloud- and edge-based access control mechanisms for smart home applications, identifying possible deployment models within the IoT platforms offered by Amazon Web Services and Greengrass and empirically evaluating them using a smart lock system.

Study on access control approaches in the context of Internet of Things: A survey

TLDR
This survey paper demonstrates a number of attacks that threaten information in the context of internet of things as well as some of the access control approaches that try to improve security, authentication, and trust between internet ofThings devices and any internet host.

Securing critical infrastructure in smart cities: Providing scalable access control for constrained devices

  • Marian BuschsiewekeM. Günes
  • Computer Science
    2017 IEEE 28th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC)
  • 2017
TLDR
This paper proposes an efficient format for capability tokens that is used fully stateless and decentralized and shows, that the impact of using the CBAC implementation on response time is negligible and only increases the required CPU time by less than factor two.

Trustworthy framework for cloud of things

TLDR
A novel framework is proposed in this paper which supports trust between the devices interconnected to the cloud and accounts for their nature and complexity.

Security Requirements Analysis for the IoT

  • Se-Ra OhYoung-Gab Kim
  • Computer Science
    2017 International Conference on Platform Technology and Service (PlatCon)
  • 2017
TLDR
This paper proposes basic security requirements of IoT by analyzing three basic characteristics and suggests six key elements of IoT (i.e., IoT network, cloud, user, attacker, service, platform) and analyze their security issues for overall security requirements.

ForeSight - An AI-driven Smart Living Platform, Approach to Add Access Control to openHAB

TLDR
OpenHAB, a smart home middleware, is extended to fulfill platform requirements related to a successful interaction with the IoT module of ForeSight, more precisely, to add identity and access management (IAM) to openHAB and comply with European privacy laws.

A survey on Blockchain based access control for Internet of Things

TLDR
A comprehensive review of the existing access control models based on Blockchain is presented and discussed with comparison and analysis.

Resource-conscious network security for the IP-based internet of things

TLDR
This thesis considers the IoT security protocol adaptations DTLS, HIP DEX, and Minimal IKEv2 that are currently proposed for standardization at the IETF and presents three complementary protocol extensions that account for these computation overheads in the overall protocol design.

Authentication for the web of things: Secure end-to-end authentication between CoAP and HTTP

  • Marian BuschsiewekeM. Günes
  • Computer Science
    2017 IEEE 28th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC)
  • 2017
TLDR
This proposal provides out of the box access to CoAP resources with secure end-to-end authentication from HTTP clients by deploying an appropriate crossprotocol proxy through adoption of the widely supported HTTP Digest Access Authentication.

References

SHOWING 1-10 OF 36 REFERENCES

Access control for the services oriented architecture

TLDR
This paper demonstrates the benefits of FAccM over FIdM for SOA deployments and shows howFAccM can be implemented using the existing web services standards.

Authorization-Based Access Control for the Services Oriented Architecture

  • A. Karp
  • Computer Science
    Fourth International Conference on Creating, Connecting and Collaborating through Computing (C5'06)
  • 2006
TLDR
It is shown that identity-based access control is a key contributor to failures of services oriented architecture and another way to approach the problem is proposed.

Cyber Security Management of Access Controls in Digital Ecosystems and Distributed Environments

TLDR
This paper proposes a distributed mechanism for individual enterprises to manage their own authorization processes and information access permissions with the aim of providing rigorous protection of enterprise resources.

XPOLA – An Extensible Capability-based Authorization Infrastructure for Grids

TLDR
A capability-based infrastructure that provides a fine-grained authorization solution to Web service deployments, and also manages to hide complex security issues from regular Grid users is proposed.

Architecting the Internet of Things

TLDR
This book provides a research perspective on current and future developments in the Internet of Things from system design aspects and core architectural approaches to end-user participation, business perspectives and applications.

Usable Access Control inside Home Networks

TLDR
This paper proposes an approach that allows fine-grained access control without overburdening users with difficult questions or complicated configuration tasks in the WiFi Protected Setup standard.

Taming subsystems: capabilities as universal resource access control in L4

TLDR
This paper presents a capability-based software architecture, featuring enforceable security policies, that aims to support current and future requirements of embedded computing systems, such as running versatile third-party applications on general purpose and open operating systems side by side with security sensitive programs.

Capability based Secure Access Control to Networked Storage Devices

TLDR
This paper presents the approach which leverages the OSD (Object-based Storage Device) security model to provide a logical, cryptographically secured, in-band access control for today's existing devices, and shows how this model can easily be integrated into existing systems.

Solving the Transitive Access Problem for the Services Oriented Architecture

  • A. KarpJun Li
  • Computer Science
    2010 International Conference on Availability, Reliability and Security
  • 2010
TLDR
It is shown that this service composition suffers from the transitive access problem, which arises from a poor choice of access control mechanism, one that uses subject authentication to make access decisions, and that the problem does not occur if the authors use delegatable authorizations.

Proposed NIST standard for role-based access control

TLDR
Although RBAC continues to evolve as users, researchers, and vendors gain experience with its application, the features and components proposed in this standard represent a fundamental and stable set of mechanisms that may be enhanced by developers in further meeting the needs of their customers.