Abstract
This work presents a distributed Usage Control framework designed to ensure high flexibility, performance and fault tolerance in security and safety policy enforcement. The framework has been designed for distributed Peer-to-Peer (P2P) systems, without a root of trust, being thus suitable for Industrial Internet of Things (IIoT) settings. The proposed framework benefits from the presence of a set of Usage Control Systems, logically interconnected through a DHT which enables shared and replicated memory, distributed evaluation and distributed attribute retrieval. Furthermore, being based on the Usage Control paradigm, it is able to enforce policies with mutable attributes, revoking ongoing sessions when policies are not matched anymore with the current request context. The presented framework is validated through performance experiments performed in both an emulated and real settings.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Balakrishnan H, Kaashoek MF, Karger D, Morris R, Stoica I (2003) Looking up data in P2P systems. Commun ACM 46(2):43–48. https://doi.org/10.1145/606272.606299
Carniani E, D’Arenzo D, Lazouski A, Martinelli F, Mori P (2016) Usage control on cloud systems. Futur Gener Comput Syst 63:37–55. https://doi.org/10.1016/j.future.2016.04.010
Cerf VG (2015) Access control and the Internet of Things. IEEE Internet Comput 19(5):96–c3
Chakeres ID, Belding-Royer EM (2004) AODV routing protocol implementation design. In: 24th International Conference on Distributed Computing Systems Workshops, Mar 2004. Proceedings, pp 698–703
Colombo M, Lazouski A, Martinelli F, Mori P (2009) A proposal on enhancing XACML with continuous usage control features. In: Grids, P2P and Services Computing [Proceedings of the CoreGRID ERCIM Working Group Workshop on Grids, P2P and Service Computing, 24 Aug 2009, Delft], pp 133–146
Das PK, Narayanan S, Sharma NK, Joshi A, Joshi K, Finin T (2016) Context-sensitive policy based security in Internet of Things. In: 2016 IEEE International Conference on Smart Computing (SMARTCOMP), pp 1–6
Faiella M, Martinelli F, Mori P, Saracino A, Sheikhalishahi M (2016) Collaborative attribute retrieval in environment with faulty attribute managers. In: 11th International Conference on Availability, Reliability and Security, ARES 2016, Salzburg, 31 Aug – 2 Sept 2016, pp 296–303. https://doi.org/10.1109/ARES.2016.51
Farwell JP, Rohozinski R (2011) Stuxnet and the future of cyber war. Survival 53(1):23–40. https://doi.org/10.1080/00396338.2011.555586
Featherston D (2010) Cassandra: principles and application. Department of Computer Science University of Illinois at Urbana-Champaign
Kelbert F, Pretschner A (2015) A fully decentralized data usage control enforcement infrastructure. In: 13th International Conference on Applied Cryptography and Network Security, ACNS 2015, New York, 2–5 June 2015, Revised Selected Papers, pp 409–430
Lazouski A, Martinelli F, Mori P, Saracino A (2016) Stateful data usage control for android mobile devices. Int J Inf Secur 16(4):345–369
Marra AL, Martinelli F, Mori P, Saracino A (2017) Implementing usage control in Internet of Things: a smart home use case. In: 2017 IEEE Trustcom/BigDataSE/ICESS, Sydney, 1–4 Aug 2017, pp 1056–1063. https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.352
Miller B, Rowe D (2012) A survey SCADA of and critical infrastructure incidents. In: Proceedings of the 1st Annual Conference on Research in Information Technology, pp 51–56. RIIT’12, ACM, New York. https://doi.org/10.1145/2380790.2380805
Mordeno A, Russell B (2017) Identity and access management in the Internet of things – summary guidance. https://cloudsecurityalliance.org/download/identity-and-access-management-for-the-iot/
OASIS: eXtensible Access Control Markup Language (XACML) version 3.0 (January 2013)
Park J, Sandhu R (2004) The UCON ABC usage control model. ACM Trans Inf Syst Secur 7(1):128–174
Park J, Zhang X, Sandhu R (2004) Attribute mutability in usage control. In: Research Directions in Data and Applications Security XVIII, IFIP TC11/WG 11.3 Eighteenth Annual Conference on Data and Applications Security, pp 15–29
Pretschner A, Hilty M, Basin D (2006) Distributed usage control. Commun ACM 49(9):39–44
Roman R, Zhou J, Lopez J (2013) On the features and challenges of security and privacy in distributed Internet of Things. Comput Netw 57(10):2266–2279. http://www.sciencedirect.com/science/article/pii/S1389128613000054, towards a Science of Cyber SecuritySecurity and Identity Architecture for the Future Internet
Sitenkov D, Seitz SL, Raza S, Selander G (2014) Access control in the Internet of Things. Master’s thesis
Zhang X, Parisi-Presicce F, Sandhu R, Park J (2005) Formal model and policy specification of usage control. ACM Trans Inf Syst Secur 8(4):351–387
Acknowledgements
This work has been partially funded by EU Funded projects H2020 C3ISP, GA #700294, H2020 NeCS, GA #675320 and EIT Digital Trusted Cloud and IoT.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Marra, A.L., Martinelli, F., Mori, P., Saracino, A. (2019). A Distributed Usage Control Framework for Industrial Internet of Things. In: Alcaraz, C. (eds) Security and Privacy Trends in the Industrial Internet of Things. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-12330-7_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-12330-7_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12329-1
Online ISBN: 978-3-030-12330-7
eBook Packages: Computer ScienceComputer Science (R0)