Abstract
The Internet of Things (IoT) is a collection of billions of devices attached to the internet that collect and exchange data using nodes, sensors, and controllers. The world is now continuously shifting from the traditional approaches to the IoT technology in order to meet the demands of modern technological advancements. However, the selection and implementation of right access control method in IoT applications is always challenging. In this context, OAuth is a renowned access control protocol in IoT applications. However, it is difficult to provide access control in IoT application through OAuth due to its implementation complexity. Therefore, there is a strong dire to introduce a model based approach that provide simple access control mechanism in IoT applications while preserving the major OAuth features. This article introduces Unified Modeling Language profile for OAuth (UMLOA) to model the access control requirements for IoT applications. Particularly, UMLOA is capable of modeling confidentiality, integrity, availability, scalability, and interoperability requirements in IoT applications. This provides the basis to transform the UMLOA source models into different target models (e.g. iFogSim etc.) for early verification of access control requirements. The applicability of UMLOA is validated through intelligent shipping container case study.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Mineraud, J., Mazhelis, O., Su, X., Tarkuma, S.: A gap analysis of Internet-of-Things platforms. J. Comput. Commun. 89(C), 5–16 (2016)
Wu, X., Steinfeld, R., Liu, J., Rudolph, C.: An implementation of access-control protocol for IoT home scenario. In: IEEE/ACIS 16th International Conference on Computer and Information Science (ICIS) (2017)
Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50(7), 80–84 (2017)
Minoli, D., Soharby, K., Kouns, J.: IoT Security (IoTSec) considerations, requirements, and architectures. In: IEEE Annual Consumer Communications and Networking Conference (CCNC) (2017)
Kim, Y.-G., Oh, S.-R.: Security requirements analysis for the IoT. In: International Conference on Platform Technology and Service (PlatCon) (2017)
Sciancalepore, S., Piro, G., Caldarola, D., Boggia, G., Bianchi, G.: OAuth-IoT: an access control framework for the IoT based on open standards. In: IEEE Symposium on Computers and Communications (ISCC) (2017)
Pasta, B., Pieres, P.P.: Design and analysis of IoT applications: a model-driven approach. In: 4th International Conference on Dependable, Autonomic and Secure Computing (2016)
Cirani, S., Picone, M., Gonizzi, P., Veltri, L., Ferrari, G.: IoT-OAS: an OAuth-based authorization service architecture for secure services in IoT scenarios. IEEE Sens. J. 15(2), 1224–1234 (2015)
Ouaddah, A., Mousannif, H., Elkalam, A.A.: Access control in the Internet of Things: big challenges and new opportunities. J. Comput. Netw. 122(C), 237–262 (2017)
Jensen, J., Jaatun, M.G.: Security in model driven development: a survey. In: IEEE International Conference on Availability, Reliability and Stability (2014)
Fernandes, E., Rahmati, A., Eykholt, K., Prakash, A.: Internet of Things security research: a rehash of old ideas or new intellectual challenges? IEEE Priv. Secur. 15(4), 79–84 (2017)
Alqasem, I.: Privacy and security requirements for Internet of things (IoT). In: ICSE Companion (2014)
Chernyshev, M., Baig, Z., Bello, O., Zeadally, S.: Internet of Things (IoT): research, simulators, and testbeds. IEEE Internet of Things J. (2017)
Peter, S., Gopal, R.K.: Multi-level authentication system for smart home-security analysis and implementation. In: International Conference on Inventive Computation and Technology (2016)
Koivu, A., et al.: Software security considerations for IoT. In: IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData) (2016)
Stout, W.Ms., Urias, V.E.: Challenges to securing Internet of Things. In: IEEE International Carnahan Conference on Security Technology (ICCST) (2016)
Gabriel, H., Timoteo, R.: Security analysis of a proposed Internet of Things middleware. J. Cluster Comput. 20(1), 651–660 (2017)
Emerson, S., Choi, Y.K., Hwang, D.Y., Kim, K.S., Kim, K.H.: An OAuth based authentication mechanism for IoT networks. In: IEEE International Conference on Information and Communication Technology Convergence (ICTC) (2015)
Yu, T., Sekar, V., Seshan, S., Agarwal, Y., Xu, C.: Handling a trillion (unfixable) flaws on a billion devices: rethinking network security for the Internet-of-Things. In: Proceeding 14th ACM Workshop on Hot Topics in Networks, p. 5 (2015)
Anwar, M.W., Rashid, M., Azam, F., Kashif, M.: Model-based design verification for embedded systems through SVOCL: an OCL extension for SystemVerilog. J. Des. Autom. Embed. Syst. 21(1), 1–36 (2017). https://doi.org/10.1007/s10617-017-9182-z
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Khan, M., Anwar, M.W., Azam, F., Samea, F., Shinwari, M.F. (2018). A Model-Driven Approach for Access Control in Internet of Things (IoT) Applications – An Introduction to UMLOA. In: Damaševičius, R., Vasiljevienė, G. (eds) Information and Software Technologies. ICIST 2018. Communications in Computer and Information Science, vol 920. Springer, Cham. https://doi.org/10.1007/978-3-319-99972-2_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-99972-2_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-99971-5
Online ISBN: 978-3-319-99972-2
eBook Packages: Computer ScienceComputer Science (R0)