ABSTRACT
More and more current industrial control systems (e.g, smart grids, oil and gas systems, connected cars and trucks) have the capability to collect and transmit users' data in order to provide services that are tailored to the specific needs of the customers. Such smart industrial control systems fall into the category of Internet of Things (IoT). However, in many cases, the data transmitted by such IoT devices includes sensitive information and users are faced with an all-or-nothing choice: either they adopt the proposed services and release their private data, or refrain from using services which could be beneficial but pose significant privacy risks. Unfortunately, encryption alone does not solve the problem, though techniques to counter these privacy risks are emerging (e.g., by using applications that alter, merge or bundle data to ensure they cannot be linked to a particular user). In this paper, we propose a general framework, whereby users can not only specify how their data is managed, but also restrict data collection from their connected devices. More precisely, we propose to use data collection policies to govern the transmission of data from IoT devices, coupled with policies to ensure that once the data has been transmitted, it is stored and shared in a secure way. To achieve this goal, we have designed a framework for secure data collection, storage and management, with logical foundations that enable verification of policy properties.
- F. Baader and T. Nipkow. Term rewriting and all that. Cambridge University Press, Great Britain, 1998. Google ScholarCross Ref
- S. Barker. The next 700 access control models or a unifying meta-model? In SACMAT 2009, 14th ACM Symposium on Access Control Models and Technologies, Stresa, Italy, June 3-5, 2009, Proceedings, pages 187--196. ACM Press, 2009. Google ScholarDigital Library
- S. Barker and M. Fernández. Term rewriting for access control. In Proc. of IFIP WG 11.3, DBSec'2006, France, volume 4127 of Lecture Notes in Computer Science. Springer-Verlag, 2006. Google ScholarDigital Library
- S. Barker and P. Stuckey. Flexible access control policy specification with constraint logic programming. ACM Trans. on Information and System Security, 6(4):501--546, 2003. Google ScholarDigital Library
- G. Barthe, G. Dufay, M. Huisman, and S. Melo de Sousa. Jakarta: a toolset to reason about the JavaCard platform. In Proc. of e-SMART'01, volume 2140 of Lecture Notes in Computer Science. Springer-Verlag, 2002.Google ScholarDigital Library
- E. Bertino, B. Catania, E. Ferrari, and P. Perlasca. A logical framework for reasoning about access control models. In Proc. of SACMAT '01, pages 41--52. ACM, 2001. Google ScholarDigital Library
- C. Bertolissi, M. Fernández, and S. Barker. Dynamic event-based access control as term rewriting. In Proc. of IFIP WG 11.3, DBSEC'07, CA, USA, volume 4602 of Lecture Notes in Computer Science. Springer-Verlag, 2007. Google ScholarCross Ref
- C. Bertolissi and M. Fernández. A rewriting framework for the composition of access control policies. In Proceedings of the 10th ACM-SIGPLAN Symposium on Principles and Practice of Declarative Programming (PPDP'08), Valencia, 2008. ACM Press, 2008. Google ScholarDigital Library
- C. Bertolissi and M. Fernández. Category-Based Authorisation Models: Operational Semantics and Expressive Power. In Proceedings of ESSoS 2010, Engineering Secure Software and Systems, Second International Symposium, Pisa, 2010. Lecture Notes in Computer Science 5965, pages 140--156, Springer, 2010.Google ScholarDigital Library
- C. Bertolissi and M. Fernández. A Meta-model of Access Control for Distributed Environments: Applications and Properties. Information and Computation, volume 238, pp. 187--207. Special Issue on Security and Rewriting Techniques, 2014. Elsevier 2014.Google ScholarDigital Library
- P. Bonatti, S. De Capitani di Vimercati, and P. Samarati. An algebra for composing access control policies. ACM Trans. on Information and System Security, 5(1):1--35, February 2002. Google ScholarDigital Library
- M. Clavel, F. Durán, S. Eker, P. Lincoln, N. Martí-Oliet, J. Meseguer, and C. Talcott. The Maude 2.0 system. In Proc. of RTA'03, number 2706 in Lecture Notes in Computer Science, pages 76--87. Springer-Verlag, 2003.Google ScholarDigital Library
- Contejean, Courtieu, Forest, Pons and Urbain. Automated Certified Proofs with CiME 3. In M. Schmidt-Schauss, ed., 22nd International Conference on Rewriting Techniques and Applications (RTA11), Novi Sad, Serbia, 2011,Google Scholar
- S. De Capitani di Vimercati, S. Paraboschi, and P. Samarati. Access control: principles and solutions. Softw., Pract. Exper., 33(5):397--421, 2003. Google ScholarDigital Library
- D. J. Dougherty, Kathi Fisler, and Shriram Krishnamurthi. Specifying and reasoning about dynamic access-control policies. In Proc. of IJCAR'06, volume 4130 of Lecture Notes in Computer Science, pages 632--646. Springer, 2006.Google Scholar
- D. J. Dougherty, C. Kirchner, H. Kirchner, and A. Santana de Oliveira. Modular access control via strategic rewriting. In Proc. of ESORICS'07, Lecture Notes in Computer Science, pages 578--593, 2007. Google ScholarCross Ref
- R. Echahed and F. Prost. Security policy in a declarative style. In Proc. of PPDP'05. ACM Press, 2005. Google ScholarDigital Library
- P. Hudak, J. Peterson, and J. Fasel. A gentle introduction to Haskell 98. http://www.haskell.org/tutorial/, 1999.Google Scholar
- S. Jajodia, P. Samarati, M. Sapino, and V.S. Subrahmaninan. Flexible support for multiple access control policies. ACM TODS, 26(2):214--260, 2001. Google ScholarDigital Library
- J.-W. Klop, V. van Oostrom, and F. van Raamsdonk. Combinatory reduction systems, introduction and survey. Theoretical Computer Science, 121:279--308, 1993. Google ScholarDigital Library
- B. W. Lampson. Protection. SIGOPS Oper. Syst. Rev., 8(1):18--24, 1974. Google ScholarDigital Library
- D. Sannella S. Kahrs and A. Tarlecki. The definition of Extended ML: A gentle introduction. Theoretical Computer Science, 173(2):445--484, 1997. Google ScholarDigital Library
- R. Sandhu, D. Ferraiolo, and R. Kuhn. The NIST model for role-based access control: Towards a unified standard. In Proc. 4th ACM Workshop on Role-Based Access Control, pages 47--61, 2000. Google ScholarDigital Library
- A. Santana de Oliveira. Rewriting-based access control policies. In Proc. of SECRET'06, Venice, Italy, ENTCS. Elsevier, 2007. Google ScholarDigital Library
- J. Voas. Networks of 'Things'. NIST Special Publication 800--183, 2016.Google Scholar
- L. Wang, D. Wijesekera, and S. Jajodia. A Logic-based Framework for Attribute based Access Control. In Proceedings FMSE'04, Washington, DC, USA. ACM Press, 2004. Google ScholarDigital Library
- D. Wijesekera and S. Jajodia. A propositional policy algebra for access control. ACM Trans. Inf. Syst. Secur., 6(2):286--325, 2003. Google ScholarDigital Library
Index Terms
- A Framework for Secure Data Collection and Management for Internet of Things
Recommendations
Graph-Based Data-Collection Policies for the Internet of Things
ICSS '18: Proceedings of the 4th Annual Industrial Control System Security WorkshopSmart industrial control systems (e.g., smart grid, oil and gas systems, transportation systems) are connected to the internet, and have the capability to collect and transmit data; as such, they are part of the IoT. The data collected can be used to ...
An Identity Management Framework for Internet of Things
ICEBE '15: Proceedings of the 2015 IEEE 12th International Conference on e-Business EngineeringThe Internet of Things (IoT) has been developing rapidly in the past few years. In IoT, an enormous number of smart devices are connected to the network, where communication and interaction occurs extensively among end users, smart devices and Internet ...
Comments