skip to main content
10.1145/3205977.3205989acmconferencesArticle/Chapter ViewAbstractPublication PagessacmatConference Proceedingsconference-collections
research-article

A Lazy Approach to Access Control as a Service (ACaaS) for IoT: An AWS Case Study

Published: 07 June 2018 Publication History

Abstract

The Internet of Things (IoT) is receiving considerable attention from both industry and academia because of the new business models that it enables and the new security and privacy challenges that it generates. Major Cloud Service Providers (CSPs) have proposed platforms to support IoT by combining cloud and edge computing. However, the security mechanisms available in the cloud have been extended to IoT with some shortcomings with respect to the management and enforcement of access control policies. Access Control as a Service (ACaaS) is emerging as a solution to overcome these difficulties. The paper proposes a lazy approach to ACaaS that allows the specification and management of policies independently of the CSP while leveraging its enforcement mechanisms. We demonstrate the approach by investigating (also experimentally) alternative deployments in the IoT platform offered by Amazon Web Services on a realistic smart lock solution.

References

[1]
Álvaro Alonso, Federico Fernández, Lourdes Marco, and Joaqu'ın Salvachúa. 2017. IAACaaS: IoT Application-Scoped Access Control as a Service. Future Internet, Vol. 9, 4 (2017), 64.
[2]
A. Armando, S. Ranise, R. Traverso, and K. S. Wrona. 2016. SMT-based Enforcement and Analysis of NATO Content-based Protection and Release Policies Proc. of the ABAC@CODASPY 2016. 35--46.
[3]
Smriti Bhatt, Farhan Patwa, and Ravi Sandhu. 2017. Access Control Model for AWS Internet of Things. Int. Conf. on Network and System Security. Springer, 721--736.
[4]
Charles C Byers. 2017. Architectural imperatives for fog computing: Use cases, requirements, and architectural techniques for FOG-enabled IoT networks. IEEE Communications Magazine Vol. 55, 8 (2017), 14--20.
[5]
David F Ferraiolo, Ravi Sandhu, Serban Gavrila, D Richard Kuhn, and Ramaswamy Chandramouli. 2001. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security, Vol. 4, 3 (2001), 224--274.
[6]
Nikos Fotiou, Apostolis Machas, George C Polyzos, and George Xylomenos. 2015. Access control as a service for the Cloud. J. of Internet Services and Applications Vol. 6, 1 (2015), 11.
[7]
Paul Fremantle, Benjamin Aziz, Jacek Kopeckỳ, and Philip Scott. 2014. Federated identity and access management for the Internet of Things International Workshop on Secure Internet of Things. IEEE, 10--17.
[8]
Grant Ho, Derek Leung, Pratyush Mishra, Ashkan Hosseini, Dawn Song, and David Wagner. 2016. Smart locks: Lessons for securing commodity Internet of Things devices Proc. of Asia Conf. on Computer and Communications Security. ACM, 461--472.
[9]
V. C Hu, D. Ferraiolo, R. Kuhn, A. R. Friedman, A. J Lang, M. M Cogdell, A. Schnitzer, K. Sandlin, R. Miller, and K. Scarfone. 2013. Guide to ABAC Definition and Considerations. Number 800--162 in NIST.
[10]
Samuel Paul Kaluvuri, Alexandru Ionut Egner, Jerry den Hartog, and Nicola Zannone. 2015. SAFAX--an extensible authorization service for cloud environments. Frontiers in ICT Vol. 2 (2015), 9.
[11]
Nolan Mondrow. 2017. LockState 6i/6000i Update. (Aug. 2017). Retrieved Feb 13, 2018 from https://marketing.lockstate.com/acton/rif/18500/s-016e-1708/-/l-00fd:3d3/l-00fd/showPreparedMessage?cm_mmc=Act-On%20Software-_-email-_-UPDATE%20LockState%206i%2F6000i%20Issue-_-Click%20here&sid=TV2:3iibu2UNq
[12]
Umberto Morelli and Silvio Ranise. 2017. Assisted Authoring, Analysis and Enforcement of Access Control Policies in the Cloud IFIP International Conference on ICT Systems Security and Privacy Protection. Springer, 296--309.
[13]
Aafaf Ouaddah, Hajar Mousannif, Anas Abou Elkalam, and Abdellah Ait Ouahman. 2017. Access control in The Internet of Things: Big challenges and new opportunities. Computer Networks Vol. 112 (2017), 237--262.
[14]
Rodrigo Roman, Jianying Zhou, and Javier Lopez. 2013. On the features and challenges of security and privacy in distributed Internet of Things. Computer Networks, Vol. 57, 10 (2013), 2266--2279.
[15]
Stavros Salonikias, Ioannis Mavridis, and Dimitris Gritzalis. 2015. Access control issues in utilizing fog computing for transport infrastructure International Conference on Critical Information Infrastructures Security. Springer, 15--26.
[16]
Pierangela Samarati and Sabrina Capitani de Vimercati. 2000. Access control: Policies, models, and mechanisms. International School on Foundations of Security Analysis and Design. Springer, 137--196.
[17]
William Tarneberg, Vishal Chandrasekaran, and Marty Humphrey. 2016. Experiences creating a framework for smart traffic control using AWS IoT Proc. of Int. Conf. on Utility and Cloud Computing. ACM, 63--69.
[18]
Fatih Turkmen, Jerry den Hartog, Silvio Ranise, and Nicola Zannone. 2017. Formal analysis of XACML policies using SMT. Computers & Security Vol. 66 (2017), 185--203.
[19]
Xiaomin Xu, Sheng Huang, Lance Feagan, Yaoliang Chen, Yunjie Qiu, and Yu Wang. 2017. EAaaS: Edge Analytics as a Service. In IEEE International Conference on Web Services. IEEE, 349--356.

Cited By

View all
  • (2024)ZTA-IoT: A Novel Architecture for Zero-Trust in IoT Systems and an Ensuing Usage Control ModelACM Transactions on Privacy and Security10.1145/367114727:3(1-36)Online publication date: 17-Jun-2024
  • (2024)Encryption as a Service for IoT: Opportunities, Challenges, and SolutionsIEEE Internet of Things Journal10.1109/JIOT.2023.334187511:5(7525-7558)Online publication date: 1-Mar-2024
  • (2023)Research on smart-locks cybersecurity and vulnerabilitiesWireless Networks10.1007/s11276-023-03376-830:6(5905-5917)Online publication date: 27-May-2023
  • Show More Cited By

Index Terms

  1. A Lazy Approach to Access Control as a Service (ACaaS) for IoT: An AWS Case Study

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      SACMAT '18: Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies
      June 2018
      271 pages
      ISBN:9781450356664
      DOI:10.1145/3205977
      • General Chair:
      • Elisa Bertino,
      • Program Chairs:
      • Dan Lin,
      • Jorge Lobo
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 07 June 2018

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. IoT platforms
      2. attribute-based access control
      3. edge computing
      4. internet of things
      5. policy specification and management

      Qualifiers

      • Research-article

      Funding Sources

      • ITEA2 project M2MGrids
      • the RSA-B project SeCludE
      • the ITEA3 project APPSTACLE

      Conference

      SACMAT '18
      Sponsor:

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)25
      • Downloads (Last 6 weeks)1
      Reflects downloads up to 20 Feb 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2024)ZTA-IoT: A Novel Architecture for Zero-Trust in IoT Systems and an Ensuing Usage Control ModelACM Transactions on Privacy and Security10.1145/367114727:3(1-36)Online publication date: 17-Jun-2024
      • (2024)Encryption as a Service for IoT: Opportunities, Challenges, and SolutionsIEEE Internet of Things Journal10.1109/JIOT.2023.334187511:5(7525-7558)Online publication date: 1-Mar-2024
      • (2023)Research on smart-locks cybersecurity and vulnerabilitiesWireless Networks10.1007/s11276-023-03376-830:6(5905-5917)Online publication date: 27-May-2023
      • (2022)Distributed Enforcement of Access Control policies in Intelligent Transportation System (ITS) for Situation AwarenessProceedings of the 17th International Conference on Availability, Reliability and Security10.1145/3538969.3543792(1-10)Online publication date: 23-Aug-2022
      • (2022)End-to-End Protection of IoT Communications Through Cryptographic Enforcement of Access Control PoliciesData and Applications Security and Privacy XXXVI10.1007/978-3-031-10684-2_14(236-255)Online publication date: 13-Jul-2022
      • (2021)Centralized, Distributed, and Everything in betweenACM Computing Surveys10.1145/346517054:7(1-34)Online publication date: 17-Sep-2021
      • (2021)Extending access control in AWS IoT through event-driven functions: an experimental evaluation using a smart lock systemInternational Journal of Information Security10.1007/s10207-021-00558-321:2(379-408)Online publication date: 2-Jul-2021
      • (2020)Deploying Access Control Enforcement for IoT in the Cloud-Edge Continuum with the help of the CAP TheoremProceedings of the 25th ACM Symposium on Access Control Models and Technologies10.1145/3381991.3395617(213-220)Online publication date: 10-Jun-2020
      • (2020)An Authorization Framework for Cooperative Intelligent Transport SystemsEmerging Technologies for Authorization and Authentication10.1007/978-3-030-39749-4_2(16-34)Online publication date: 25-Jan-2020
      • (2019)Access control technologies for Big Data management systems: literature review and future trendsCybersecurity10.1186/s42400-018-0020-92:1Online publication date: 24-Jan-2019
      • Show More Cited By

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media