research-article

ABAC-CC: Attribute-Based Access Control and Communication Control for Internet of Things

Authors:
Smriti Bhatt

Texas A&M University-San Antonio, San Antonio, TX, USA

Texas A&M University-San Antonio, San Antonio, TX, USA
View Profile

,
Ravi Sandhu

University of Texas at San Antonio, San Antonio, TX, USA

University of Texas at San Antonio, San Antonio, TX, USA
View Profile

SACMAT '20: Proceedings of the 25th ACM Symposium on Access Control Models and TechnologiesJune 2020Pages 203–212https://doi.org/10.1145/3381991.3395618

Published:10 June 2020Publication History

SACMAT '20: Proceedings of the 25th ACM Symposium on Access Control Models and Technologies

Pages 203–212

ABSTRACT

Internet of Things (IoT) is revolutionizing the capabilities of the Internet with billions of connected devices in the cyberspace. These devices are commonly referred to as smart things enabling smart environments, such as Smart Home, Smart Health, Smart Transportation, and overall Smart Communities, together with key enabling technologies like Cloud Computing, Artificial Intelligence (AI) and Machine Learning (ML). Security and privacy are major concerns for today's diverse autonomous IoT ecosystem. Autonomous things and a large amount of data associated with things have fueled significant research in IoT access control and privacy in both academia and industry. To enable futuristic IoT with sustainable growth, dynamic access and communication control framework that adequately addresses security and privacy issues in IoT is inevitable. In this paper, we analyze the access and communication control requirements in Cloud-Enabled IoT (CE-IoT) and propose an attribute-based framework for access control and communication control, known as ABAC-CC, to secure accesses and communications (data flow) between various entities in the IoT architecture. We also introduce a novel Attribute-Based Communication Control (ABCC) model, which focuses on securing communications and data flow in IoT and enables users to define privacy policies using attributes of various entities. Furthermore, we analyze the applicability of ABAC-CC in specific IoT application domains, and finally, we present future research directions in the context of Cloud and Edge computing enabled IoT platforms.

References

Amazon Web Services (AWS) - Cloud Computing Services. https://aws. amazon.com. Accessed: 2020-01-08.Google Scholar
Apple Smart Watch. https://www.apple.com/apple-watch-series-5/. Accessed: 2020-01-08.Google Scholar
AWS Internet of Things. http://docs.aws.amazon.com/iot/latest/ developerguide/what-is-aws-iot.htm. Accessed: 2020-01--10.Google Scholar
Constrained Application Protocol. http://coap.technology note = Accessed: 2019--12--10.Google Scholar
Fitbit. https://www.fitbit.com/us/home. Accessed: 2020-01-08.Google Scholar
Google Cloud Platform. https://cloud.google.com/. Accessed: 2019--12--10.Google Scholar
Google Internet of Things. https://cloud.google.com/solutions/iotoverview/. Accessed: 2019--12--10.Google Scholar
Google Nest. https://nest.com/. Accessed: 2020-01-08.Google Scholar
Here's How the Internet of Things (IoT) Will Change Work-places. http://www.insight.com/enUS/learn/content/2017/02072017-heres-how-theinternet- of-things-iot-will-change-workplacesGoogle Scholar
Message Queuing Telemetry Transport. http://mqtt.org/Google Scholar
Microsoft Azure. https://azure.microsoft.com. Accessed: 2019--11--10.Google Scholar
Ala Al-Fuqaha, Mohsen Guizani, Mehdi Mohammadi, Mohammed Aledhari, and Moussa Ayyash. 2015. Internet of things: A survey on enabling technologies, protocols, and applications. IEEE Communications Surveys & Tutorials 17, 4 (2015), 2347--2376.Google ScholarDigital Library
Asma Alshehri and Ravi Sandhu. 2016. Access control models for cloud-enabled internet of things: A proposed architecture and research agenda. In 2nd International Conference on Collaboration and Internet Computing (CIC), 2016, IEEE. IEEE, 530--538.Google ScholarCross Ref
Asma Alshehri and Ravi Sandhu. 2017. Access Control Models for Virtual Object Communication in Cloud-Enabled IoT. In International Conference on Information Reuse and Integration (IRI), IEEE. IEEE, 16--25.Google Scholar
Luigi Atzori, Antonio Iera, and Giacomo Morabito. 2010. The Internet of Things: A Survey. Computer Networks 54, 15 (2010), 2787--2805.Google ScholarDigital Library
Smriti Bhatt. 2018. Attribute-Based Access and Communication Control Models for Cloud and Cloud-Enabled Internet of Things. Ph.D. Dissertation. University of Texas at San Antonio.Google Scholar
Smriti Bhatt, A Tawalbeh Loái, Pankaj Chhetri, and Paras Bhatt. 2019. Authorizations in Cloud-Based Internet of Things: Current Trends and Use Cases. In 2019 Fourth International Conference on Fog and Mobile Edge Computing (FMEC). IEEE, 241--246.Google Scholar
Smriti Bhatt, Farhan Patwa, and Ravi Sandhu. 2016. An Attribute-Based Access Control Extension for OpenStack and its Enforcement Utilizing the Policy Machine. In IEEE 2nd International Conference on Collaboration and Internet Computing (CIC). IEEE, 37--45.Google ScholarCross Ref
Smriti Bhatt, Farhan Patwa, and Ravi Sandhu. 2017. ABAC with group attributes and attribute hierarchies utilizing the policy machine. In Proceedings of the 2nd ACM Workshop on Attribute-Based Access Control. ACM, 17--28.Google ScholarDigital Library
Smriti Bhatt, Farhan Patwa, and Ravi Sandhu. 2017. An Access Control Framework for Cloud-Enabled Wearable Internet of Things. In 3rd International Conference on Collaboration and Internet Computing (CIC), IEEE.Google Scholar
Smriti Bhatt, Farhan Patwa, and Ravi Sandhu. 2017. Access Control Model for AWS Internet of Things. In International Conference on Network and System Security. Springer, 721--736.Google Scholar
Prosunjit Biswas, Ravi Sandhu, and Ram Krishnan. 2016. A Comparison of Logicalformula and Enumerated Authorization Policy ABAC Models. In IFIP Annual Conference on Data and Applications Security and Privacy. Springer, 122--129.Google Scholar
Prosunjit Biswas, Ravi Sandhu, and Ram Krishnan. 2016. Label-based access control: An ABAC model with enumerated authorization policy. In Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control. ACM, 1--12.Google ScholarDigital Library
Alessio Botta, Walter De Donato, Valerio Persico, and Antonio Pescapé. 2014. On the integration of cloud computing and internet of things. In Future internet of things and cloud (FiCloud), 2014 international conference on. IEEE, 23--30.Google Scholar
Imane Bouij-Pasquier, Abdellah Ait Ouahman, Anas Abou El Kalam, and Mina Ouabiba de Montfort. 2015. SmartOrBAC security and privacy in the Internet of Things. In 2015 IEEE/ACS 12th International Conference of Computer Systems and Applications (AICCSA). IEEE, 1--8.Google ScholarCross Ref
Ji-Won Byun, Elisa Bertino, and Ninghui Li. 2005. Purpose based access control of complex data for privacy protection. In Proceedings of the tenth ACM symposium on Access control models and technologies. 102--110.Google ScholarDigital Library
David F Ferraiolo, Ravi Sandhu, Serban Gavrila, D Richard Kuhn, and Ramaswamy Chandramouli. 2001. Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security (TISSEC) 4, 3 (2001), 224-- 274.Google ScholarDigital Library
Maanak Gupta and Ravi Sandhu. 2016. The \mathrm {GURA_G} GURAG Administrative Model for User and Group Attribute Assignment. In International Conference on Network and System Security. Springer, 318--332.Google ScholarCross Ref
Vincent C Hu, David Ferraiolo, Rick Kuhn, Adam Schnitzer, Kenneth Sandlin, Robert Miller, and Karen Scarfone. 2014. Guide to attribute based access control (ABAC) definition and considerations. NIST Special Publication 800--162 (2014).Google Scholar
Xin Jin, Ram Krishnan, and Ravi Sandhu. 2012. A unified attribute-based access control model covering DAC, MAC and RBAC. In IFIP Annual Conference on Data and Applications Security and Privacy. Springer, 41--55.Google ScholarDigital Library
Rafiullah Khan, Sarmad Ullah Khan, Rifaqat Zaheer, and Shahid Khan. 2012. Future internet: the internet of things architecture, possible applications and key challenges. In Frontiers of Information Technology (FIT), 2012 10th International Conference on. IEEE, 257--260.Google ScholarDigital Library
Bo Lang, Ian Foster, Frank Siebenlist, Rachana Ananthakrishnan, and Tim Freeman. 2009. A flexible attribute based access control method for grid computing. Journal of Grid Computing 7, 2 (2009), 169--180.Google ScholarCross Ref
Parikshit N Mahalle, Bayu Anggorojati, Neeli Rashmi Prasad, and Ramjee Prasad. 2012. Identity Establishment and Capability Based Access Control (IECAC) Scheme for Internet of Things. In 15th Symposium on Wireless Personal Multimedia Communications (WPMC). IEEE, 187--191.Google Scholar
Jiwan Ninglekhu and Ram Krishnan. 2017. AARBAC: Attribute-based administration of role-based access control. In Collaboration and Internet Computing (CIC), 2017 IEEE 3rd International Conference on. IEEE, 126--135.Google ScholarCross Ref
Jiwan Ninglekhu and Ram Krishnan. 2017. Attribute based administration of role based access control: A detail description. arXiv preprint arXiv:1706.03171 (2017).Google Scholar
Michele Nitti, Virginia Pilloni, Giuseppe Colistra, and Luigi Atzori. 2016. The virtual object as a major element of the internet of things: a survey. IEEE Communications Surveys & Tutorials 18, 2 (2016), 1228--1240.Google ScholarDigital Library
Aafaf Ouaddah, Hajar Mousannif, Anas Abou Elkalam, and Abdellah Ait Ouahman. 2017. Access Control in The Internet of Things: Big Challenges and New Opportunities. Computer Networks 112 (2017), 237--262.Google ScholarDigital Library
Pritee Parwekar. 2011. From internet of things towards cloud of things. In Computer and Communication Technology (ICCCT), 2011 2nd International Conference on. IEEE, 329--333.Google ScholarCross Ref
Pawani Porambage, Mika Ylianttila, Corinna Schmitt, Pardeep Kumar, Andrei Gurtov, and Athanasios V Vasilakos. 2016. The quest for privacy in the internet of things. IEEE Cloud Computing 3, 2 (2016), 36--45.Google ScholarCross Ref
Fausto Rabitti, Elisa Bertino, Won Kim, and Darrell Woelk. 1991. A model of authorization for next-generation database systems. ACM Transactions on Database Systems (TODS) 16, 1 (1991), 88--131.Google ScholarDigital Library
BB Prahlada Rao, Paval Saluia, Neetu Sharma, Ankit Mittal, and Shivay Veer Sharma. 2012. Cloud computing for Internet of Things & sensing based applications. In Sensing Technology (ICST), 2012 Sixth International Conference on. IEEE, 374--380.Google Scholar
Ravi Sandhu, Edward J Coyne, Hal Feinstein, and Charles Youman. 1996. Role- Based Access Control Models. IEEE Computer 29, 2 (1996), 38--47.Google ScholarDigital Library
Mahadev Satyanarayanan, Paramvir Bahl, Ramón Caceres, and Nigel Davies. 2009. The Case for VM-Based Cloudlets in Mobile Computing. IEEE pervasive Computing 8, 4 (2009).Google Scholar
Daniel Servos and Sylvia L Osborn. 2014. HGABAC: Towards a formal model of hierarchical attribute-based access control. In International Symposium on Foundations and Practice of Security. Springer, 187--204.Google Scholar
Hai-bo Shen and Fan Hong. 2006. An attribute-based access control model for web services. In 2006 Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT´06). IEEE, 74--79.Google Scholar
Bo Tang, Hongjuan Kang, Jingwen Fan, Qi Li, and Ravi Sandhu. 2019. Iot passport: a blockchain-based trust framework for collaborative internet-of-things. In Proceedings of the 24th ACM Symposium on Access Control Models and Technologies. 83--92.Google ScholarDigital Library
Yuan Tian, Nan Zhang, Yueh-Hsun Lin, XiaoFeng Wang, Blase Ur, Xianzheng Guo, and Patrick Tague. 2017. Smartauth: User-centered authorization for the internet of things. In 26th {USENIX} Security Symposium ({USENIX} Security . 361--378.Google Scholar
Ronghua Xu, Yu Chen, Erik Blasch, and Genshe Chen. 2018. Blendcac: A smart contract enabled decentralized capability-based access control mechanism for the iot. Computers 7, 3 (2018), 39.Google ScholarCross Ref
Zhihong Yang, Yingzhao Yue, Yu Yang, Yufeng Peng, Xiaobo Wang, and Wenji Liu. 2011. Study and application on the architecture and key technologies for IOT. In 2011 International Conference on Multimedia Technology. IEEE, 747--751.Google ScholarCross Ref
Ning Ye, Yan Zhu, Ru-chuan Wang, Reza Malekian, and Qiao-min Lin. 2014. An efficient authentication and access control scheme for perception layer of Internet of Things. (2014).Google Scholar
Eric Yuan and Jin Tong. 2005. Attributed based access control (ABAC) for web services. In IEEE International Conference on Web Services (ICWS´05). IEEE.Google ScholarDigital Library

Index Terms

ABAC-CC: Attribute-Based Access Control and Communication Control for Internet of Things
1. Security and privacy
  1. Security services
    1. Access control
    2. Authorization

Recommendations

Poster: IoT SENTINEL - An ABAC Approach Against Cyber-Warfare In Organizations
SACMAT '20: Proceedings of the 25th ACM Symposium on Access Control Models and Technologies

Recently, Internet of Things (IoT) devices and applications are becoming increasingly popular among users in various IoT domains, such as Wearable IoT, Smart Cities, Smart Home, and Smart Industry. With a range of IoT devices, cyber attack surface has ...
Read More
New directions in IoT privacy using attribute-based authentication
CF '16: Proceedings of the ACM International Conference on Computing Frontiers

The Internet of Things (IoT) is a ubiquitous system that incorporates not only the current Internet of computers, but also smart objects and sensors. IoT technologies often rely on centralised architectures that follow the current business models. This ...
Read More
Threat-Based Security Analysis for the Internet of Things
SIOT '14: Proceedings of the 2014 International Workshop on Secure Internet of Things

The Internet of Things (IoT) is an emerging paradigm focusing on the inter-connection of things or devices to each other and to the users. This technology is anticipated to become an integral milestone in the development of smart homes and smart cities. ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SACMAT '20: Proceedings of the 25th ACM Symposium on Access Control Models and Technologies
June 2020
234 pages
ISBN:9781450375689
DOI:10.1145/3381991
General Chair:
Jorge Lobo
ICREA & Universitat Pompeu Fabra, Spain
,
Program Chairs:
Scott D. Stoller
Stony Brook University, USA
,
Peng Liu
Penn State University, USA
Copyright © 2020 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 10 June 2020
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
attribute-based communication control
attributes
cloud-enabled iot
communication control
internet of things
message attributes
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate177of597submissions,30%
Upcoming Conference
SACMAT 2024

Sponsor:

sigsac

The 29th ACM Symposium on Access Control Models and Technologies

May 15 - 17, 2024

San Antonio , TX , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 23
  Total Citations
  View Citations
- 688
  Total Downloads
- Downloads (Last 12 months)150
- Downloads (Last 6 weeks)18
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

ABAC-CC: Attribute-Based Access Control and Communication Control for Internet of Things

SACMAT '20: Proceedings of the 25th ACM Symposium on Access Control Models and Technologies

ABSTRACT

References

Cited By

Index Terms

Recommendations

Poster: IoT SENTINEL - An ABAC Approach Against Cyber-Warfare In Organizations

New directions in IoT privacy using attribute-based authentication

Threat-Based Security Analysis for the Internet of Things