poster

Public Access

Utilizing The DLBAC Approach Toward a ZT Score-based Authorization for IoT Systems

Authors:

Maanak GuptaAuthors Info & Claims

CODASPY '23: Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy

Pages 283 - 285

https://doi.org/10.1145/3577923.3585046

Published: 24 April 2023 Publication History

Abstract

The internet of Things (IoT) refers to a network of physical objects that are equipped with sensors, software, and other technologies in order to communicate with other devices and systems over the internet. IoT has emerged as one of the most important technologies of this century over the past few years. To ensure IoT systems' sustainability and security over the long term, several researchers lately motivated the need to incorporate the recently proposed zero trust (ZT) cybersecurity paradigm when designing and implementing access control models for IoT systems. This poster proposes a hybrid access control approach incorporating traditional and deep learning-based authorization techniques toward score-based ZT authorization for IoT systems.

References

[1]

S. Ameer, et al . 2022. BlueSky: Towards Convergence of Zero Trust Principles and Score-Based Authorization for IoT Enabled Smart Systems. In Proceedings of the 27th ACM on Symposium on Access Control Models and Technologies. 235--244.

Digital Library

[2]

S. Bhatt and R. Sandhu. 2020. ABAC-CC: Attribute-Based Access Control and Communication Control for Internet of Things. In Proceedings of the 25th ACM Symposium on Access Control Models and Technologies.

[3]

Y. Cheng, et al . 2012. Relationship-based access control for online social networks: Beyond user-to-user relationships. In SocialCom. IEEE.

[4]

P. Colombo, et al. 2021. Access Control Enforcement in IoT: state of the art and open challenges in the Zero Trust era. In 2021 third IEEE international conference on trust, privacy and security in intelligent systems and applications (TPS-ISA) . IEEE, 159--166.

[5]

C. Cotrini, et al . 2018. Mining ABAC rules from sparse logs. In 2018 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 31--46.

[6]

S. Das, et al. 2018. Policy Engineering in RBAC and ABAC. From Database to Cyber Security: Essays Dedicated to Sushil Jajodia on the Occasion of His 70th Birthday (2018), 24--54.

[7]

S. Dhar and I. Bose. 2021. Securing IoT devices using zero trust and blockchain. Journal of Organizational Computing and Electronic Commerce 31, 1 (2021), 18--34.

[8]

T. Dimitrakos, et al. 2020. Trust aware continuous authorization for zero trust in consumer internet of things. In TrustCom. IEEE.

[9]

X. Jin, et al . 2012. A unified attribute-based access control model covering DAC, MAC and RBAC. In IFIP Annual Conf. on Data and App. Sec.

Digital Library

[10]

L. Krautsevich, et al . 2014. Towards attribute-based access control policy engi- neering using risk. In Risk Assessment and Risk-Driven Testing: First International Workshop, RISK 2013, Held in Conjunction with ICTSS 2013, Istanbul, Turkey, No- vember 12, 2013. Revised Selected Papers 1. Springer, 80--90.

Digital Library

[11]

M. N. Nobi, et al . 2022. Toward deep learning based access control. In Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy. 143--154.

Digital Library

[12]

A. Ouaddah, et al. 2017. Access control in the Internet of Things: Big challenges and new opportunities. Comp. NW 112 (2017).

[13]

J. Park and R. Sandhu. 2004. The UCONABC usage control model. ACM transac- tions on information and system security (TISSEC) 7, 1 (2004), 128--174.

[14]

J. Park, et al . 2011. Acon: Activity-centric access control for social computing. In ARES. IEEE.

[15]

S. Ravidas, et al. 2019. Access control in Internet-of-Things: A survey. Journal of Network and Computer Applications 144 (2019), 79--101.

Digital Library

[16]

S. Rose, et al. 2020. Zero trust architecture. Technical Report NIST Special Publication (SP) 800--207. National Institute of Standards and Technology.

[17]

Z. Sainan and Z. Changyou. 2019. Research and Application of Rigorous Access Control Mechanism in Distributed Objects System. In 2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC). IEEE, 1166--1169.

[18]

M. Samaniego and R. Deters. 2018. Zero-trust hierarchical management in IoT. In 2018 IEEE international congress on Internet of Things (ICIOT). IEEE, 88--95.

[19]

R. Sandhu. 1998. Role-based access control. In Advances in computers. Vol. 46.

[20]

M. Shafiq, et al . 2022. The rise of ?Internet of Things": review and open research issues related to detection and prevention of IoT-based security attacks. Wireless Communications and Mobile Computing 2022 (2022), 1--12.

[21]

B. Tang, et al . 2019. Iot passport: A blockchain-based trust framework for collab- orative internet-of-things. In SACMAT '19.

Digital Library

[22]

Z. Xu and S. D. Stoller. 2014. Mining attribute-based access control policies. IEEE Transactions on Dependable and Secure Computing 12, 5 (2014), 533--545.

Digital Library

Cited By

Achuthan KSankaran SRoy SRaman R(2025)Integrating sustainability into cybersecurity: insights from machine learning based topic modelingDiscover Sustainability10.1007/s43621-024-00754-w6:1Online publication date: 21-Jan-2025
https://doi.org/10.1007/s43621-024-00754-w
Ameer SPraharaj LSandhu RBhatt SGupta M(2024)ZTA-IoT: A Novel Architecture for Zero-Trust in IoT Systems and an Ensuing Usage Control ModelACM Transactions on Privacy and Security10.1145/367114727:3(1-36)Online publication date: 17-Jun-2024
https://dl.acm.org/doi/10.1145/3671147
Bertolissi CFernández MThuraisingham B(2024)An Axiomatic Category-Based Access Control Model for Smart HomesLogic-Based Program Synthesis and Transformation10.1007/978-3-031-71294-4_8(131-148)Online publication date: 7-Sep-2024
https://doi.org/10.1007/978-3-031-71294-4_8

Recommendations

ZTA-IoT: A Novel Architecture for Zero-Trust in IoT Systems and an Ensuing Usage Control Model
Recently, several researchers motivated the need to integrate Zero Trust (ZT) principles when designing and implementing authentication and authorization systems for IoT. An integrated Zero Trust IoT system comprises the network infrastructure (physical ...
BlueSky: Towards Convergence of Zero Trust Principles and Score-Based Authorization for IoT Enabled Smart Systems
SACMAT '22: Proceedings of the 27th ACM on Symposium on Access Control Models and Technologies

Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources. It assumes no implicit trust is granted to assets or user accounts based solely ...
ZT-Access: A combining zero trust access control with attribute-based encryption scheme against compromised devices in power IoT environments
Abstract
With the rapid development of information technologies in the power industry, a large number of power devices are connected to the Internet, and thus expand the exposure. Attackers could control some devices with weak security ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CODASPY '23: Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy

April 2023

304 pages

ISBN:9798400700675

DOI:10.1145/3577923

General Chair:
Mohamed Shehab
University of North Carolina at Charlotte, USA
,
Program Chairs:
Maribel Fernandez
King's College London, UK
,
Ninghui Li
Purdue University, USA

Copyright © 2023 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 April 2023

Check for updates

Author Tags

Qualifiers

Poster

Funding Sources

NSF (National Science Foundation)

Conference

CODASPY '23

Sponsor:

SIGSAC

CODASPY '23: Thirteenth ACM Conference on Data and Application Security and Privacy

April 24 - 26, 2023

NC, Charlotte, USA

Acceptance Rates

Overall Acceptance Rate 149 of 789 submissions, 19%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
223
Total Downloads

Downloads (Last 12 months)137
Downloads (Last 6 weeks)27

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Achuthan KSankaran SRoy SRaman R(2025)Integrating sustainability into cybersecurity: insights from machine learning based topic modelingDiscover Sustainability10.1007/s43621-024-00754-w6:1Online publication date: 21-Jan-2025
https://doi.org/10.1007/s43621-024-00754-w
Ameer SPraharaj LSandhu RBhatt SGupta M(2024)ZTA-IoT: A Novel Architecture for Zero-Trust in IoT Systems and an Ensuing Usage Control ModelACM Transactions on Privacy and Security10.1145/367114727:3(1-36)Online publication date: 17-Jun-2024
https://dl.acm.org/doi/10.1145/3671147
Bertolissi CFernández MThuraisingham B(2024)An Axiomatic Category-Based Access Control Model for Smart HomesLogic-Based Program Synthesis and Transformation10.1007/978-3-031-71294-4_8(131-148)Online publication date: 7-Sep-2024
https://doi.org/10.1007/978-3-031-71294-4_8

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten