Authors:
Hany F. Atlam
1
;
Madini O. Alassafi
2
;
Ahmed Alenezi
2
;
Robert J. Walters
2
and
Gary B. Wills
2
Affiliations:
1
University of Southampton and Menoufia University, United Kingdom
;
2
University of Southampton, United Kingdom
Keyword(s):
Internet of Things, Access Control, XACML, Policy Language, Adrbac, Access Policies.
Related
Ontology
Subjects/Areas/Topics:
Data Communication Networking
;
Enterprise Information Systems
;
Internet of Things
;
Sensor Networks
;
Software Agents and Internet Computing
;
Software and Architectures
;
Telecommunications
Abstract:
Although the Internet of things (IoT) brought unlimited benefits, it also brought many security issues. The access control is one of the main elements to address these issues. It provides the access to system resources only to authorized users and ensures that they behave in an authorized manner during their access sessions. One of the significant components of any access control model is access policies. They are used to build the criteria to permit or deny any access request. Building an efficient access control model for the IoT require selecting an appropriate access policy language to implement access policies. Therefore, this paper presents an overview of most common access policy languages. It starts with discussing different access control models and features of the access policy. After reviewing different access policy languages, we proposed XACML as the most efficient and appropriate policy language for the IoT as it compatible with different platforms, provides a distribut
ed and flexible approach to work with different access control scenarios of the IoT system. In addition, we proposed an XACML model for an Adaptive Risk-Based Access Control (AdRBAC) for the IoT and showed how the access decision will be made using XACML.
(More)