ABSTRACT
The ubiquitous presence of smart devices along with advancements in connectivity coupled with the elastic capabilities of cloud and edge systems have nurtured and revolutionized smart ecosystems. Intelligent, integrated cyber-physical systems offer increased productivity, safety, efficiency, speed and support for data driven applications beyond imagination just a decade ago. Since several connected devices work together as a coordinated unit to ensure efficiency and automation, the individual operations they perform are often reliant on each other. Therefore, it is important to control what functions or activities different devices can perform at a particular moment of time, and how they are related to each other. It is also important to consider additional factors such as conditions, obligation or mutability of activities, which are critical in deciding whether or not a device can perform a requested activity. In this paper, we take an initial step to propose and discuss the concept of Activity-Centric Access Control (ACAC) for smart and connected ecosystem. We discuss the notion of activity with respect to the collaborative and distributed yet integrated systems and identify the different entities involved along with the important factors to make an activity control decision. We outline a preliminary approach for defining activity control expressions which can be applied to different smart objects in the system. The main goal of this paper is to present the vision and need for the activity-centric approach for access control in connected smart systems, and foster discussion on the identified future research agenda.
- Ravi S Sandhu and Pierangela Samarati. Access control: principle and practice. IEEE communications magazine, 32(9):40--48, 1994.Google Scholar
- Ravi S Sandhu. Role-based access control. In Advances in computers, volume 46, pages 237--286. Elsevier, 1998.Google Scholar
- Xin Jin, Ram Krishnan, and Ravi Sandhu. A unified attribute-based access control model covering DAC, MAC and RBAC. In IFIP Annual Conference on Data and Applications Security and Privacy, pages 41--55. Springer, 2012.Google ScholarDigital Library
- Maanak Gupta and Ravi Sandhu. The $mathrmGURA_G$ Administrative Model for User and Group Attribute Assignment. In International Conference on Network and System Security, pages 318--332. Springer, 2016.Google Scholar
- Roshan K Thomas and Ravi S Sandhu. Task-based authorization controls (TBAC): A family of models for active and enterprise-oriented authorization management. In Database security XI, pages 166--181. Springer, 1998.Google ScholarCross Ref
- Jaehong Park and Ravi Sandhu. Towards usage control models: beyond traditional access control. In Proc. ACM SACMAT, pages 57--64, 2002.Google ScholarDigital Library
- Ravi Sandhu and Jaehong Park. Usage control: A vision for next generation access control. In International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, pages 17--31. Springer, 2003.Google Scholar
- Jaehong Park and Ravi Sandhu. The UCON-ABC usage control model. ACM Trans. Inf. Syst. Secur., 7(1):128--174, February 2004.Google ScholarDigital Library
- Alexander Pretschner, Manuel Hilty, and David Basin. Distributed usage control. Commun. ACM, 49(9):39--44, 2006.Google ScholarDigital Library
- Jaehong Park, Ravi Sandhu, and Yuan Cheng. ACON: Activity-centric access control for social computing. In 2011 Sixth International Conference on Availability, Reliability and Security, pages 242--247. IEEE, 2011.Google ScholarDigital Library
- J. Park, R. Sandhu, and Y. Cheng. A user-activity-centric framework for access control in online social networks. IEEE Internet Computing, 15(5):62--65, 2011.Google ScholarDigital Library
- Maanak Gupta and Ravi Sandhu. Authorization framework for secure cloud assisted connected cars and vehicular internet of things. In Proc. of the 23nd ACM on Symposium on Access Control Models and Technologies, pages 193--204, 2018.Google ScholarDigital Library
- Maanak Gupta et al. Dynamic groups and attribute-based access control for next-generation smart cars. In Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy, pages 61--72, 2019.Google Scholar
- Sina Sontowski et al. Cyber attacks on smart farming infrastructure. In Proc. of the IEEE Conference on Collaboration and Internet Computing (CIC), 2020.Google Scholar
- Maanak Gupta et al. Security and privacy in smart farming: Challenges and opportunities. IEEE Access, 8:34564--34584, 2020.Google ScholarCross Ref
- Maanak Gupta, Farhan Patwa, and Ravi Sandhu. An attribute-based access control model for secure big data processing in hadoop ecosystem. In Proceedings of the Third ACM Workshop on Attribute-Based Access Control, pages 13--24, 2018.Google ScholarDigital Library
- Maanak Gupta, Farhan Patwa, and Ravi Sandhu. Object-tagged RBAC model for the Hadoop ecosystem. In IFIP Annual Conference on Data and Applications Security and Privacy, pages 63--81. Springer, 2017.Google ScholarCross Ref
- Vincent C Hu, D Richard Kuhn, and David F Ferraiolo. Access control for emerging distributed systems. Computer, 51(10):100--103, 2018.Google ScholarCross Ref
- Yuan Tian et al. Smartauth: User-centered authorization for the internet of things. In 26th USENIX Security Symposium, pages 361--378, 2017.Google Scholar
- Z Berkay Celik, Gang Tan, and Patrick D McDaniel. Iotguard: Dynamic enforcement of security and safety policy in commodity iot. In NDSS, 2019.Google ScholarCross Ref
- Maribel Fernández et al. A Data Access Model for Privacy-Preserving Cloud-IoT Architectures. In Proceedings of the 25th ACM SACMAT, pages 191--202, 2020.Google Scholar
- Weijia He et al. Rethinking access control and authentication for the home internet of things (IoT). In 27th $$USENIX$$ Security Symposium, 2018.Google Scholar
- Weijia He et al. SoK: Context Sensing for Access Control in the Adversarial Home IoT.Google Scholar
- Moosa Yahyazadeh et al. PatrIoT: Policy Assisted Resilient Programmable IoT System. In Int. Conf. on Runtime Verification. Springer, 2020.Google Scholar
- Moosa Yahyazadeh et al. Expat: Expectation-based policy analysis and enforcement for appified smart-home platforms. In Proceedings of the 24th ACM Symposium on Access Control Models and Technologies, pages 61--72, 2019.Google Scholar
- Elisa Bertino. IoT Security A Comprehensive Life Cycle Framework. In 2019 IEEE 5th International Conference on Collaboration and Internet Computing (CIC), pages 196--203. IEEE, 2019.Google Scholar
- Maanak Gupta and Ravi Sandhu. Reachability Analysis for Attributes in ABAC with Group Hierarchy. arXiv preprint arXiv:2101.03736.Google Scholar
- Smriti Bhatt et al. Access control model for AWS internet of things. In Int. Conf. on Network and System Security, pages 721--736. Springer, 2017.Google Scholar
- Deepti Gupta et al. Access control model for Google cloud IoT. In IEEE 6th Intl Conference on Big Data Security on Cloud (BigDataSecurity), pages 198--208, 2020.Google Scholar
- Asma Alshehri and Ravi Sandhu. Access control models for cloud-enabled internet of things: A proposed architecture and research agenda. In IEEE Int. Conference on Collaboration and Internet Computing (CIC), 2016.Google ScholarCross Ref
- Imane Bouij-Pasquier et al. SmartOrBAC security and privacy in the Internet of Things. In 2015 IEEE/ACS 12th International Conference of Computer Systems and Applications (AICCSA), pages 1--8. IEEE, 2015.Google Scholar
- Ning YE et al. An efficient authentication and access control scheme for perception layer of internet of things. Appl. Math, 8(4):1--8, 2014.Google Scholar
- Maanak Gupta et al. Secure V2V and V2I communication in intelligent transportation using cloudlets. IEEE Transactions on Services Computing, 2020.Google Scholar
- Roei Schuster, Vitaly Shmatikov, and Eran Tromer. Situational access control in the internet of things. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pages 1056--1073, 2018.Google ScholarDigital Library
- Yunhan Jack Jia et al. ContexloT: Towards Providing Contextual Integrity to Appified IoT Platforms. In NDSS, volume 2, pages 2--2, 2017.Google Scholar
- Aafaf Ouaddah et al. Access control in the Internet of Things: Big challenges and new opportunities. Computer Networks, 112:237--262, 2017.Google ScholarDigital Library
- Smriti Bhatt and Ravi Sandhu. Convergent access control to enable secure smart communities. In IEEE Int. Conf. on Trust, Privacy and Security in Intelligent Systems and Applications, 2020.Google ScholarCross Ref
- Ravi Sandhu. The PEI framework for application-centric security. In Proceedings of the 5th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, pages 1--5, 2009.Google ScholarCross Ref
- Valentina Salapura et al. Generative policy framework for ai training data curation. In IEEE Int. Conference on Smart Computing, pages 475--477, 2019.Google Scholar
- Amani Abu Jabal et al. Polisma-a framework for learning attribute-based access control policies. In European Symposium on Research in Computer Security, pages 523--544. Springer, 2020.Google Scholar
- Maanak Gupta, Feras M Awaysheh, James Benson, Mamoun Al Azab, Farhan Patwa, and Ravi Sandhu. An attribute-based access control for cloud-enabled industrial smart vehicles. IEEE Transactions on Industrial Informatics, 2020.Google Scholar
Index Terms
- Towards Activity-Centric Access Control for Smart Collaborative Ecosystems
Recommendations
BlueSky: Activity Control: A Vision for "Active" Security Models for Smart Collaborative Systems
SACMAT '22: Proceedings of the 27th ACM on Symposium on Access Control Models and TechnologiesCyber physical ecosystem connects different intelligent devices over heterogeneous networks. Various operations are performed on smart objects to ensure efficiency and to support automation in smart environments. An Activity (defined by Gupta and Sandhu)...
Blockchain-Based Access Control for IoT in Smart Home Systems
Database and Expert Systems ApplicationsAbstractSmart home systems are featured by a variety of connected smart household devices, where Internet of Things (IoT) is one of the critical enablers in the smart home environment. Since these smart home IoT devices are working collaboratively, the ...
SoTRAACE for smart security in ambient assisted living
Ambient Assisted Living (AAL) solutions have been conquering an important place among strategies to promote ageing in place and address the societal challenges of population ageing. Related available smart solutions and their pervasiveness raise security ...
Comments