The University of Southampton
University of Southampton Institutional Repository

An overview of risk estimation techniques in risk-based access control for the internet of things

An overview of risk estimation techniques in risk-based access control for the internet of things
An overview of risk estimation techniques in risk-based access control for the internet of things
The Internet of Things (IoT) represents a modern approach where boundaries between real and digital domains are progressively eliminated by changing over consistently every physical device to smart object ready to provide valuable services. These services provide a vital role in different life domains but at the same time create new challenges particularly in security and privacy. Authentication and access control models are considered as the essential elements to address these security and privacy challenges. Risk-based access control model is one of the dynamic access control models that provides more flexibility in accessing system resources. This model performs a risk analysis to estimate the security risk associated with each access request and uses the estimated risk to make the access decision. One of the essential elements in this model is the risk estimation process. Estimating risk is a complex operation that requires the consideration of a variety of factors in the access control environment. Moreover, the interpretation and estimation of the risk might vary depending on the working domain. This paper presents a review of different risk estimation techniques. Existing risk-based access control models are discussed and compared in terms of the risk estimation technique, risk factors, and the evaluation domain. Requirements for choosing the appropriate risk estimation technique for the IoT system are also demonstrated.
Internet of Things, Security Risk, Access Control, Risk Estimation, Risk-based Access Control.
254-260
Institute for Systems and Technologies of Information, Control and Communication
Atlam, Hany, Fathy
addb33f5-5f65-4523-a6b8-328d9677c5d2
Alenezi, Ahmed
121c053f-ddf0-404f-b1cb-460b542ebed9
Walters, Robert
7b8732fb-3083-4f4d-844e-85a29daaa2c1
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
Atlam, Hany, Fathy
addb33f5-5f65-4523-a6b8-328d9677c5d2
Alenezi, Ahmed
121c053f-ddf0-404f-b1cb-460b542ebed9
Walters, Robert
7b8732fb-3083-4f4d-844e-85a29daaa2c1
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0

Atlam, Hany, Fathy, Alenezi, Ahmed, Walters, Robert and Wills, Gary (2017) An overview of risk estimation techniques in risk-based access control for the internet of things. In 2nd International Conference on Internet of Things, Big Data and Security. Institute for Systems and Technologies of Information, Control and Communication. pp. 254-260 . (doi:10.5220/0006292602540260).

Record type: Conference or Workshop Item (Paper)

Abstract

The Internet of Things (IoT) represents a modern approach where boundaries between real and digital domains are progressively eliminated by changing over consistently every physical device to smart object ready to provide valuable services. These services provide a vital role in different life domains but at the same time create new challenges particularly in security and privacy. Authentication and access control models are considered as the essential elements to address these security and privacy challenges. Risk-based access control model is one of the dynamic access control models that provides more flexibility in accessing system resources. This model performs a risk analysis to estimate the security risk associated with each access request and uses the estimated risk to make the access decision. One of the essential elements in this model is the risk estimation process. Estimating risk is a complex operation that requires the consideration of a variety of factors in the access control environment. Moreover, the interpretation and estimation of the risk might vary depending on the working domain. This paper presents a review of different risk estimation techniques. Existing risk-based access control models are discussed and compared in terms of the risk estimation technique, risk factors, and the evaluation domain. Requirements for choosing the appropriate risk estimation technique for the IoT system are also demonstrated.

Text
An Overview of Risk Estimation Techniques in Risk-based Access Control for the Internet of Things - Accepted Manuscript
Download (439kB)

More information

Accepted/In Press date: 15 December 2016
e-pub ahead of print date: 1 April 2017
Published date: April 2017
Keywords: Internet of Things, Security Risk, Access Control, Risk Estimation, Risk-based Access Control.
Organisations: Electronics & Computer Science, Electronic & Software Systems, Southampton Marine & Maritime Institute

Identifiers

Local EPrints ID: 411006
URI: http://eprints.soton.ac.uk/id/eprint/411006
PURE UUID: ac9eb13e-0d1f-46c9-a909-1fb510fe5b01
ORCID for Hany, Fathy Atlam: ORCID iD orcid.org/0000-0003-4142-6377
ORCID for Gary Wills: ORCID iD orcid.org/0000-0001-5771-4088

Catalogue record

Date deposited: 13 Jun 2017 16:31
Last modified: 16 Mar 2024 02:52

Export record

Altmetrics

Contributors

Author: Hany, Fathy Atlam ORCID iD
Author: Ahmed Alenezi
Author: Robert Walters
Author: Gary Wills ORCID iD

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×