An overview of risk estimation techniques in risk-based access control for the internet of things
An overview of risk estimation techniques in risk-based access control for the internet of things
The Internet of Things (IoT) represents a modern approach where boundaries between real and digital domains are progressively eliminated by changing over consistently every physical device to smart object ready to provide valuable services. These services provide a vital role in different life domains but at the same time create new challenges particularly in security and privacy. Authentication and access control models are considered as the essential elements to address these security and privacy challenges. Risk-based access control model is one of the dynamic access control models that provides more flexibility in accessing system resources. This model performs a risk analysis to estimate the security risk associated with each access request and uses the estimated risk to make the access decision. One of the essential elements in this model is the risk estimation process. Estimating risk is a complex operation that requires the consideration of a variety of factors in the access control environment. Moreover, the interpretation and estimation of the risk might vary depending on the working domain. This paper presents a review of different risk estimation techniques. Existing risk-based access control models are discussed and compared in terms of the risk estimation technique, risk factors, and the evaluation domain. Requirements for choosing the appropriate risk estimation technique for the IoT system are also demonstrated.
Internet of Things, Security Risk, Access Control, Risk Estimation, Risk-based Access Control.
254-260
Institute for Systems and Technologies of Information, Control and Communication
Atlam, Hany, Fathy
addb33f5-5f65-4523-a6b8-328d9677c5d2
Alenezi, Ahmed
121c053f-ddf0-404f-b1cb-460b542ebed9
Walters, Robert
7b8732fb-3083-4f4d-844e-85a29daaa2c1
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
April 2017
Atlam, Hany, Fathy
addb33f5-5f65-4523-a6b8-328d9677c5d2
Alenezi, Ahmed
121c053f-ddf0-404f-b1cb-460b542ebed9
Walters, Robert
7b8732fb-3083-4f4d-844e-85a29daaa2c1
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
Atlam, Hany, Fathy, Alenezi, Ahmed, Walters, Robert and Wills, Gary
(2017)
An overview of risk estimation techniques in risk-based access control for the internet of things.
In 2nd International Conference on Internet of Things, Big Data and Security.
Institute for Systems and Technologies of Information, Control and Communication.
.
(doi:10.5220/0006292602540260).
Record type:
Conference or Workshop Item
(Paper)
Abstract
The Internet of Things (IoT) represents a modern approach where boundaries between real and digital domains are progressively eliminated by changing over consistently every physical device to smart object ready to provide valuable services. These services provide a vital role in different life domains but at the same time create new challenges particularly in security and privacy. Authentication and access control models are considered as the essential elements to address these security and privacy challenges. Risk-based access control model is one of the dynamic access control models that provides more flexibility in accessing system resources. This model performs a risk analysis to estimate the security risk associated with each access request and uses the estimated risk to make the access decision. One of the essential elements in this model is the risk estimation process. Estimating risk is a complex operation that requires the consideration of a variety of factors in the access control environment. Moreover, the interpretation and estimation of the risk might vary depending on the working domain. This paper presents a review of different risk estimation techniques. Existing risk-based access control models are discussed and compared in terms of the risk estimation technique, risk factors, and the evaluation domain. Requirements for choosing the appropriate risk estimation technique for the IoT system are also demonstrated.
Text
An Overview of Risk Estimation Techniques in Risk-based Access Control for the Internet of Things
- Accepted Manuscript
More information
Accepted/In Press date: 15 December 2016
e-pub ahead of print date: 1 April 2017
Published date: April 2017
Keywords:
Internet of Things, Security Risk, Access Control, Risk Estimation, Risk-based Access Control.
Organisations:
Electronics & Computer Science, Electronic & Software Systems, Southampton Marine & Maritime Institute
Identifiers
Local EPrints ID: 411006
URI: http://eprints.soton.ac.uk/id/eprint/411006
PURE UUID: ac9eb13e-0d1f-46c9-a909-1fb510fe5b01
Catalogue record
Date deposited: 13 Jun 2017 16:31
Last modified: 16 Mar 2024 02:52
Export record
Altmetrics
Contributors
Author:
Hany, Fathy Atlam
Author:
Ahmed Alenezi
Author:
Robert Walters
Author:
Gary Wills
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics