The University of Southampton
University of Southampton Institutional Repository

Validation of an adaptive risk-based access control model for the Internet of Things

Validation of an adaptive risk-based access control model for the Internet of Things
Validation of an adaptive risk-based access control model for the Internet of Things
The Internet of Things (IoT) has spread into multiple dimensions that incorporate different physical and virtual things. These things are connected together using different communication technologies to provide unlimited services. These services help not only to improve the quality of our daily lives, but also to provide a communication platform for increasing object collaboration and information sharing. Like all new technologies, the IoT has many security challenges that stand as a barrier to the successful implementation of IoT applications. These challenges are more complicated due to the dynamic and heterogeneous nature of IoT systems. However, authentication and access control models can be used to address the security issue in the IoT. To increase information sharing and availability, the IoT requires a dynamic access control model that takes not only access policies but also real-time contextual information into account when making access decisions. One of the dynamic features is the security risk. This paper proposes an Adaptive Risk-Based Access Control (AdRBAC) model for the IoT and discusses its validation using expert reviews. The proposed AdRBAC model conducts a risk analysis to estimate the security risk value associated with each access request when making an access decision. This model has four inputs/risk factors: user context, resource sensitivity, action severity and risk history. These risk factors are used to estimate a risk value associated with the access request to make the access decision. To provide the adaptive features, smart contracts will be used to monitor the user behaviour during access sessions to detect any malicious actions from the granted users. To validate and refine the proposed model, twenty IoT security experts from inside and outside the UK were interviewed. The experts have suggested valuable information that will help to specify the appropriate risk factors and risk estimation technique for implantation of the AdRBAC model.
2074-9104
26-35
Atlam, Hany, F.
addb33f5-5f65-4523-a6b8-328d9677c5d2
Alenezi, Ahmed
121c053f-ddf0-404f-b1cb-460b542ebed9
Hussein, Raid, Khalid Hussein
3caae7a9-6184-4d15-b298-e508f2797781
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
Atlam, Hany, F.
addb33f5-5f65-4523-a6b8-328d9677c5d2
Alenezi, Ahmed
121c053f-ddf0-404f-b1cb-460b542ebed9
Hussein, Raid, Khalid Hussein
3caae7a9-6184-4d15-b298-e508f2797781
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0

Atlam, Hany, F., Alenezi, Ahmed, Hussein, Raid, Khalid Hussein and Wills, Gary (2018) Validation of an adaptive risk-based access control model for the Internet of Things. International Journal of Computer Network and Information Security, 10 (1), 26-35. (doi:10.5815/ijcnis.2018.01.04).

Record type: Article

Abstract

The Internet of Things (IoT) has spread into multiple dimensions that incorporate different physical and virtual things. These things are connected together using different communication technologies to provide unlimited services. These services help not only to improve the quality of our daily lives, but also to provide a communication platform for increasing object collaboration and information sharing. Like all new technologies, the IoT has many security challenges that stand as a barrier to the successful implementation of IoT applications. These challenges are more complicated due to the dynamic and heterogeneous nature of IoT systems. However, authentication and access control models can be used to address the security issue in the IoT. To increase information sharing and availability, the IoT requires a dynamic access control model that takes not only access policies but also real-time contextual information into account when making access decisions. One of the dynamic features is the security risk. This paper proposes an Adaptive Risk-Based Access Control (AdRBAC) model for the IoT and discusses its validation using expert reviews. The proposed AdRBAC model conducts a risk analysis to estimate the security risk value associated with each access request when making an access decision. This model has four inputs/risk factors: user context, resource sensitivity, action severity and risk history. These risk factors are used to estimate a risk value associated with the access request to make the access decision. To provide the adaptive features, smart contracts will be used to monitor the user behaviour during access sessions to detect any malicious actions from the granted users. To validate and refine the proposed model, twenty IoT security experts from inside and outside the UK were interviewed. The experts have suggested valuable information that will help to specify the appropriate risk factors and risk estimation technique for implantation of the AdRBAC model.

Text Validation of an Adaptive Risk-based Access Control Model for the Internet of Things - Version of Record
Available under License Other.
Download (0B)

More information

e-pub ahead of print date: 1 January 2018
Published date: 8 January 2018

Identifiers

Local EPrints ID: 417523
URI: https://eprints.soton.ac.uk/id/eprint/417523
ISSN: 2074-9104
PURE UUID: 8001fcb0-b0fc-46aa-8263-e0b180f7ad27
ORCID for Hany, F. Atlam: ORCID iD orcid.org/0000-0003-4142-6377
ORCID for Gary Wills: ORCID iD orcid.org/0000-0001-5771-4088

Catalogue record

Date deposited: 02 Feb 2018 17:30
Last modified: 06 Jun 2018 13:03

Export record

Altmetrics

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of https://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×