Validation of an adaptive risk-based access control model for the Internet of Things
Validation of an adaptive risk-based access control model for the Internet of Things
The Internet of Things (IoT) has spread into multiple dimensions that incorporate different physical and virtual things. These things are connected together using different communication technologies to provide unlimited services. These services help not only to improve the quality of our daily lives, but also to provide a communication platform for increasing object collaboration and information sharing. Like all new technologies, the IoT has many security challenges that stand as a barrier to the successful implementation of IoT applications. These challenges are more complicated due to the dynamic and heterogeneous nature of IoT systems. However, authentication and access control models can be used to address the security issue in the IoT. To increase information sharing and availability, the IoT requires a dynamic access control model that takes not only access policies but also real-time contextual information into account when making access decisions. One of the dynamic features is the security risk. This paper proposes an Adaptive Risk-Based Access Control (AdRBAC) model for the IoT and discusses its validation using expert reviews. The proposed AdRBAC model conducts a risk analysis to estimate the security risk value associated with each access request when making an access decision. This model has four inputs/risk factors: user context, resource sensitivity, action severity and risk history. These risk factors are used to estimate a risk value associated with the access request to make the access decision. To provide the adaptive features, smart contracts will be used to monitor the user behaviour during access sessions to detect any malicious actions from the granted users. To validate and refine the proposed model, twenty IoT security experts from inside and outside the UK were interviewed. The experts have suggested valuable information that will help to specify the appropriate risk factors and risk estimation technique for implantation of the AdRBAC model.
26-35
Atlam, Hany F.
addb33f5-5f65-4523-a6b8-328d9677c5d2
Alenezi, Ahmed
121c053f-ddf0-404f-b1cb-460b542ebed9
Hussein, Raid Khalid Hussein
3caae7a9-6184-4d15-b298-e508f2797781
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
8 January 2018
Atlam, Hany F.
addb33f5-5f65-4523-a6b8-328d9677c5d2
Alenezi, Ahmed
121c053f-ddf0-404f-b1cb-460b542ebed9
Hussein, Raid Khalid Hussein
3caae7a9-6184-4d15-b298-e508f2797781
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
Atlam, Hany F., Alenezi, Ahmed, Hussein, Raid Khalid Hussein and Wills, Gary
(2018)
Validation of an adaptive risk-based access control model for the Internet of Things.
International Journal of Computer Network and Information Security, 10 (1), .
(doi:10.5815/ijcnis.2018.01.04).
Abstract
The Internet of Things (IoT) has spread into multiple dimensions that incorporate different physical and virtual things. These things are connected together using different communication technologies to provide unlimited services. These services help not only to improve the quality of our daily lives, but also to provide a communication platform for increasing object collaboration and information sharing. Like all new technologies, the IoT has many security challenges that stand as a barrier to the successful implementation of IoT applications. These challenges are more complicated due to the dynamic and heterogeneous nature of IoT systems. However, authentication and access control models can be used to address the security issue in the IoT. To increase information sharing and availability, the IoT requires a dynamic access control model that takes not only access policies but also real-time contextual information into account when making access decisions. One of the dynamic features is the security risk. This paper proposes an Adaptive Risk-Based Access Control (AdRBAC) model for the IoT and discusses its validation using expert reviews. The proposed AdRBAC model conducts a risk analysis to estimate the security risk value associated with each access request when making an access decision. This model has four inputs/risk factors: user context, resource sensitivity, action severity and risk history. These risk factors are used to estimate a risk value associated with the access request to make the access decision. To provide the adaptive features, smart contracts will be used to monitor the user behaviour during access sessions to detect any malicious actions from the granted users. To validate and refine the proposed model, twenty IoT security experts from inside and outside the UK were interviewed. The experts have suggested valuable information that will help to specify the appropriate risk factors and risk estimation technique for implantation of the AdRBAC model.
Text
Validation of an Adaptive Risk-based Access Control Model for the Internet of Things
- Version of Record
Restricted to Repository staff only
Request a copy
More information
Accepted/In Press date: 7 November 2017
e-pub ahead of print date: 1 January 2018
Published date: 8 January 2018
Identifiers
Local EPrints ID: 417523
URI: http://eprints.soton.ac.uk/id/eprint/417523
ISSN: 2074-9104
PURE UUID: 8001fcb0-b0fc-46aa-8263-e0b180f7ad27
Catalogue record
Date deposited: 02 Feb 2018 17:30
Last modified: 16 Mar 2024 02:52
Export record
Altmetrics
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics
