The University of Southampton
University of Southampton Institutional Repository

Fuzzy logic with expert judgment to implement an adaptive risk-based access control model for IoT

Fuzzy logic with expert judgment to implement an adaptive risk-based access control model for IoT
Fuzzy logic with expert judgment to implement an adaptive risk-based access control model for IoT
The Internet of Things (IoT) is becoming the future of the Internet with a large number of connected devices that are predicted to reach about 50 billion by 2020. With proliferation of IoT devices and need to increase information sharing in IoT applications, risk-based access control model has become the best candidate for both academic and commercial organizations to address access control issues. This model carries out a security risk analysis on the access request by using IoT contextual information to provide access decisions dynamically. This model solves challenges related to flexibility and scalability of the IoT system. Therefore, we propose an adaptive risk-based access control model for the IoT. This model uses real-time contextual information associated with the requesting user to calculate the security risk regarding each access request. It uses user attributes while making the access request, action severity, resource sensitivity and user risk history as inputs to analyze and calculate the risk value to determine the access decision. To detect abnormal and malicious actions, smart contracts are used to track and monitor user activities during the access session to detect and prevent potential security violations. In addition, as the risk estimation process is the essential stage to build a risk-based model, this paper provides a discussion of common risk estimation methods and then proposes the fuzzy inference system with expert judgment as to be the optimal approach to handle risk estimation process of the proposed risk-based model in the IoT system.
1383-469X
Atlam, Hany, Fathy
addb33f5-5f65-4523-a6b8-328d9677c5d2
Walters, Robert
7b8732fb-3083-4f4d-844e-85a29daaa2c1
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
Daniel, Joshua
241ab636-dd67-410c-ac80-93cb02c04b95
Atlam, Hany, Fathy
addb33f5-5f65-4523-a6b8-328d9677c5d2
Walters, Robert
7b8732fb-3083-4f4d-844e-85a29daaa2c1
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
Daniel, Joshua
241ab636-dd67-410c-ac80-93cb02c04b95

Atlam, Hany, Fathy, Walters, Robert, Wills, Gary and Daniel, Joshua (2019) Fuzzy logic with expert judgment to implement an adaptive risk-based access control model for IoT. Mobile Networks and Applications. (doi:10.1007/s11036-019-01214-w).

Record type: Article

Abstract

The Internet of Things (IoT) is becoming the future of the Internet with a large number of connected devices that are predicted to reach about 50 billion by 2020. With proliferation of IoT devices and need to increase information sharing in IoT applications, risk-based access control model has become the best candidate for both academic and commercial organizations to address access control issues. This model carries out a security risk analysis on the access request by using IoT contextual information to provide access decisions dynamically. This model solves challenges related to flexibility and scalability of the IoT system. Therefore, we propose an adaptive risk-based access control model for the IoT. This model uses real-time contextual information associated with the requesting user to calculate the security risk regarding each access request. It uses user attributes while making the access request, action severity, resource sensitivity and user risk history as inputs to analyze and calculate the risk value to determine the access decision. To detect abnormal and malicious actions, smart contracts are used to track and monitor user activities during the access session to detect and prevent potential security violations. In addition, as the risk estimation process is the essential stage to build a risk-based model, this paper provides a discussion of common risk estimation methods and then proposes the fuzzy inference system with expert judgment as to be the optimal approach to handle risk estimation process of the proposed risk-based model in the IoT system.

Text
Atlam2019 - Version of Record
Available under License Creative Commons Attribution.
Download (1MB)

More information

Accepted/In Press date: 1 January 2019
e-pub ahead of print date: 28 January 2019

Identifiers

Local EPrints ID: 427986
URI: https://eprints.soton.ac.uk/id/eprint/427986
ISSN: 1383-469X
PURE UUID: 13980207-47b6-4439-92e3-8619c4e79843
ORCID for Hany, Fathy Atlam: ORCID iD orcid.org/0000-0003-4142-6377
ORCID for Gary Wills: ORCID iD orcid.org/0000-0001-5771-4088

Catalogue record

Date deposited: 06 Feb 2019 17:30
Last modified: 19 Jul 2019 01:13

Export record

Altmetrics

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of https://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×