Fuzzy logic with expert judgment to implement an adaptive risk-based access control model for IoT
Fuzzy logic with expert judgment to implement an adaptive risk-based access control model for IoT
The Internet of Things (IoT) is becoming the future of the Internet with a large number of connected devices that are predicted to reach about 50 billion by 2020. With proliferation of IoT devices and need to increase information sharing in IoT applications, risk-based access control model has become the best candidate for both academic and commercial organizations to address access control issues. This model carries out a security risk analysis on the access request by using IoT contextual information to provide access decisions dynamically. This model solves challenges related to flexibility and scalability of the IoT system. Therefore, we propose an adaptive risk-based access control model for the IoT. This model uses real-time contextual information associated with the requesting user to calculate the security risk regarding each access request. It uses user attributes while making the access request, action severity, resource sensitivity and user risk history as inputs to analyze and calculate the risk value to determine the access decision. To detect abnormal and malicious actions, smart contracts are used to track and monitor user activities during the access session to detect and prevent potential security violations. In addition, as the risk estimation process is the essential stage to build a risk-based model, this paper provides a discussion of common risk estimation methods and then proposes the fuzzy inference system with expert judgment as to be the optimal approach to handle risk estimation process of the proposed risk-based model in the IoT system.
1-13
Atlam, Hany Fathy
addb33f5-5f65-4523-a6b8-328d9677c5d2
Walters, Robert
7b8732fb-3083-4f4d-844e-85a29daaa2c1
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
Daniel, Joshua
241ab636-dd67-410c-ac80-93cb02c04b95
Atlam, Hany Fathy
addb33f5-5f65-4523-a6b8-328d9677c5d2
Walters, Robert
7b8732fb-3083-4f4d-844e-85a29daaa2c1
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
Daniel, Joshua
241ab636-dd67-410c-ac80-93cb02c04b95
Atlam, Hany Fathy, Walters, Robert, Wills, Gary and Daniel, Joshua
(2019)
Fuzzy logic with expert judgment to implement an adaptive risk-based access control model for IoT.
Mobile Networks and Applications, .
(doi:10.1007/s11036-019-01214-w).
Abstract
The Internet of Things (IoT) is becoming the future of the Internet with a large number of connected devices that are predicted to reach about 50 billion by 2020. With proliferation of IoT devices and need to increase information sharing in IoT applications, risk-based access control model has become the best candidate for both academic and commercial organizations to address access control issues. This model carries out a security risk analysis on the access request by using IoT contextual information to provide access decisions dynamically. This model solves challenges related to flexibility and scalability of the IoT system. Therefore, we propose an adaptive risk-based access control model for the IoT. This model uses real-time contextual information associated with the requesting user to calculate the security risk regarding each access request. It uses user attributes while making the access request, action severity, resource sensitivity and user risk history as inputs to analyze and calculate the risk value to determine the access decision. To detect abnormal and malicious actions, smart contracts are used to track and monitor user activities during the access session to detect and prevent potential security violations. In addition, as the risk estimation process is the essential stage to build a risk-based model, this paper provides a discussion of common risk estimation methods and then proposes the fuzzy inference system with expert judgment as to be the optimal approach to handle risk estimation process of the proposed risk-based model in the IoT system.
Text
Atlam2019
- Version of Record
More information
Accepted/In Press date: 1 January 2019
e-pub ahead of print date: 28 January 2019
Identifiers
Local EPrints ID: 427986
URI: http://eprints.soton.ac.uk/id/eprint/427986
ISSN: 1383-469X
PURE UUID: 13980207-47b6-4439-92e3-8619c4e79843
Catalogue record
Date deposited: 06 Feb 2019 17:30
Last modified: 16 Mar 2024 02:52
Export record
Altmetrics
Contributors
Author:
Hany Fathy Atlam
Author:
Robert Walters
Author:
Gary Wills
Author:
Joshua Daniel
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics