The University of Southampton
University of Southampton Institutional Repository

An efficient security risk estimation technique for risk-based access control model for IoT

An efficient security risk estimation technique for risk-based access control model for IoT
An efficient security risk estimation technique for risk-based access control model for IoT
The need to increase information sharing in the Internet of Things (IoT) applications made the risk-based access control model to be the best candidate for both academic and commercial organizations. Risk-based access control model carries out a security risk analysis on the access request by using IoT contextual information to provide access decisions dynamically. Unlike current static access control approaches that are based on predefined policies and give the same result in different situations, this model provides the required flexibility to access system resources and works well in unexpected conditions and situations of the IoT system. One of the main issues to implement this model is to determine the appropriate risk estimation technique that is able to generate accurate and realistic risk values for each access request to determine the access decision. Therefore, this paper proposes a risk estimation technique which integrates the fuzzy inference system with expert judgment to assess security risks of access control operations in the IoT system. Twenty IoT security experts from inside and outside the UK were interviewed to validate the proposed risk estimation technique and build the fuzzy inference rules accurately. The proposed risk estimation approach was implemented and simulated using access control scenarios of the network router. In comparison with the existing fuzzy techniques, the proposed technique has demonstrated it produces precise and realistic values in evaluating security risks of access control operations in the IoT context.
security risk assessment methods, Risk estimation, Internet of things (IoT), Fuzzy adaptive control
2542-6605
1-20
Atlam, Hany F.
addb33f5-5f65-4523-a6b8-328d9677c5d2
Wills, Gary B.
3a594558-6921-4e82-8098-38cd8d4e8aa0
Atlam, Hany F.
addb33f5-5f65-4523-a6b8-328d9677c5d2
Wills, Gary B.
3a594558-6921-4e82-8098-38cd8d4e8aa0

Atlam, Hany F. and Wills, Gary B. (2019) An efficient security risk estimation technique for risk-based access control model for IoT. Internet of Things, 1-20. (doi:10.1016/j.iot.2019.100052).

Record type: Article

Abstract

The need to increase information sharing in the Internet of Things (IoT) applications made the risk-based access control model to be the best candidate for both academic and commercial organizations. Risk-based access control model carries out a security risk analysis on the access request by using IoT contextual information to provide access decisions dynamically. Unlike current static access control approaches that are based on predefined policies and give the same result in different situations, this model provides the required flexibility to access system resources and works well in unexpected conditions and situations of the IoT system. One of the main issues to implement this model is to determine the appropriate risk estimation technique that is able to generate accurate and realistic risk values for each access request to determine the access decision. Therefore, this paper proposes a risk estimation technique which integrates the fuzzy inference system with expert judgment to assess security risks of access control operations in the IoT system. Twenty IoT security experts from inside and outside the UK were interviewed to validate the proposed risk estimation technique and build the fuzzy inference rules accurately. The proposed risk estimation approach was implemented and simulated using access control scenarios of the network router. In comparison with the existing fuzzy techniques, the proposed technique has demonstrated it produces precise and realistic values in evaluating security risks of access control operations in the IoT context.

Text
Accepted version - Accepted Manuscript
Restricted to Repository staff only until 15 April 2020.
Request a copy

More information

Accepted/In Press date: 9 April 2019
e-pub ahead of print date: 15 April 2019
Published date: June 2019
Keywords: security risk assessment methods, Risk estimation, Internet of things (IoT), Fuzzy adaptive control

Identifiers

Local EPrints ID: 432826
URI: https://eprints.soton.ac.uk/id/eprint/432826
ISSN: 2542-6605
PURE UUID: b463bc2d-742a-4a06-9e15-03ca69dabe59
ORCID for Hany F. Atlam: ORCID iD orcid.org/0000-0003-4142-6377
ORCID for Gary B. Wills: ORCID iD orcid.org/0000-0001-5771-4088

Catalogue record

Date deposited: 26 Jul 2019 16:30
Last modified: 07 Sep 2019 00:38

Export record

Altmetrics

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of https://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×