The University of Southampton
University of Southampton Institutional Repository

Developing dynamic and adaptive risk-based access control model for the internet of things

Developing dynamic and adaptive risk-based access control model for the internet of things
Developing dynamic and adaptive risk-based access control model for the internet of things
The Internet of Things (IoT) is considered as the next stage of the evolution of the Internet. It promotes the concept of anytime, anywhere connectivity for anything. The IoT has the ability to connect billions of devices to share their information and create new services that improve our quality of life. Although the IoT provides countless benefits, it creates several security issues. One of the approaches to resolve these issues is to build an effective access control model.

Due to the dynamic nature of the IoT, static access control approaches cannot provide an appropriate security solution, as they are static and context-insensitive. Therefore, this research proposes a novel adaptive risk-based access control model to determine access permissions dynamically. This model performs a security risk analysis on the access request by using IoT contextual and real-time information to make the access decision. The proposed model has four inputs: user context, resource sensitivity, action severity and risk history. These inputs are used to estimate the risk value associated with each access request to make the access decision. In addition, this research adds abnormality detection capability by using smart contracts to track and monitor user activities during the access session to detect and prevent malicious actions.

One of the main problems to implement the proposed model was to determine the appropriate risk estimation technique that ensures flexibility and scalability of the IoT system. Hence, a review of most common risk estimation techniques was carried out and the fuzzy logic system with expert judgment was selected to implement the risk estimation process. In addition, to overcome scalability and learning issues of the proposed fuzzy risk estimation technique, Adaptive Neuro-Fuzzy Inference System (ANFIS) and Neuro-Fuzzy System (NFS) were utilized to implement the risk estimation technique. The results demonstrated that it outperformed the results produced by the fuzzy logic system, increased the accuracy and can adapt to changes of various IoT applications. In addition, this research presented a solution for the cold start problem associated with risk-based models that use risk history as one of the risk factors. The results demonstrated that the proposed risk-based model can operate immediately when first used or connected without reconfiguration or adjustment. By using MATLAB Simulink, the operation of smart contracts was simulated to track and monitor user activities during the access session. The results demonstrated that it provides an effective way to detect and prevent malicious actions in a timely manner. To validate the applicability of the proposed adaptive risk-based model in real-world IoT scenarios, access control scenarios of three IoT applications including healthcare, smart home and network router were presented. The results demonstrated that the proposed risk-based model adds more advantages over existing access control models and can be applied to various and real-world IoT applications.
University of Southampton
Atlam, Hany Fathy Mousa
addb33f5-5f65-4523-a6b8-328d9677c5d2
Atlam, Hany Fathy Mousa
addb33f5-5f65-4523-a6b8-328d9677c5d2
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0

Atlam, Hany Fathy Mousa (2020) Developing dynamic and adaptive risk-based access control model for the internet of things. University of Southampton, Doctoral Thesis, 274pp.

Record type: Thesis (Doctoral)

Abstract

The Internet of Things (IoT) is considered as the next stage of the evolution of the Internet. It promotes the concept of anytime, anywhere connectivity for anything. The IoT has the ability to connect billions of devices to share their information and create new services that improve our quality of life. Although the IoT provides countless benefits, it creates several security issues. One of the approaches to resolve these issues is to build an effective access control model.

Due to the dynamic nature of the IoT, static access control approaches cannot provide an appropriate security solution, as they are static and context-insensitive. Therefore, this research proposes a novel adaptive risk-based access control model to determine access permissions dynamically. This model performs a security risk analysis on the access request by using IoT contextual and real-time information to make the access decision. The proposed model has four inputs: user context, resource sensitivity, action severity and risk history. These inputs are used to estimate the risk value associated with each access request to make the access decision. In addition, this research adds abnormality detection capability by using smart contracts to track and monitor user activities during the access session to detect and prevent malicious actions.

One of the main problems to implement the proposed model was to determine the appropriate risk estimation technique that ensures flexibility and scalability of the IoT system. Hence, a review of most common risk estimation techniques was carried out and the fuzzy logic system with expert judgment was selected to implement the risk estimation process. In addition, to overcome scalability and learning issues of the proposed fuzzy risk estimation technique, Adaptive Neuro-Fuzzy Inference System (ANFIS) and Neuro-Fuzzy System (NFS) were utilized to implement the risk estimation technique. The results demonstrated that it outperformed the results produced by the fuzzy logic system, increased the accuracy and can adapt to changes of various IoT applications. In addition, this research presented a solution for the cold start problem associated with risk-based models that use risk history as one of the risk factors. The results demonstrated that the proposed risk-based model can operate immediately when first used or connected without reconfiguration or adjustment. By using MATLAB Simulink, the operation of smart contracts was simulated to track and monitor user activities during the access session. The results demonstrated that it provides an effective way to detect and prevent malicious actions in a timely manner. To validate the applicability of the proposed adaptive risk-based model in real-world IoT scenarios, access control scenarios of three IoT applications including healthcare, smart home and network router were presented. The results demonstrated that the proposed risk-based model adds more advantages over existing access control models and can be applied to various and real-world IoT applications.

Text
Final Thesis Hany Atlam
Available under License University of Southampton Thesis Licence.
Download (6MB)
Text
Permission to deposit thesis - Hany Atlam
Restricted to Repository staff only

More information

Published date: January 2020

Identifiers

Local EPrints ID: 447742
URI: http://eprints.soton.ac.uk/id/eprint/447742
PURE UUID: 0bb904b8-f985-48ff-823a-b8df7ae2bdee
ORCID for Hany Fathy Mousa Atlam: ORCID iD orcid.org/0000-0003-4142-6377
ORCID for Gary Wills: ORCID iD orcid.org/0000-0001-5771-4088

Catalogue record

Date deposited: 19 Mar 2021 17:31
Last modified: 13 Dec 2021 02:41

Export record

Contributors

Author: Hany Fathy Mousa Atlam ORCID iD
Thesis advisor: Gary Wills ORCID iD

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×