Access Controls for IoT Networks

Gabillon, Alban; Gallier, Romane; Bruno, Emmanuel

doi:10.1007/s42979-019-0022-z

Cited by 23 publications

(7 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Berghe et al [25] focused on defining security patterns using a modelling language and proposed four dataspecific building blocks, namely, data types, data flows, data Gadouche et al [28] used Event-B correct-by-construction methodology to specify declarative and behavioural aspects of Role-Based Access Control. Gabillion et al [29] designed a model for representing dynamic and contextual authorisation rules using first-order predicate logic for security administration and policy in the Internet of Things. Gupta et al [30] proposed a formal approach to represent security constraints of a security pattern using first-order predicate logic.…”

Section: Related Workmentioning

confidence: 99%

An Approach for Verification of Secure Access Control Using Security Pattern

Gupta

Singh

Mohapatra

2022

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

According to OWASP-2021, more than 3,00,000 web applications have been detected for unauthenticated and unauthorised access leading to a breach of security trust. Security patterns are commonly used in web applications to address the problem of broken access. Web developers are not experts in implementing security patterns. Therefore, it is necessary to verify that the security pattern has been applied, specifying the original intent of the security pattern. In this paper, an approach has been proposed that analyses the behavioural aspect of security patterns to verify that it meets the security requirement of the web application. The proposed approach extracts the class diagram’s structural properties, relations, associations, and security-related constraints and verifies it using the first-order predicate logic. Experiments have been conducted using class diagrams of security patterns to detect instances of broken access control early in the design phase. The proposed approach will help minimise the risk of unauthenticated and unauthorised access to a web application.

show abstract

Section: Related Workmentioning

confidence: 99%

An Approach for Verification of Secure Access Control Using Security Pattern

Gupta

Singh

Mohapatra

2022

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

show abstract

“…Yuan and Tong 9 adopted ABAC‐based authorization method as an access control policy and authentication based on Elliptic Curve Cryptography (ECC) 10 . Gabillon 11 defined ABAC model authorization for regulating IoT messages in MQTT network. Colombo and Ferrari 12 designed an access control model based on the ABAC model for MQTT‐based IoT ecosystems to regulate messages distribution but they do not mention rights delegation and their use of radios does not allow storing highly expressive contextual policies.…”

Section: Related Workmentioning

confidence: 99%

Enhanced dynamic team access control for collaborative Internet of Things using context

Djilali

Tandjaoui

Khemissa

2020

Trans Emerging Tel Tech

View full text Add to dashboard Cite

Summary The development of the Internet of Things (IoT) aims to overcome security issues especially in critical areas that require integrity, confidentiality and a high level of privacy of the data. Among security challenges, the access control model should be well defined and adapted to the characteristics and security requirements of IoT applications. The work presented here proposes big enforcement of security for dynamic team access control using context information in order to provide granular and secure authorizations with different access control levels related to collaborative IoT. The enhanced dynamic team access control (EDTMAC) model introduces a formal theoretical model which relies on the top of the role‐based access control model. The use of different context information with a global context information security policy and security rules raised the model strength against unauthorized access and avoided security breaches such as the leak of information by providing the least privileges for the users. The result of EDTMAC analysis shows that the model is well adapted to IoT dynamic nature and collaborative IoT activities for teams. Moreover, the model is flexible and scalable, user‐driven, reliable, and secure against unauthorized access requests. The developed model supports the well‐known least‐privilege principle and separation of duties for the team members. In addition, it allows easy management of the teams, provides fine‐grained access control authorizations and supports delegation.

show abstract

“…A comprehensive review of the access control models like RBAC, AABC, UCON, CapBAC, and OrBAC is performed and their suitability in IoT is evaluated through Security and Privacy-Preserving (S&PP) objectives presented in [7]. A survey on access control for specifically IoT networks is presented in [108].…”

Section: Access Control For Iotmentioning

confidence: 99%

From Conventional to State-of-the-Art IoT Access Control Models

et al. 2020

View full text Add to dashboard Cite

The advent in Online Social Networks (OSN) and Internet of Things (IoT) has created a new world of collaboration and communication between people and devices. The domain of internet of things uses billions of devices (ranging from tiny sensors to macro scale devices) that continuously produce and exchange huge amounts of data with people and applications. Similarly, more than a billion people are connected through social networking sites to collaborate and share their knowledge. The applications of IoT such as smart health, smart city, social networking, video surveillance and vehicular communication are quickly evolving people’s daily lives. These applications provide accurate, information-rich and personalized services to the users. However, providing personalized information comes at the cost of accessing private information of users such as their location, social relationship details, health information and daily activities. When the information is accessible online, there is always a chance that it can be used maliciously by unauthorized entities. Therefore, an effective access control mechanism must be employed to ensure the security and privacy of entities using OSN and IoT services. Access control refers to a process which can restrict user’s access to data and resources. It enforces access rules to grant authorized users an access to resources and prevent others. This survey examines the increasing literature on access control for traditional models in general, and for OSN and IoT in specific. Challenges and problems related to access control mechanisms are explored to facilitate the adoption of access control solutions in OSN and IoT scenarios. The survey provides a review of the requirements for access control enforcement, discusses several security issues in access control, and elaborates underlying principles and limitations of famous access control models. We evaluate the feasibility of current access control models for OSN and IoT and provide the future development direction of access control for the same.

show abstract

Access Controls for IoT Networks

Cited by 23 publications

References 30 publications

An Approach for Verification of Secure Access Control Using Security Pattern

An Approach for Verification of Secure Access Control Using Security Pattern

Enhanced dynamic team access control for collaborative Internet of Things using context

From Conventional to State-of-the-Art IoT Access Control Models

Contact Info

Product

Resources

About