Visible to the public Access Control Models for Virtual Object Communication in Cloud-Enabled IoT

TitleAccess Control Models for Virtual Object Communication in Cloud-Enabled IoT
Publication TypeConference Paper
Year of Publication2017
AuthorsAlshehri, A., Sandhu, R.
Conference Name2017 IEEE International Conference on Information Reuse and Integration (IRI)
Date Publishedaug
KeywordsABAC, Access Control, access control lists, access-control, ACL, administrative access control models, authorisation, automobiles, Cameras, cloud computing, cloud services, cloud-enabled IoT, Computer architecture, data privacy, Devices, Information Reuse, Internet, Internet of Things, IoT, operational models, privacy preserving objectives, pubcrawl, radiofrequency identification, RBAC, Resiliency, role-based access control, security, security preserving objectives, virtual object communication, Virtual Objects, VOs
AbstractThe Internet of Things (IoT) is the latest evolution of the Internet, encompassing an enormous number of connected physical "things." The access-control oriented (ACO) architecture was recently proposed for cloud-enabled IoT, with virtual objects (VOs) and cloud services in the middle layers. A central aspect of ACO is to control communication among VOs. This paper develops operational and administrative access control models for this purpose, assuming topic-based publishsubscribe interaction among VOs. Operational models are developed using (i) access control lists for topics and capabilities for virtual objects and (ii) attribute-based access control, and it is argued that role-based access control is not suitable for this purpose. Administrative models for these two operational models are developed using (i) access control lists, (ii) role-based access control, and (iii) attribute-based access control. A use case illustrates the details of these access control models for VO communication, and their differences. An assessment of these models with respect to security and privacy preserving objectives of IoT is also provided.
Citation Keyalshehri_access_2017