Loading [MathJax]/extensions/MathMenu.js
Developing an Adaptive Risk-Based Access Control Model for the Internet of Things | IEEE Conference Publication | IEEE Xplore
Subscribe
ADVANCED SEARCH
Conferences >2017 IEEE International Confe...

Developing an Adaptive Risk-Based Access Control Model for the Internet of Things

PDF
Hany F. Atlam; Ahmed Alenezi; Robert J. Walters; Gary B. Wills; Joshua Daniel
All Authors

Abstract:

The Internet of Things (IoT) is creating a revolution in the number of connected devices. Cisco reported that there were 25 billion IoT devices in 2015 and modest estimat...Show More

Metadata

Abstract:

The Internet of Things (IoT) is creating a revolution in the number of connected devices. Cisco reported that there were 25 billion IoT devices in 2015 and modest estimation that this number will almost double by 2020. Society has become dependent on these billions of devices, devices that are connected and communicating with each other all the time with information constantly share between users, services, and internet providers. The emergent IoT devices as a technology are creating a huge security rift between users and usability, sacrificing usability for security created a number of major issues. First, IoT devices are classified under Bring Your Own Device (BYOD) that blows any organization security boundary and make them a target for espionage or tracking. Second, the size of the data generated from IoT makes big data problems pale in comparison not to mention IoT devices need a real-time response. Third, is incorporating secure access and control for IoT devices ranging from edge nodes devices to application level (business intelligence reporting tools) is a challenge because it has to account for several hardware and application levels. Establishing a secure access control model between different IoT devices and services is a major milestone for the IoT. This is important because data leakage and unauthorized access to data have a high impact on our IoT devices. However, traditional access control models with the static and rigid infrastructure cannot provide the required security for the IoT infrastructure. Therefore, this paper proposes a risk-based access control model for IoT technology that takes into account real-time data information request for IoT devices and gives dynamic feedback. The proposed model uses IoT environment features to estimate the security risk associated with each access request using user context, resource sensitivity, action severity and risk history as inputs for security risk estimation algorithm that is responsible for access d...
Published in: 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData)
Date of Conference: 21-23 June 2017
Date Added to IEEE Xplore: 01 February 2018
ISBN Information:
DOI: 10.1109/iThings-GreenCom-CPSCom-SmartData.2017.103
Conference Location: Exeter, UK
References is not available for this document.
Contents

I. Introduction

The Internet of Things (IoT) is growing in different ways. The adoption rate of the IoT is at least five times faster than the adoption of electricity and telephony [1]. Moreover, it is becoming the backbone of the future of the Internet that encompasses various applications and services. The IoT devices are interconnected using a variety of communication technologies such as wireless, wired and mobile networks [2].

Select All
1.
S. Li, L. Da Xu and S. Zhao, "The internet of things: a survey", Inf. Syst. Front., vol. 17, no. 2, pp. 243-259, 2015.
CrossRef Google Scholar
2.
M. Elkhodr, S. Shahrestani and H. Cheung, "The Internet of Things: Vision & challenges", IEEE 2013 Tencon — Spring TENCONSpring 2013 — Conf. Proc., pp. 218-222, 2013.
CrossRef Google Scholar
3.
K. Ashton, "That ‘Internet of Things’ Thing", RFiD J., pp. 49-86, 2009.
Google Scholar
4.
"The Internet of Things", Itu Internet Rep., pp. 114-137, 2005.
Google Scholar
5.
"Overview of the Internet of things", Ser. Y Glob. Inf infrastructure internet Protoc. Asp. next-generation networks — Fram. Funct. Archit. Model., pp. 22-40, 2012.
Google Scholar
6.
K. Habib and W. Leister, "Context-Aware Authentication for the Internet of Things", Elev. Int. Conf. Auton. Auton. Syst. fined, pp. 134-139, 2015.
Google Scholar
7.
D.R. Dos Santos, C.M. Westphall and C.B. Westphall, "A dynamic risk-based access control architecture for cloud computing", IEEE/IFIP NOMS 2014 — IEEE/IFIP Netw. Oper. Manag. Symp. Manag. a Softw. Defin. World, pp. 1-9, 2014.
CrossRef Google Scholar
8.
J. Liu, Y. Xiao and C.L.P. Chen, "Authentication and access control in the Internet of things", 32nd IEEE International Conference on Distributed Computing Systems Workshops ICDCSW, pp. 588-592, 2012.
CrossRef Google Scholar
9.
N. Ye, Y. Zhu, R.C. Wang, R. Malekian and Q.M. Lin, "An efficient authentication and access control scheme for perception layer of internet of things", Appl. Math. Inf. Sci., vol. 8, no. 4, pp. 1617-1624, 2014.
CrossRef Google Scholar
10.
V. Suhendra, "A Survey on Access Control Deployment", Commun. Comput. Inf Sci., pp. 11-20, 2011.
CrossRef Google Scholar
11.
K.Z. Bijon, R. Krishnan and R. Sandhu, "A framework for risk-aware role based access control", 2013 IEEE Conf Commun. Netw. Secur., pp. 462-469, 2013.
View Article
Google Scholar
12.
N.N. Diep, L.X. Hung, Y. Zhung, S. Lee, Y. Lee and H. Lee, "Enforcing Access Control Using Risk Assessment", Fourth Eur. Conf. Univers. Multiservice Networks, pp. 419-424, 2007.
View Article
Google Scholar
13.
S. Lee, Y.W. Lee, N.N. Diep, S. Lee, Y. Lee and H. Lee, "Contextual Risk-based access control", Proc. 2007 Int. Conf. Secur. Manag., pp. 406-412.
Google Scholar
14.
A. Alenezi, N.H.N. Zulkipli, H.F. Atlam, R.J. Walters and G.B. Wills, "The Impact of Cloud Forensic Readiness on Security", 7st International Conference on Cloud Computing and Services Science, pp. 1-7, 2017.
CrossRef Google Scholar
15.
D. Ricardo dos Santos, C.M. Westphall and C.B. Westphall, "Risk-based Dynamic Access Control for a Highly Scalable Cloud Federation", Secur. 2013 Proc. Seventh Int. Conf. Emerg. Secur. Information Syst. Technol., pp. 8-13, 2013.
Google Scholar
16.
Y. Lee, "Technology Trends of Access Control in IoT and Requirements Analysis", IEEE Inf. Commun. Technol. Converg. (ICTC) 2015 Int. Conf., pp. 1031-1033, 2015.
CrossRef Google Scholar
17.
M. Adda, J. Abdelaziz, H. Mcheick and R. Saad, "Toward an Access Control Model for IOTCollab", 6th Int. Conf. Ambient Syst. Networks Technol., vol. 52, pp. 428-435, 2015.
CrossRef Google Scholar
18.
J. Hernández-Ramos and A. Jara, "Distributed Capability-based Access Control for the Internet of Things", J. Internet Serv. Inf. Secur., vol. 3, pp. 1-16, 2013.
Google Scholar
19.
A. Ouaddah, I. Bouij-Pasquier, A. Abou Elkalam and A. Ait Ouahman, "Security analysis and proposal of new access control model in the Internet of Thing", 2015 Int. Conf. Electr. Inf. Technol., pp. 30-35, 2015.
View Article
Google Scholar
20.
P. Fremantle, B. Aziz, J. Kopecky and P. Scott, "Federated Identity and Access Management for the Internet of Things", 2014 Int. Work. Secur. Internet Things, pp. 10-17, 2014.
View Article
Google Scholar
21.
B. Farroha and D. Farroha, "Challenges of ‘operationalizing’ dynamic system access control: Transitioning from ABAC to RAdAC", Syst. Conf. (SysCon) 2012 IEEE Int., pp. 1-7, 2012.
View Article
Google Scholar
22.
C. Langaliya and R. Aluvalu, "Enhancing Cloud Security through Access Control Models: A Survey", Int. J. Comput. Appl., pp. 8-12, 2015.
Google Scholar
23.
P. Chen, C. Pankaj, P.A. Karger, G.M. Wagner and A. Schuett, "Fuzzy Multi - Level Security: An Experiment on Quantified Risk — Adaptive Access Control", 2007 IEEE Symp. Secur. Privacy(SP'07), pp. 222-227, 2007.
CrossRef Google Scholar
24.
D.F. Ferraiolo, J.A Cugini and D.R. Kuhn, "Role-Based Access Control: Features and Motivations", Proc. 11th Annu. Comput. Secur. Appl. Conf., pp. 241-248, 1995.
Google Scholar
25.
Q. Wang and H. Jin, "Quantified risk-adaptive access control for patient privacy protection in health information systems", Proc. 6th ACM Symp. Information Comput. Commun. Secur. — ASIACCS '11, pp. 406-410, 2011.
Google Scholar
26.
H.F. Atlam, A. Alenezi, R.J. Walters and G.B. Wills, "An Overview of Risk Estimation Techniques in Risk-based Access Control for the Internet of Things", 2nd International Conference on Internet of Things Big Data and Security, pp. 1-7, 2017.
CrossRef Google Scholar
27.
Y. Li, H. Sun, Z. Chen, J. Ren and H. Luo, "Using Trust and Risk in Access Control for Grid Environment", Secur. Technol. 2008. Sectech '08. Int. Conf., pp. 13-16, 2008.
CrossRef Google Scholar
28.
R.A. Shaikh, K. Adi and L. Logrippo, "Dynamic risk-based decision methods for access control systems", Comput. Secur., vol. 31, no. 4, pp. 447-464, 2012.
CrossRef Google Scholar
29.
J. Li, Y. Bai and N. Zaman, "A fuzzy modeling approach for risk-based access control in eHealth cloud", 2th IEEE International Conference on Trust Security and Privacy in Computing and Communications TrustCom, pp. 17-23, 2013.
CrossRef Google Scholar
30.
C. Perera, A. Zaslavsky, P. Christen and D. Georgakopoulos, "Context aware computing for the internet of things: A survey", IEEE Commun. Surv. Tutorials, pp. 414-454, 2014.
CrossRef Google Scholar

Contact IEEE to Subscribe
More Like This
Hybrid Medium Access Control Strategy for Internet-of-Things-Enabled Intravehicular Health Monitoring System

IEEE Internet of Things Journal

Published: 2025

A Universal Complex Event Processing Mechanism Based on Edge Computing for Internet of Things Real-Time Monitoring

IEEE Access

Published: 2019

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.