Skip to main content
SpringerLink
Log in

Securing the Web of Things with Role-Based Access Control

  • Conference paper
Codes, Cryptology, and Information Security (C2SI 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9084))

Abstract

Real-world things are increasingly becoming fully qualified members of the Web. From, pacemakers and medical records to children’s toys and sneakers, things are connected over the Web and publish information that is available for the whole world to see. It is crucial that there is secure access to this Web of Things (WoT) and to the related information published by things on the Web. In this paper, we introduce an architecture that encompasses Web-enabled things in a secure and scalable manner. Our architecture utilizes the features of the well-known role-based access control (RBAC) to specify the access control policies to the WoT, and we use cryptographic keys to enforce such policies. This approach enables prescribers to WoT services to control who can access what things and how access can continue or should terminate, thereby enabling privacy and security of large amount of data that these things are poised to flood the future Web with.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ferraiolo, D., Cugini, J., Kuhn, D.R.: Role-based access control (RBAC): Features and motivations. In: Proceedings of 11th Annual Computer Security Application Conference, pp. 241–248 (1995)

    Google Scholar 

  2. Ferraiolo, D., Kuhn, D.R., Chandramouli, R.: Role-based access control. Artech House (2003)

    Google Scholar 

  3. Ferraiolo, D., Kuhn, D.R.: Role-based access controls, arXiv preprint arXiv:0903.2171 (2009)

    Google Scholar 

  4. Guinard, D., Trifa, V.: Towards the web of things: Web mashups for embedded devices, Workshop on Mashups, Enterprise Mashups and Lightweight Composition on the Web (MEM 2009). In: Proceedings of WWW (International World Wide Web Conferences), Madrid, Spain (2009)

    Google Scholar 

  5. Mathew, S.S., Atif, Y., Sheng, Q.Z., Maamar, Z.: Towards an Efficient Sales Pitch with the Web of Things. In: ICEBE, 2013, pp. 377–384 (2013)

    Google Scholar 

  6. Mathew, S.S., Atif, Y., Sheng, Q.Z., Maamar, Z.: Building sustainable parking lots with the Web of Things. In: Personal and Ubiquitous Computing, 2013, pp. 1–13. Springer, Heidelberg (2013)

    Google Scholar 

  7. Mathew, S.S., Atif, Y., Sheng, Q.Z., Maamar, Z.: Ambient things on the Web. Journal of Ubiquitous Systems and Pervasive Networks (JUSPN) 1(1), 1–8 (2010, 2013)

    Google Scholar 

  8. Mathew, S.S.: Classifying and Clustering the Web of Things, University of Adelaide, School of Computer Science (2013), http://hdl.handle.net/2440/83366

  9. Mathew, S.S., Atif, Y., Sheng, Q.Z., Maamar, Z.: The Web of Things - Challenges and Enabling Technologies. In: Bessis, N., Xhafa, F., Varvarigou, D., Hill, R., Li, M. (eds.) Internet of Things & Inter-cooperative Comput. Technol. SCI, vol. 460, pp. 1–24. Springer, Heidelberg (2013)

    Google Scholar 

  10. Mathew, S.S., Atif, Y., Sheng, Q.Z., Maamar, Z.: Web of Things: Description, Discovery and Integration. In: International Conference on Internet of Things and Cyber, Physical and Social Computing (iThings/CPSCom), pp. 9–15. IEEE (2013)

    Google Scholar 

  11. Müldner, T., Miziolek, J.K., Leighton, G.: Succinct Access Control Policies for Published XML Datasets. In: ICEIS, vol. (1), pp. 380–385 (2008)

    Google Scholar 

  12. Osborn, S., Sandhu, R., Munawer, Q.: Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Transactions on Information and System Security (TISSEC) 3, 85–106 (2000)

    Article  Google Scholar 

  13. Oh, S., Park, S.: Task–role-based access control model, Information Systems, vol. 28, pp. 533–562. Elsevier (2003)

    Google Scholar 

  14. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer Society 29(2), 38–47 (1996)

    Article  Google Scholar 

  15. Security frameworks for open systems: Access control framework, Technical Report ISO/IEC 10181-3, ISO (1996), http://www.iso.org/iso/catalogue_detail.htm?csnumber=18199

  16. Thomas, R.K., Sandhu, R.S.: Task-based authorization controls (TBAC): A family of models for active and enterprise-oriented authorization management. In: DBSec, 1997, vol. 113, pp. 166–181 (1997)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. College of IT, UAE University, Al Ain, UAE

    Ezedine Barka, Sujith Samuel Mathew & Yacine Atif

Authors
  1. Ezedine Barka
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sujith Samuel Mathew
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yacine Atif
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ezedine Barka .

Editor information

Editors and Affiliations

  1. University of Mohammed V, Rabat, Morocco

    Said El Hajji

  2. University of Caen, Caen, France

    Abderrahmane Nitaj

  3. LAGA,Universities of Paris 8 and Paris 13, Saint-Denis Cedex 02, France

    Claude Carlet

  4. University of Mohammed V, Rabat, Morocco

    El Mamoun Souidi

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Barka, E., Mathew, S.S., Atif, Y. (2015). Securing the Web of Things with Role-Based Access Control. In: El Hajji, S., Nitaj, A., Carlet, C., Souidi, E. (eds) Codes, Cryptology, and Information Security. C2SI 2015. Lecture Notes in Computer Science(), vol 9084. Springer, Cham. https://doi.org/10.1007/978-3-319-18681-8_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-18681-8_2

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-18680-1

  • Online ISBN: 978-3-319-18681-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation