Abstract
Accuracy (and hence calibration) is a key requirement of safety-critical IoT (SC-IoT) systems. Calibration workflows involve a number of parties such as device users, manufacturers, calibration facilities and NMIs who must collaborate but may also compete (mutually untrusting). For instance, a surgical robot manufacturer may wish to hide the identities of third-parties from the operator (hospital), in order to maintain confidentiality of business relationships around its robot products. Thus, information flows that reveal who-calibrates-for-whom need to be managed to ensure confidentiality. Similarly, meta-information about what-is-being-calibrated and how-often-it-is-calibrated may compromise operational confidentiality of a deployment. We show that the challenge of managing information flows between the parties involved in calibration cannot be met by any of the classical access control models, as any one of them, or a simple conjunction of a subset such as the lattice model, fails to meet the desired access control requirements. We demonstrate that a new unified access control model that combines BIBA, BLP, and Chinese Walls holds rich promise. We study the case for unification, system properties, and develop an XACML-based authorisation framework which enforces the unified model. We show that upon evaluation against a baseline simple-conjunction of the three models individually, our unified model outperforms with authorisation times at least 10ms lower than the baseline. This demonstrates it is capable of solving the novel access control challenges thrown up by digital-calibration workflows.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abomhara, M., Køien, G.M.: Security and privacy in the internet of things: current status and open issues. In: 2014 International Conference on Privacy and Security in Mobile Systems (PRISMS), pp. 1–8. IEEE (2014)
Alemzadeh, H., Chen, D., Li, X., Kesavadas, T., Kalbarczyk, Z.T., Iyer, R.K.: Targeted attacks on teleoperated surgical robots: dynamic model-based detection and mitigation. In: 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 395–406. IEEE (2016)
Ali, B., Awad, A.I.: Cyber and physical security vulnerability assessment for IoT-based smart homes. Sensors 18(3), 817 (2018)
Anggorojati, B., Mahalle, P.N., Prasad, N.R., Prasad, R.: Capability-based access control delegation model on the federated IoT network. In: 2012 15th International Symposium on Wireless Personal Multimedia Communications (WPMC), pp. 604–608. IEEE (2012)
Bargar, W.L., Bauer, A., Börner, M.: Primary and revision total hip replacement using the ROBODOC (R) system. Clin. Orthop. Relat. Res. 1976–2007(354), 82–91 (1998)
Brewer, D.F., Nash, M.J.: The Chinese wall security policy. In: null, p. 206. IEEE (1989)
de Castro, C.N., Lourenço, M., Sampaio, M.: Calibration of a DSC: its importance for the traceability and uncertainty of thermal measurements. Thermochim. Acta 347(1–2), 85–91 (2000)
Chen, C.Y., Hasan, M., Mohan, S.: Securing real-time internet-of-things. Sensors 18(12), 4356 (2018)
Chowdhary, S., Som, S., Tuli, V., Khatri, S.K.: Security solutions for physical layer of IoT. In: 2017 International Conference on Infocom Technologies and Unmanned Systems (Trends and Future Directions) (ICTUS), pp. 579–583. IEEE (2017)
Chu, M., et al.: Respiration rate and volume measurements using wearable strain sensors. NPJ Digit. Med. 2(1), 1–9 (2019)
Dabbagh, M., Rayes, A.: Internet of things security and privacy. Internet of Things From Hype to Reality, pp. 211–238. Springer, Cham (2019). https://doi.org/10.1007/978-3-319-99516-8_8
Frank, K., Willemoes-Wissing, I.C.: Combining logical and physical access control for smart environments. Master’s thesis, Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark (2004)
Gusmeroli, S., Piccione, S., Rotondi, D.: A capability-based security approach to manage access control in the internet of things. Math. Comput. Modell. 58(5–6), 1189–1205 (2013)
Hasan, M., Mohan, S.: Protecting actuators in safety-critical IoT systems from control spoofing attacks. In: Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-Things, pp. 8–14 (2019)
He, J.B., Qing, S.H., Wang, C.: Analysis of two improved BLP models. Ruan Jian Xue Bao (J. Softw.) 18(6), 1501–1509 (2007)
Hu, V.C., Kuhn, D.R., Ferraiolo, D.F., Voas, J.: Attribute-based access control. Computer 48(2), 85–88 (2015)
Hwang, Y.H.: IoT security & privacy: threats and challenges. In: Proceedings of the 1st ACM Workshop on IoT Privacy, Trust, and Security, p. 1 (2015)
Liebmann, F.: Infrared thermometer calibration. Cal. Lab. Int. J. Metrol. 20–22 (2011)
Liu, G., Wang, C., Zhang, R., Wang, Q., Song, H., Ji, S.: BTG-BIBA: a flexibility-enhanced BIBA model using BTG strategies for operating system. Int. J. Comput. Inf. Eng. 11(6), 765–771 (2017)
Morris, A.S., Langari, R.: Measurement and Instrumentation: Theory and Application. Academic Press, Cambridge (2012)
OASIS: extensible access control markup language (XACML) version 3.0. https://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html
Quarta, D., Pogliani, M., Polino, M., Maggi, F., Zanchettin, A.M., Zanero, S.: An experimental security analysis of an industrial robot controller. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 268–286. IEEE (2017)
Salmi, T., Ahola, J.M., Heikkilä, T., Kilpeläinen, P., Malm, T.: Human-robot collaboration and sensor-based robots in industrial applications and construction. In: Bier, H. (ed.) Robotic Building. SSAE, pp. 25–52. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-70866-9_2
Sandhu, R.S.: Lattice-based access control models. Computer 11, 9–19 (1993)
Shi, W.: Research on and enforcement of methods of methods of secure operating systems development. Ph.D thesis, Institute of Software, The Chinese Academy of Sciences, Beijing (2001)
Vim, I.: International vocabulary of basic and general terms in metrology (VIM). Int. Org. 2004, 09–14 (2004)
Yağdereli, E., Gemci, C., Aktaş, A.Z.: A study on cyber-security of autonomous and unmanned vehicles. J. Defense Model. Simul. 12(4), 369–381 (2015)
Yang, P., Wang, Q., Mi, X., Li, J.: An improved BLP model with more flexibility. In: 2016 13th International Conference on Embedded Software and Systems (ICESS), pp. 192–197. IEEE (2016)
Zhang, J., Yun, L.J., Zhou, Z.: Research of BLP and BIBA dynamic union model based on check domain. In: 2008 International Conference on Machine Learning and Cybernetics, vol. 7, pp. 3679–3683. IEEE (2008)
Zhang, R., Zhang, Y., Ren, K.: Dp\(^2\)ac: Distributed privacy-preserving access control in sensor networks. In: IEEE INFOCOM 2009, pp. 1251–1259. IEEE (2009)
Acknowledgements
The authors are grateful for the support by Engineering and Physical Sciences Research Council (11288S170484-102), UKIERI-2018-19-005, and the support of the National Measurement System of the UK Department of Business, Energy & Industrial Strategy, which funded this work as part of NPL’s Data Science program.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Shah, R., Nagaraja, S. (2020). A Unified Access Control Model for Calibration Traceability in Safety-Critical IoT. In: Kanhere, S., Patil, V.T., Sural, S., Gaur, M.S. (eds) Information Systems Security. ICISS 2020. Lecture Notes in Computer Science(), vol 12553. Springer, Cham. https://doi.org/10.1007/978-3-030-65610-2_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-65610-2_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-65609-6
Online ISBN: 978-3-030-65610-2
eBook Packages: Computer ScienceComputer Science (R0)