Skip to main content
SpringerLink
Log in

A Bi-directional Attribute Synchronization Mechanism for Access Control in IoT Environments

  • Conference paper
  • First Online:
Mobile Computing, Applications, and Services (MobiCASE 2022)

  • 107 Accesses

Abstract

The Attribute-Based Access Control (ABAC) model is widely used for IoT due to its capacity to express access policies through attributes, making this method granular and flexible. However, if we assume that attributes are essentially mutable, the irreducible network latency and the architectures proposed to acquire a better communication performance of the IoT expose the point where those policies are evaluated as outdated attributes. Therefore, access policies can be wrongly evaluated, resulting in consistency and security problems. In this paper, we propose a method to reduce this exposure through a bi-directional attribute synchronization capable of mapping all attributes and evaluating their current consistency after a change. If the modified attribute does not affect the access, it will remain valid. Otherwise, a revocation occurs, reducing the risks of unintended accesses. Our modeling allows demonstrating the correctness of our method and its capability to revoke every unintended access that may occur after an attribute change.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Adya, A.: Weak consistency: a generalized theory and optimistic implementations for distributed transactions. Ph.D. thesis, Massachusetts Institute of Technology, Department of Electrical Engineering and \(\ldots \) (1999)

    Google Scholar 

  2. Alur, R., Dill, D.L.: A theory of timed automata. Theoret. Comput. Sci. 126(2), 183–235 (1994)

    Article  MathSciNet  MATH  Google Scholar 

  3. Anderson, A., et al.: extensible access control markup language (XACML) version 1.0. OASIS (2003)

    Google Scholar 

  4. Behrmann, G., et al.: UPPAAL 4.0 (2006)

    Google Scholar 

  5. Bernstein, P.A., Goodman, N.: Concurrency control in distributed database systems. ACM Comput. Surv. (CSUR) 13(2), 185–221 (1981)

    Article  MathSciNet  Google Scholar 

  6. Bezawada, B., Haefner, K., Ray, I.: Securing home IoT environments with attribute-based access control. In: Proceedings of the Third ACM Workshop on Attribute-Based Access Control, pp. 43–53 (2018)

    Google Scholar 

  7. Caserio, C., Lonetti, F., Marchetti, E.: A formal validation approach for XACML 3.0 access control policy. Sensors 22(8), 2984 (2022)

    Article  Google Scholar 

  8. Cremonezi, B., Gomes Filho, A.R., Silva, E.F., Nacif, J.A.M., Vieira, A.B., Nogueira, M.: Improving the attribute retrieval on ABAC using opportunistic caches for fog-based IoT networks. Comput. Netw. 213, 109000 (2022)

    Google Scholar 

  9. Dian, F.J., Vahidnia, R., Rahmati, A.: Wearables and the internet of things (IoT), applications, opportunities, and challenges: a survey. IEEE Access 8, 69200–69211 (2020)

    Article  Google Scholar 

  10. Garbis, Jason, Chapman, Jerry W..: Identity and access management. In: Garbis, J., Chapman, J.W. (eds.) Zero Trust Security, pp. 71–91. Springer, Heidelberg (2021). https://doi.org/10.1007/978-1-4842-6702-8_5

    Chapter  Google Scholar 

  11. Harding, R., Van Aken, D., Pavlo, A., Stonebraker, M.: An evaluation of distributed concurrency control. Proc. VLDB Endow. 10(5), 553–564 (2017)

    Article  Google Scholar 

  12. Hu, V.C., et al.: Guide to attribute based access control (ABAC) definition and considerations (draft). NIST Spec. Publ. 800(162), 1–54 (2013)

    Google Scholar 

  13. Lee, A.J., Winslett, M.: Safety and consistency in policy-based authorization systems. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 124–133 (2006)

    Google Scholar 

  14. Lee, A.J., Winslett, M.: Enforcing safety and consistency constraints in policy-based authorization systems. ACM Trans. Inf. Syst. Secur. (TISSEC) 12(2), 1–33 (2008)

    Article  Google Scholar 

  15. Perrin, M.: Distributed Systems: Concurrency and Consistency. Elsevier, Amsterdam (2017)

    Google Scholar 

  16. Ravidas, S., Lekidis, A., Paci, F., Zannone, N.: Access control in internet-of-things: a survey. J. Netw. Comput. Appl. 144, 79–101 (2019)

    Article  Google Scholar 

  17. Shakarami, M.: Operation and administration of access control in IoT environments. Ph.D. thesis, The University of Texas at San Antonio (2022)

    Google Scholar 

  18. Tawalbeh, L., Muheidat, F., Tawalbeh, M., Quwaider, M., et al.: IoT privacy and security: challenges and solutions. Appl. Sci. 10(12), 4102 (2020)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Federal University of Paraná - UFPR, Curitiba, Brazil

    Bruno Cremonezi

  2. Federal University of Juiz de Fora University - UFJF, Juiz de Fora, MG, Brazil

    Luciano F. da Rocha, Alex B. Vieira, André L. de Oliveira & Edelberto Franco Silva

  3. Federal University of Viçosa - UFV, Viçosa, Brazil

    José Nacif

Authors
  1. Bruno Cremonezi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Luciano F. da Rocha
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alex B. Vieira
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. José Nacif
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. André L. de Oliveira
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Edelberto Franco Silva
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Edelberto Franco Silva .

Editor information

Editors and Affiliations

  1. Karlstad University, Karlstad, Sweden

    Javid Taheri

  2. University of Messina, Messina, Italy

    Massimo Villari

  3. University of Messina, Messina, Italy

    Antonino Galletta

Rights and permissions

Reprints and permissions

Copyright information

© 2023 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Cremonezi, B., da Rocha, L.F., Vieira, A.B., Nacif, J., de Oliveira, A.L., Silva, E.F. (2023). A Bi-directional Attribute Synchronization Mechanism for Access Control in IoT Environments. In: Taheri, J., Villari, M., Galletta, A. (eds) Mobile Computing, Applications, and Services. MobiCASE 2022. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 495. Springer, Cham. https://doi.org/10.1007/978-3-031-31891-7_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-31891-7_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-31890-0

  • Online ISBN: 978-3-031-31891-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation