Abstract
The Attribute-Based Access Control (ABAC) model is widely used for IoT due to its capacity to express access policies through attributes, making this method granular and flexible. However, if we assume that attributes are essentially mutable, the irreducible network latency and the architectures proposed to acquire a better communication performance of the IoT expose the point where those policies are evaluated as outdated attributes. Therefore, access policies can be wrongly evaluated, resulting in consistency and security problems. In this paper, we propose a method to reduce this exposure through a bi-directional attribute synchronization capable of mapping all attributes and evaluating their current consistency after a change. If the modified attribute does not affect the access, it will remain valid. Otherwise, a revocation occurs, reducing the risks of unintended accesses. Our modeling allows demonstrating the correctness of our method and its capability to revoke every unintended access that may occur after an attribute change.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Adya, A.: Weak consistency: a generalized theory and optimistic implementations for distributed transactions. Ph.D. thesis, Massachusetts Institute of Technology, Department of Electrical Engineering and \(\ldots \) (1999)
Alur, R., Dill, D.L.: A theory of timed automata. Theoret. Comput. Sci. 126(2), 183–235 (1994)
Anderson, A., et al.: extensible access control markup language (XACML) version 1.0. OASIS (2003)
Behrmann, G., et al.: UPPAAL 4.0 (2006)
Bernstein, P.A., Goodman, N.: Concurrency control in distributed database systems. ACM Comput. Surv. (CSUR) 13(2), 185–221 (1981)
Bezawada, B., Haefner, K., Ray, I.: Securing home IoT environments with attribute-based access control. In: Proceedings of the Third ACM Workshop on Attribute-Based Access Control, pp. 43–53 (2018)
Caserio, C., Lonetti, F., Marchetti, E.: A formal validation approach for XACML 3.0 access control policy. Sensors 22(8), 2984 (2022)
Cremonezi, B., Gomes Filho, A.R., Silva, E.F., Nacif, J.A.M., Vieira, A.B., Nogueira, M.: Improving the attribute retrieval on ABAC using opportunistic caches for fog-based IoT networks. Comput. Netw. 213, 109000 (2022)
Dian, F.J., Vahidnia, R., Rahmati, A.: Wearables and the internet of things (IoT), applications, opportunities, and challenges: a survey. IEEE Access 8, 69200–69211 (2020)
Garbis, Jason, Chapman, Jerry W..: Identity and access management. In: Garbis, J., Chapman, J.W. (eds.) Zero Trust Security, pp. 71–91. Springer, Heidelberg (2021). https://doi.org/10.1007/978-1-4842-6702-8_5
Harding, R., Van Aken, D., Pavlo, A., Stonebraker, M.: An evaluation of distributed concurrency control. Proc. VLDB Endow. 10(5), 553–564 (2017)
Hu, V.C., et al.: Guide to attribute based access control (ABAC) definition and considerations (draft). NIST Spec. Publ. 800(162), 1–54 (2013)
Lee, A.J., Winslett, M.: Safety and consistency in policy-based authorization systems. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 124–133 (2006)
Lee, A.J., Winslett, M.: Enforcing safety and consistency constraints in policy-based authorization systems. ACM Trans. Inf. Syst. Secur. (TISSEC) 12(2), 1–33 (2008)
Perrin, M.: Distributed Systems: Concurrency and Consistency. Elsevier, Amsterdam (2017)
Ravidas, S., Lekidis, A., Paci, F., Zannone, N.: Access control in internet-of-things: a survey. J. Netw. Comput. Appl. 144, 79–101 (2019)
Shakarami, M.: Operation and administration of access control in IoT environments. Ph.D. thesis, The University of Texas at San Antonio (2022)
Tawalbeh, L., Muheidat, F., Tawalbeh, M., Quwaider, M., et al.: IoT privacy and security: challenges and solutions. Appl. Sci. 10(12), 4102 (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Cremonezi, B., da Rocha, L.F., Vieira, A.B., Nacif, J., de Oliveira, A.L., Silva, E.F. (2023). A Bi-directional Attribute Synchronization Mechanism for Access Control in IoT Environments. In: Taheri, J., Villari, M., Galletta, A. (eds) Mobile Computing, Applications, and Services. MobiCASE 2022. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 495. Springer, Cham. https://doi.org/10.1007/978-3-031-31891-7_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-31891-7_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-31890-0
Online ISBN: 978-3-031-31891-7
eBook Packages: Computer ScienceComputer Science (R0)