Skip to main content
SpringerLink
Log in

Access Control Model for AWS Internet of Things

  • Conference paper
  • First Online:
Network and System Security (NSS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10394))

Included in the following conference series:

Abstract

Internet of Things (IoT) has received considerable attention in both industry and academia in recent years. There has been significant research on access control models for IoT in academia, while industrial deployment of several cloud-enabled IoT platforms have already been introduced. However, as yet there is no consensus on a formal access control model for cloud-enabled IoT. Currently, most of the cloud-enabled IoT platforms utilize some customized form of Role-Based Access Control (RBAC), but RBAC by itself is insufficient to address the dynamic requirements of IoT. In this paper, we study one of the commercial cloud-IoT platform, AWS IoT, and develop a formal access control model for it, which we call AWS-IoTAC. We do this by extending AWS cloud’s formal access control (AWSAC) model, previously published in the academic literature, to incorporate the IoT specific components. The AWS-IoTAC model is abstracted from AWS IoT documentation and has been formalized based on AWSAC definitions. We show how this model maps to a recently proposed Access Control Oriented (ACO) architecture for cloud-enabled IoT. We demonstrate a smart-home use case in AWS IoT platform, and inspired by this use case, we propose some Attribute-Based Access Control (ABAC) extensions to the AWS-IoTAC model for enhancing the flexibility of access control in IoT.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Amazon Web Services (AWS). https://aws.amazon.com/. Accessed 10 Dec 2016

  2. AWS IoT Platform. http://docs.aws.amazon.com/iot/latest/developerguide/what-is-aws-iot.html. Accessed 8 Jan 2017

  3. AWS SDK for JavaScript in Node.js. https://aws.amazon.com/sdk-for-node-js/. Accessed 10 Aug 2016

  4. Azure IoT. https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-what-is-iot-hub. Accessed 10 Nov 2016

  5. Build your blueprint for the internet of things, based on ve architecture styles. https://www.gartner.com/doc/2854218/build-blueprint-internet-things-based. Accessed 2 Jan 2017

  6. Google Cloud Platform. https://cloud.google.com/. Accessed 10 Dec 2016

  7. Microsoft Azure. https://azure.microsoft.com/en-us/. Accessed 28 Nov 2016

  8. MQTT.fx - A JavaFX based MQTT Client. http://www.mqttfx.org/. Accessed 10 Sep 2016

  9. Overview of Internet of Things. https://cloud.google.com/solutions/iot-overview/. Accessed 10 Dec 2016

  10. X.509 Certificates. http://searchsecurity.techtarget.com/denition/X509-certificate. Accessed 10 Feb 2017

  11. Al-Kahtani, M.A., Sandhu, R.: A model for attribute-based user-role assignment. In: 18th IEEE Annual Computer Security Applications Conference, pp. 353–362. IEEE (2002)

    Google Scholar 

  12. Alshehri, A., Sandhu, R.: Access control models for cloud-enabled internet of things: a proposed architecture and research agenda. In: 2nd IEEE International Conference on Collaboration and Internet Computing (CIC), pp. 530–538. IEEE (2016)

    Google Scholar 

  13. Ferraiolo, D., Atluri, V., Gavrila, S.: The policy machine: a novel architecture and framework for access control policy specification and enforcement. J. Syst. Archit. 57(4), 412–424 (2011)

    Article  Google Scholar 

  14. Ferraiolo, D., Gavrila, S., Jansen, W.: Policy Machine: features, architecture, and specification. NIST Internal Report 7987 (2014)

    Google Scholar 

  15. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. (TISSEC) 4(3), 224–274 (2001)

    Article  Google Scholar 

  16. Gusmeroli, S., Piccione, S., Rotondi, D.: A capability-based security approach to manage access control in the Internet of Things. Math. Comput. Modell. 58(5), 1189–1205 (2013)

    Article  Google Scholar 

  17. Hernández-Ramos, J.L., Jara, A.J., Marin, L., Skarmeta, A.F.: Distributed capability-based access control for the Internet of Things. J. Internet Serv. Inf. Secur. (JISIS) 3(3/4), 1–16 (2013)

    Google Scholar 

  18. Hu, V.C., Ferraiolo, D., Kuhn, R., Schnitzer, A., Sandlin, K., Miller, R., Scarfone, K.: Guide to attribute based access control (ABAC) definition and considerations. NIST Special Publication 800–162 (2014)

    Google Scholar 

  19. Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31540-4_4

    Chapter  Google Scholar 

  20. Kaiwen, S., Lihua, Y.: Attribute-role-based hybrid access control in the Internet of Things. In: Han, W., Huang, Z., Hu, C., Zhang, H., Guo, L. (eds.) APWeb 2014. LNCS, vol. 8710, pp. 333–343. Springer, Cham (2014). doi:10.1007/978-3-319-11119-3_31

    Google Scholar 

  21. Kuhn, D.R., Coyne, E.J., Weil, T.R.: Adding attributes to role-based access control. Computer 43(6), 79–81 (2010)

    Article  Google Scholar 

  22. Liu, J., Xiao, Y., Chen, C.P.: Authentication and access control in the Internet of Things. In: 32nd IEEE International Conference on Distributed Computing Systems Workshops (ICDCSW), pp. 588–592. IEEE (2012)

    Google Scholar 

  23. Mahalle, P.N., Anggorojati, B., Prasad, N.R., Prasad, R.: Identity establishment and capability based access control (IECAC) scheme for Internet of Things. In: 15th IEEE Symposium on Wireless Personal Multimedia Communications (WPMC), pp. 187–191. IEEE (2012)

    Google Scholar 

  24. Nitti, M., Pilloni, V., Colistra, G., Atzori, L.: The virtual object as a major element of the internet of things: a survey. IEEE Commun. Surv. Tutorials 18(2), 1228–1240 (2016)

    Article  Google Scholar 

  25. Ouaddah, A., Mousannif, H., Elkalam, A.A., Ouahman, A.A.: Access control in the Internet of Things: big challenges and new opportunities. Comput. Netw. 112, 237–262 (2017)

    Article  Google Scholar 

  26. Rajpoot, Q.M., Jensen, C.D., Krishnan, R.: Integrating attributes into role-based access control. In: Samarati, P. (ed.) DBSec 2015. LNCS, vol. 9149, pp. 242–249. Springer, Cham (2015). doi:10.1007/978-3-319-20810-7_17

    Chapter  Google Scholar 

  27. Sandhu, R., Coyne, E.J., Feinstein, H., Youman, C.: Role-based access control models. Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  28. Zhang, G., Tian, J.: An extended role based access control model for the Internet of Things. In: IEEE International Conference on Information Networking and Automation (ICINA), vol. 1, pp. V1-319–V1-323. IEEE (2010)

    Google Scholar 

  29. Zhang, Y., Patwa, F., Sandhu, R.: Community-based secure information and resource sharing in AWS public cloud. In: 1st IEEE Conference on Collaboration and Internet Computing (CIC), pp. 46–53. IEEE (2015)

    Google Scholar 

Download references

Acknowledgments

This research is partially supported by NSF Grants CNS- 1111925, CNS-1423481, CNS-1538418, and DoD ARL Grant W911NF-15-1-0518.

Author information

Authors and Affiliations

  1. Department of Computer Science and Institute for Cyber Security, University of Texas at San Antonio, One UTSA Circle, San Antonio, TX, 78249, USA

    Smriti Bhatt, Farhan Patwa & Ravi Sandhu

Authors
  1. Smriti Bhatt
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Farhan Patwa
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ravi Sandhu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Smriti Bhatt .

Editor information

Editors and Affiliations

  1. Xidian University, Xi’an, China

    Zheng Yan

  2. Eurecom, Sophia Antipolos, Valbonne, France

    Refik Molva

  3. Warsaw University of Technology, Warsaw, Poland

    Wojciech Mazurczyk

  4. Aalto University, Espoo, Finland

    Raimo Kantola

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Bhatt, S., Patwa, F., Sandhu, R. (2017). Access Control Model for AWS Internet of Things. In: Yan, Z., Molva, R., Mazurczyk, W., Kantola, R. (eds) Network and System Security. NSS 2017. Lecture Notes in Computer Science(), vol 10394. Springer, Cham. https://doi.org/10.1007/978-3-319-64701-2_57

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-64701-2_57

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-64700-5

  • Online ISBN: 978-3-319-64701-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation