Repository logo
 

Access control for IoT environments: specification and analysis

Date

2021

Authors

Peterson, Jordan T., author
Ray, Indrakshi, advisor
Prabhu, Vinayak, advisor
Gersch, Joseph, committee member
Hayne, Stephen, committee member

Journal Title

Journal ISSN

Volume Title

Abstract

Smart homes have devices which are prone to attacks as seen in the 2016 Mirai botnet attacks. Authentication and access control form the first line of defense. Towards this end, we propose an attribute-based access control framework for smart homes that is inspired by the Next Generation Access Control (NGAC) model. Policies in a smart home can be complex. Towards this end, we demonstrate how the formal modeling language Alloy can be used for policy analysis. In this work we formally define an IoT environment, express an example security policy in the context of a smart home, and show the policy analysis using Alloy. This work introduces processes for identifying conflicting and redundant rules with respect to a given policy. This work also demonstrates a practical use case for the processes described. In other words, this work formalizes policy rule definition, home IoT environment definition, and rule analysis all in the context of NGAC and Alloy.

Description

Rights Access

Subject

attribute-based access control
formal modeling
redundancy identification
conflict identification
Alloy
Next Generation Access Control

Citation

Associated Publications