Smart object-oriented access control: Distributed access control for the Internet of Things

Ensuring that data and devices are secure is of critical importance to information technology. While access control has held a key role in traditional computer security, its role in the evolving Internet of Things is less clear. In particular, the access control literature has suggested that new challenges, such as multi-user controls, fine-grained controls, and dynamic controls, prompt a foundational re-thinking of access control. We analyse these challenges, finding instead that the main foundational challenge posed by the Internet of Things involves decentralization: accurately describing access control in Internet of Things environments (e.g., the Smart Home) requires a new model of multiple, independent access control systems. To address this challenge, we propose a meta-model (i.e., a model of models): Smart Object-Oriented Access Control (SOOAC). This model is an extension of the XACML framework, built from principles relating to modularity adapted from object-oriented programming and design. SOOAC draws attention to a new class of problem involving the resolution of policy conflicts that emerge from the interaction of smart devices in the home. Contrary to traditional (local) policy conflicts, these global policy conflicts emerge when contradictory policies exist across multiple access control systems. We give a running example of a global policy conflict involving transitive access. To automatically avoid global policy conflicts before they arise, we extend SOOAC with a recursive algorithm through which devices communicate access requests before allowing or denying access themselves. This algorithm ensures that both individual devices and the collective smart home are secure. We implement SOOAC within a prototype smart home and assess its validity in terms of effectiveness and efficiency. Our analysis shows that SOOAC is successful at avoiding policy conflicts before they emerge, in real time. Finally, we explore improvements that can be made to SOOAC and suggest directions for future work

ACCESS CONTROL FOR THE INTERNET OF THINGS

Access control for the internet of things controlli i qasjes ne koncept është siguria që minimizon rrezikun për biznes apo organizata të ndryshme të qasjes së paautorizuar në sistemet fizike dhe logjike. Ndryshe mundemi të themi se është një teknik që rregullon cilët persona çfarë munden te shikojnë dhe çfarë munden të perdorin në një mjedis informatikë. Interneti i gjerave mundëson shërbime që do ta përmisojnë jetën e përditshme të njerzëve, do të krijojnë biznese të reja dhe do të bëjnë ndërtesa, qytete dhe transportin më te zgjuar. Internet of things ka ardhur për të përshkruar një numer të teknologjive dhe diciplinave kërkimore që mundësojnë internet për të arritu jashtë botës reale të objekteve fizike. “Things” ka identitet që vepron në hapsira të zgjuara duke përdorur ndërfaqe intelegjente për të lidhur dhe komunikuar brenda sociales, mjedisit rrethues dhe kontekstit të përdoruesve. Ndërsa po lëvizim nga Things në rrjet në Internetin e Gjërat (IoT), lindin kërkesa të reja të sigurisë. Kontrolli i qasjes ne kete mjedis është një problem i vështir dhe sfidues, një sistem i kontrollit të qasjes duhet të jete i mjaftueshem për të mbuluar kerkesat e aplikacioneve që perhapen përmes IOT. Nga ana tjetër ky sistem duhet të jetë i lehtë i qas’shëm dhe i zbatueshem. Në këtë dokument do të shpejgohet mënyra e përdorimit të internet of things në access control, mënyra e përdorimit dhe zbatitmi në aplikacionet që neve na nevoitet. Do të spjegojme mënyrën si të punojme pa çelësa publikë dhe të krijojm një çelës simetrik të përbashkët të enkriptimit që mund të përdoret për të siguruar komunikimin midis përdoruesve të autorizuar dhe Things . Kjo formë mundëson privatësine e përdoruesit dhe lehtëson krijimin e aplikacionëve të reja

After the Gold Rush: The Boom of the Internet of Things, and the Busts of Data-Security and Privacy

This Article addresses the impact that the lack of oversight of the Internet of Things has on digital privacy. While the Internet of Things is but one vehicle for technological innovation, it has created a broad glimpse into domestic life, thus triggering several privacy issues that the law is attempting to keep pace with. What the Internet of Things can reveal is beyond the control of the individual, as it collects information about every practical aspect of an individual’s life, and provides essentially unfettered access into the mind of its users. This Article proposes that the federal government and the state governments bend toward consumer protection while creating a cogent and predictable body of law surrounding the Internet of Things. Through privacy-by-design or self-help, it is imperative that the Internet of Things—and any of its unforeseen progeny—develop with an eye toward safeguarding individual privacy while allowing technological development

An access control management protocol for Internet of things devices

Internet enabled computing devices are increasingly at risk of misuse by individuals or malware. Initially such misuse was targeted mainly at computers, however there is increasing targeting of tablet and smartphone devices. In this paper we examine an access control management protocol for Internet of things devices in order to attempt to provide some protection against misuse of such devices. Although anti-malware software is commonly used in computers, and is increasingly being used for tablets and smartphones, this may be a less practicable approach for Internet of things devices. The access control management protocol for Internet of things devices examined in this paper involves the use of physical proximity ‘registration’ for remote control of such devices, encryption of communications, verification of geo-location of the mobile device used to control the IoT device, safe operation controls, and exception reporting as a means of providing a tiered security approach for such devices