Access Control Within MQTT-based IoT environments

IoT applications, which allow devices, companies, and users to join the IoT ecosystems, are growing in popularity since they increase our lifestyle quality day by day. However, due to the personal nature of the managed data, numerous IoT applications represent a potential threat to user privacy and data confidentiality. Insufficient security protection mechanisms in IoT applications can cause unauthorized users to access data. To solve this security issue, the access control systems, which guarantee only authorized entities to access the resources, are proposed in academic and industrial environments. The main purpose of access control systems is to determine who can access specific resources under which circumstances via the access control policies. An access control model encapsulates the defined set of access control policies. Access control models have been proposed also for IoT environments to protect resources from unauthorized users. Among the existing solutions, the proposals which are based on Attribute-Based Access Control (ABAC) model, have been widely adopted in the last years. In the ABAC model, authorizations are determined by evaluating attributes associated with the subject, object, and environmental properties. ABAC model provides outstanding flexibility and supports fine-grained, context-based access control policies. These characteristics perfectly fit the IoT environments. In this thesis, we employ ABAC to regulate the reception and the publishing of messages exchanged within MQTT-based IoT environments. MQTT is a standard application layer protocol that enables the communication of IoT devices. Even though the current access control systems tailored for IoT environments in the literature handle data sharing among the IoT devices by employing various access control models and mechanisms to address the challenges that have been faced in IoT environments, surprisingly two research challenges have still not been sufficiently examined. The first challenge that we want to address in this thesis is to regulate data sharing among interconnected IoT environments. In interconnected IoT environments, data exchange is carried out by devices connected to different environments. The majority of proposed access control frameworks in the literature aimed at regulating the access to data generated and exchanged within a single IoT environment by adopting centralized enforcement mechanisms. However, currently, most of the IoT applications rely on IoT devices and services distributed in multiple IoT environments to satisfy users’ demands and improve their functionalities. The second challenge that we want to address in this thesis is to regulate data sharing within an IoT environment under ordinary and emergency situations. Recent emergencies, such as the COVID-19 pandemic, have shown that proper emergency management should provide data sharing during an emergency situation to monitor and possibly mitigate the effect of the emergency situation. IoT technologies provide valid support to the development of efficient data sharing and analysis services and appear well suited for building emergency management applications. Additionally, IoT has magnified the possibility of acquiring data from different sensors and employing these data to detect and manage emergencies. An emergency management application in an IoT environment should be complemented with a proper access control approach to control data sharing against unauthorized access. In this thesis, we do a step to address two open research challenges related to data protection in IoT environments which are briefly introduced above. To address these challenges, we propose two access control frameworks rely on ABAC model: the first one regulates data sharing among interconnected MQTT-based IoT environments, whereas the second one regulates data sharing within MQTT-based IoT environment during ordinary and emergency situations.IoT applications, which allow devices, companies, and users to join the IoT ecosystems, are growing in popularity since they increase our lifestyle quality day by day. However, due to the personal nature of the managed data, numerous IoT applications represent a potential threat to user privacy and data confidentiality. Insufficient security protection mechanisms in IoT applications can cause unauthorized users to access data. To solve this security issue, the access control systems, which guarantee only authorized entities to access the resources, are proposed in academic and industrial environments. The main purpose of access control systems is to determine who can access specific resources under which circumstances via the access control policies. An access control model encapsulates the defined set of access control policies. Access control models have been proposed also for IoT environments to protect resources from unauthorized users. Among the existing solutions, the proposals which are based on Attribute-Based Access Control (ABAC) model, have been widely adopted in the last years. In the ABAC model, authorizations are determined by evaluating attributes associated with the subject, object, and environmental properties. ABAC model provides outstanding flexibility and supports fine-grained, context-based access control policies. These characteristics perfectly fit the IoT environments. In this thesis, we employ ABAC to regulate the reception and the publishing of messages exchanged within MQTT-based IoT environments. MQTT is a standard application layer protocol that enables the communication of IoT devices. Even though the current access control systems tailored for IoT environments in the literature handle data sharing among the IoT devices by employing various access control models and mechanisms to address the challenges that have been faced in IoT environments, surprisingly two research challenges have still not been sufficiently examined. The first challenge that we want to address in this thesis is to regulate data sharing among interconnected IoT environments. In interconnected IoT environments, data exchange is carried out by devices connected to different environments. The majority of proposed access control frameworks in the literature aimed at regulating the access to data generated and exchanged within a single IoT environment by adopting centralized enforcement mechanisms. However, currently, most of the IoT applications rely on IoT devices and services distributed in multiple IoT environments to satisfy users’ demands and improve their functionalities. The second challenge that we want to address in this thesis is to regulate data sharing within an IoT environment under ordinary and emergency situations. Recent emergencies, such as the COVID-19 pandemic, have shown that proper emergency management should provide data sharing during an emergency situation to monitor and possibly mitigate the effect of the emergency situation. IoT technologies provide valid support to the development of efficient data sharing and analysis services and appear well suited for building emergency management applications. Additionally, IoT has magnified the possibility of acquiring data from different sensors and employing these data to detect and manage emergencies. An emergency management application in an IoT environment should be complemented with a proper access control approach to control data sharing against unauthorized access. In this thesis, we do a step to address two open research challenges related to data protection in IoT environments which are briefly introduced above. To address these challenges, we propose two access control frameworks rely on ABAC model: the first one regulates data sharing among interconnected MQTT-based IoT environments, whereas the second one regulates data sharing within MQTT-based IoT environment during ordinary and emergency situations

Re/constructing Computing Experiences. From "punch girls" in the 1940s to "computer boys" in the 1980s.

Re/constructing computing experiences from “punch girls” to “computer boys” traces the life cycle of five computing devices between the 1940s and the 1980s, each representing a key development in the history of computing. The experimental media archaeology framework of Nutzerperspektiven critically evaluates the type of user sources re/construct. The object’s life cycle traces phases of design, production, sale, installation, application and use, and decommission or re-use. The lens of intersectionality with a focus on gender facilitates (visual) discourse analysis of advertisements to expose stereotypes. User experiences differ because inequalities in computing have at times resulted in occupational segregation, and working conditions varied across case studies. Computing experiences encompass the object, the environment, and application, and a user, serving as a structure for the case studies. The first case study discusses the accounting departments of Helena Rubinstein which used Remington Rand, and later Powers-Samas, punch card machinery since 1940. Miss Summerell led the Powers room in the London branch from 1955 onward. The second case study centers around a workflow Dr. E. Blatt created for the International Business Machines (IBM) System/360 announced in 1964 used in German clinical chemistry laboratories since 1969. The Digital Equipment Company’s client applications slides form the basis of the next case study and showed several uses of the Programmable Data Processor or PDP-11 in aerospace and commercial aircraft between 1970 and 1980. The final chapter compares two educational initiatives from the 1980s. By 1981 the BBC Microcomputer kickstarted the Computer Literacy project in the United Kingdom, first targeting adults but soon entering primary and secondary schools. Apple’s Kids Can’t Wait initiative in the United States equally introduced many children to computing. Methods from user experience (UX) design and experimental media archaeology supported the re/construction or reenactment of past human-computer interaction. As a study of material culture, the historical case studies were informed by museum objects paired with additional archival sources. The research added phases to the life cycle framework and paired a reflection on the provenance of material objects with a focus on human actors. The case studies in turn demonstrated how sources limited the type of user and computing experiences historians can re/construct