ABAC-CC

Abstract

Internet of Things (IoT) is revolutionizing the capabilities of the Internet with billions of connected devices in the cyberspace. These devices are commonly referred to as smart things enabling smart environments, such as Smart Home, Smart Health, Smart Transportation, and overall Smart Communities, together with key enabling technologies like Cloud Computing, Artificial Intelligence (AI) and Machine Learning (ML). Security and privacy are major concerns for today's diverse autonomous IoT ecosystem. Autonomous things and a large amount of data associated with things have fueled significant research in IoT access control and privacy in both academia and industry. To enable futuristic IoT with sustainable growth, dynamic access and communication control framework that adequately addresses security and privacy issues in IoT is inevitable. In this paper, we analyze the access and communication control requirements in Cloud-Enabled IoT (CE-IoT) and propose an attribute-based framework for access control and communication control, known as ABAC-CC, to secure accesses and communications (data flow) between various entities in the IoT architecture. We also introduce a novel Attribute-Based Communication Control (ABCC) model, which focuses on securing communications and data flow in IoT and enables users to define privacy policies using attributes of various entities. Furthermore, we analyze the applicability of ABAC-CC in specific IoT application domains, and finally, we present future research directions in the context of Cloud and Edge computing enabled IoT platforms.