Access Control Model for AWS Internet of Things

Abstract

Internet of Things (IoT) has received considerable attention in both industry and academia in recent years. There has been significant research on access control models for IoT in academia, while industrial deployment of several cloud-enabled IoT platforms have already been introduced. However, as yet there is no consensus on a formal access control model for cloud-enabled IoT. Currently, most of the cloud-enabled IoT platforms utilize some customized form of Role-Based Access Control (RBAC), but RBAC by itself is insufficient to address the dynamic requirements of IoT. In this paper, we study one of the commercial cloud-IoT platform, AWS IoT, and develop a formal access control model for it, which we call AWS-IoTAC. We do this by extending AWS cloud’s formal access control (AWSAC) model, previously published in the academic literature, to incorporate the IoT specific components. The AWS-IoTAC model is abstracted from AWS IoT documentation and has been formalized based on AWSAC definitions. We show how this model maps to a recently proposed Access Control Oriented (ACO) architecture for cloud-enabled IoT. We demonstrate a smart-home use case in AWS IoT platform, and inspired by this use case, we propose some Attribute-Based Access Control (ABAC) extensions to the AWS-IoTAC model for enhancing the flexibility of access control in IoT.