Access Control Policy Maintenance in IoT Based on Machine Learning

Abstract

The rapid growth of communication networking, ubiquitous sensing, and signal processing, has promoted the development of the Internet of Things (IoT). However, the IoT is essentially dynamic and has no clearly defined network boundary, unauthorized access and data leakage may be much easier. Attribute-based access control (ABAC) can solve the problem of fine-grained access control and large-scale user dynamic expansion in complex information systems, and provides an ideal access control solution for an open network environment, which is more suitable for the dynamic access environment of IoT. However, the dynamic nature of IoT brings new challenges to access control. On the one hand, as new devices and services are continuously deployed, administrators need to manually formulate new rules, which is time-consuming and error-prone. On the other hand, as the IoT environment is continuously changing, the access policy easily becomes unsuitable for the current environment. In order to solve the above two problems, we propose a new scheme named Policy Maintenance-based machine learning (PMML), which includes two modules named Policy Generalization (PG) and Policy Evaluation (PE). After the access control model is deployed, automated PG and PE are carried out to maintain the rule set. In the PG module, we define a novel measure, resource similarity, and integrate it into policy mining so that policies could generalize among related resources. In the PE module, we introduce a quantitative method to assess rules and prune rules of low-quality. We conduct our experiments on real-world enterprise access logs from Amazon, and thoroughly analyzed the effects of different hyper-parameters on the experimental results. The experimental results have qualitatively and quantitatively shown the effectiveness of our proposed scheme.