Abstract
The area of smart homes is one of the most popular for deploying smart connected devices. One of the most vulnerable aspects of smart homes is access control. Recent advances in IoT have led to several access control models being developed or adapted to IoT from other domains, with few specifically designed to meet the challenges of smart homes. Most of these models use role-based access control (RBAC) or attribute-based access control (ABAC) models. As of now, it is not clear what the advantages and disadvantages of ABAC over RBAC are in general, and in the context of smart-home IoT in particular. In this paper, we introduce HABACα, an attribute-based access control model for smart-home IoT. We formally define HABACα and demonstrate its features through two use-case scenarios and a proof-of-concept implementation. Furthermore, we present an analysis of HABACα as compared to the previously published EGRBAC (extended generalized role-based access control) model for smart-home IoT by first describing approaches for constructing HABACα specification from EGRBAC and vice versa in order to compare the theoretical expressiveness power of these models, and second, analyzing HABACα and EGRBAC models against standard criteria for access control models. Our findings suggest that a hybrid model that combines both HABACα and EGRBAC capabilities may be the most suitable for smart-home IoT, and probably more generally.
Highlights
Introduction and MotivationThe Internet of Things (IoT) describes the network of physical objects that are embedded with sensors, software, and other technologies to connect and exchange data with other devices and systems over the Internet [1]
The goals are as follows: (a) Kids should be allowed to use kidfriendly operations on entertainment devices (G and PG contents on TV, A3, and A7 on PlayStation) during a specific time. (b) Teenagers should only be permitted to use dangerous kitchen devices (Oven) if one of their parents is present in the kitchen. (c) Provide teenagers with unconditional permission to use non-dangerous kitchen devices (Fridge). (d) Provide teenagers with unconditional access to entertainment devices. (e) Parents should be permitted to use any operation on any device without restrictions
If a permission p x =, where p x ∈ PEGRBAC is assigned to the device role dry, where dry ∈ device roles (DR) EGRBAC, day (d x ) = True and opay = True, where opay ∈ operation attribute functions set (OPA) H ABACα, day ∈ Device Attributes (DA) H ABACα, and opay and day are the operation and device attributes which were created to be equivalent to the device role dry ∈ DR EGRBAC
Summary
The Internet of Things (IoT) describes the network of physical objects (things) that are embedded with sensors, software, and other technologies to connect and exchange data with other devices and systems over the Internet [1]. EGRBAC is a dynamic contextual-aware RBAC-based access control model designed to meet smart-home challenges. Our primitive insight is that a hybrid approach will better address smart-home IoT access control requirements, as this was the case for some traditional access control domains This insight needs to be further explored by comparing RBAC and ABAC-based models defined to meet smart-home challenges. This comparison will serve as a guide in developing appropriate hybrid models. Toward this goal, in this paper, we provide approaches for constructing H ABACα specification from EGRBAC and vice versa to compare the theoretical expressiveness power of these models.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
