Abstract
Internet of Things (IoT) is revolutionizing and enhancing the quality of human lives in every aspect. With a disruption of IoT devices and applications, attackers are leveraging weak authentication and access control mechanisms on these IoT devices and applications to gain unauthorized access on user devices and data and cause them harm. Access control is a critical security mechanism to secure the IoT ecosystem which comprises cloud computing and edge computing services along with smart devices. Today major cloud and IoT service providers including Amazon Web Services (AWS), Google Cloud Platform (GCP), and Azure utilize some customized forms of Role-Based Access Control (RBAC) model along with specific authorization policies enabled by policy-based access control models. To enable fine-grained access control and overcome limitations of existing access control models, there is an imminent need to develop a flexible and dynamic access control model for securing smart devices, data and resources in the cloud-enabled IoT architecture. In this paper, we develop a formal attribute-based access control (ABAC) model for AWS IoT by building upon and extending previously developed access control model for AWS IoT, known as AWS-IoTAC model. We demonstrate the applicability of our proposed model through an industrial IoT use case and its implementation in the AWS IoT platform. Our proposed fine grained model for AWS IoT incorporates its existing capabilities and introduces new attributes for IoT entities and attribute-based policies for enabling expressive access control in AWS IoT. We also evaluate the performance of our model on the AWS cloud and IoT platform with the future smart industries use-case to depict the feasibility of our model in a real-world platform.
Highlights
Internet of Things (IoT) is a rapidly emerging domain with billions of connected devices and data-driven applications that are enabling various smart infrastructures, such as smart homes, E-Health, smart transportation, smart farming [1], [2], and smart manufacturing
Lessons learned from developing an attribute-based access control (ABAC) model based on Amazon Web Services (AWS) IoT will be valuable for similar development in other platforms and further benefit studies on a platform-independent model
In this paper, we developed an ABAC model for a real-world cloud-enabled AWS IoT platform
Summary
Internet of Things (IoT) is a rapidly emerging domain with billions of connected devices and data-driven applications that are enabling various smart infrastructures, such as smart homes, E-Health, smart transportation, smart farming [1], [2], and smart manufacturing. A real-world industry realization of CE-IoT is evident with major cloud services providers, such as Amazon Web Services (AWS) [4], Google Cloud Platform (GCP) [5], and Microsoft Azure [6], and their IoT platforms In such largely interconnected and diverse cyberspace, new security and privacy risks associated with cloud and IoT users, devices, data, and applications are surfacing every day. A collection of technological domains including artificial intelligence (AI), advanced manufacturing, quantum information science, 5G/advanced wireless technology, and biotechnology together form the industries of the future (IotF) It is referred as Industry 4.0 (more recently as Industry 5.0) which is enabled by the convergence of various technology domains including IoT, CPS, Cloud and edge computing and intelligent systems utilizing AI. IotF will play a major role in strengthening national infrastructure and driving national economy in coming years
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.