Abstract

The enforcement of fine-grained access control policies in constrained dynamic networks can become a challenging task. The inherit constraints present in those networks, which result from the limitations of the edge devices in terms of power, computational capacity and storage, require an effective and efficient access control mechanism to be in place to provide suitable monitoring and control of actions and regulate the access over the resources. In this article, we present RESPOnSE, a framework for the specification and enforcement of security policies within such environments, where the computational burden is transferred to high-tier nodes, while low-tier nodes apply risk-aware policy enforcement. RESPOnSE builds on a combination of two widely used access control models, Attribute-Based Access Control and Role-Based Access Control, exploiting the benefits each one provides. Moreover, the proposed mechanism is founded on a compensatory multicriteria decision-making algorithm, based on the calculation of the Euclidean distance between the run-time values of the attributes present in the security policy and their ideal values, as those are specified within the established policy rules.

Highlights

  • Constrained dynamic networks [1] consist of small IT devices, named constrained nodes [2], which have limited resources for memory, computational capability and power

  • In this article we present RESPOnSE: a framework for the specification and enforcement of security policies within constrained dynamic networks based on a combination of both Attribute-Based Access Control (ABAC) and Role-Based Access Control (RBAC), which exploits the benefits offered by both of them, to provide an efficient and at the same time scalable policy enforcement mechanism

  • The proposed solution exploits the advantages of ABAC by considering and evaluating attributes related to the subject and the access context in order to extract a permissible role for the subject

Read more

Summary

Introduction

Constrained dynamic networks [1] consist of small IT devices, named constrained nodes [2], which have limited resources for memory, computational capability and power. Considering the complexity of constrained nodes and dynamic network applications, the chosen access control mechanism should be able to support complex policies which take into account attributes belonging to several domains To this end, Attribute-Based Access Control (ABAC) [9] could be used in order to express security policies in such kinds of environments and regulate the access over a set of assets, by considering and evaluating multiple attributes related to the subject, the resource and the environment. The proposed solution exploits the advantages of ABAC by considering and evaluating attributes related to the subject and the access context in order to extract a permissible role for the subject Having this role, it enforces RBAC policies, respecting the limitations of the constraint dynamic networks.

Related Work
Initialization Phase
Run-Time Phase
An Example Use Case
Findings
Conclusions
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call