Situational Access Control in the Internet of Things

Abstract

Access control in Internet of Things (IoT) often depends on a situation --- for example, the user is at home'' --- that can only be tracked using multiple devices. In contrast to (well-studied) smartphone frameworks, enforcement of situational constraints in IoT poses new challenges because access control is fundamentally decentralized. It takes place in multiple independent frameworks, subjects are often external to enforcement system, and situation tracking requires cross-framework interaction and permissioning. Existing IoT frameworks entangle access-control enforcement and situation tracking. This results in overprivileged, redundant, inconsistent, and inflexible implementations. We design and implement a new approach to IoT access control. Our key innovation is to introduce environmental situation oracles'' (ESOs) as first-class objects in IoT ecosystem. An ESO encapsulates implementation of how a situation is sensed, inferred, or actuated. IoT access-control frameworks can use ESOs to enforce situational constraints, but ESOs and frameworks remain oblivious to each other's implementation details. A single ESO can be used by multiple access-control frameworks across ecosystem. This reduces inefficiency, supports consistent enforcement of common policies, and --- because ESOs encapsulate sensitive device-access rights --- reduces overprivileging. ESOs can be deployed at any layer of IoT software stack where access control is applied. We implemented prototype ESOs for IoT resource layer, based on IoTivity framework, and for IoT Web services, based on Passport middleware.