SmartABAC: Enabling Constrained IoT Devices to Make Complex Policy-Based Access Control Decisions

Abstract

While Attribute-Based Access Control (ABAC) is a promising technique to govern interactions in the Internet of Things (IoT), most existing ABAC models are designed to run on remote servers or gateway devices. This scenario is misaligned with recent trends towards IoT decentralization, such as the Swarm, which expects devices to autonomously share resources, making their own access decisions for enhanced privacy and reliability. In this paper, we propose SmartABAC: a fast, concise, and expressive ABAC model that can be executed in constrained IoT devices. It combines the performance of policies based on attribute enumeration, with techniques that enhance policy expressiveness, such as typed and hierarchical attributes. We specified SmartABAC using first-order logic, designed a use case, and evaluated it in both constrained and non-constrained IoT environments. Results show that our model can represent a variety of access policies, including nested multi-attribute rules, while using less than 100 bytes per policy, on average, for a smart home use case. Our C-based SmartABAC implementation is at least 255 times faster than existing models and can evaluate 3000 policies under 5 milliseconds on a 32 MHz MCU.