College of Sciences
Permanent URI for this communityhttps://hdl.handle.net/20.500.12588/256
Browse
Browsing College of Sciences by Subject "access control"
Now showing 1 - 2 of 2
- Results Per Page
- Sort Options
Item An Attribute-Based Approach toward a Secured Smart-Home IoT Access Control and a Comparison with a Role-Based Approach(2022-01-25) Ameer, Safwa; Benson, James; Sandhu, RaviThe area of smart homes is one of the most popular for deploying smart connected devices. One of the most vulnerable aspects of smart homes is access control. Recent advances in IoT have led to several access control models being developed or adapted to IoT from other domains, with few specifically designed to meet the challenges of smart homes. Most of these models use role-based access control (RBAC) or attribute-based access control (ABAC) models. As of now, it is not clear what the advantages and disadvantages of ABAC over RBAC are in general, and in the context of smart-home IoT in particular. In this paper, we introduce HABACα, an attribute-based access control model for smart-home IoT. We formally define HABACα and demonstrate its features through two use-case scenarios and a proof-of-concept implementation. Furthermore, we present an analysis of HABACα as compared to the previously published EGRBAC (extended generalized role-based access control) model for smart-home IoT by first describing approaches for constructing HABACα specification from EGRBAC and vice versa in order to compare the theoretical expressiveness power of these models, and second, analyzing HABACα and EGRBAC models against standard criteria for access control models. Our findings suggest that a hybrid model that combines both HABACα and EGRBAC capabilities may be the most suitable for smart-home IoT, and probably more generally.Item Refinement-based Design of a Group-centric Secure Information Sharing Model(UTSA Department of Computer Science, 2011-12) Zhao, Wanying; Niu, Jianwei; Winsborough, William H.This paper presents a formal, state machine-based specification (stateful specification) of a high assurance, secure information-sharing policy. The policy is group-centric; users join and leave groups, objects are added and removed (group operations). Users gain access to objects via membership relationships they have or have had with groups that contain or have contained those objects. The stateful specification given here is a refinement of a prior specification that is given in first-order linear temporal logic (FOTL). The prior FOTL specification defines authorization based solely on event histories, but gives little guidance regarding implementation. The current specification is the result of a second step in a multi-step design process that separates concerns and provides multiple opportunities to detect unintended policy characteristics. We show that our stateful specification is consistent with the prior FOTL specification with respect to the action sequences it permits and the authorization decisions it renders. For verification purposes we use a combination of model-checking and manual techniques.