Secure Cloud Assisted Smart Cars and Big Data: Access Control Models and Implementation
Date
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Access control security mechanisms, including discretionary-DAC, mandatory-MAC and role based-RBAC, help to restrict unauthorized access and operations on data and other resources in computer systems. More recently, attribute based access control (ABAC) has been proposed to provide flexibility and fine grained authorization based on the attributes of users, resources, and other relevant entities. Hierarchical group and attribute based access control (HGABAC) model has been proposed to offer administrative benefits in ABAC system by introducing groups, which enable multiple attributes assignment and removal from its member users or objects with single administrative action. However, the administration of HGABAC, including who will assign users to groups, or what attributes are inherited or directly assigned, and what attributes an entity will get based on set of administrative rules, are not addressed so far.
Besides developing the foundational aspects of ABAC, it is also important to understand its applicability in real problems which can impact our society. Smart cars are among the essential components and major drivers of future cities and connected world. The interaction among connected entities in this vehicular internet of things (IoT) domain, which also involves smart traffic infrastructure, restaurant beacons, emergency vehicles, etc., will offer many real-time service applications and provide safer and more pleasant driving experience to consumers. With more than 100 million lines of code and hundreds of sensors on board generating huge amounts of data, these vehicles are often termed as `datacenter on wheels'. These connected vehicles (CVs) expose a large attack surface, which can be remotely compromised and exploited by malicious attackers. Security and privacy are big concerns that deter the adoption of smart cars, which if not properly addressed will have grave implications with risk to human life and limb. Also, the recent data breaches and growing privacy concerns of consumer data further pushes the need for stronger security mechanisms for Big Data.
In this dissertation, we investigate and develop both the foundational and application aspects of ABAC models. First, we present an administrative model for HGABAC, referred as GURAtextsubscript{lcub}G{rcub}, which defines three sub models user attribute assignment (UAA), user group attribute assignment (UGAA) and user to group assignment (UGA), for adding and removing attributes from users and groups along with user groups membership. As it is important to understand what attributes a user will get based on a set of administrative rules, we present reachability analysis for restricted form of GURAtextsubscript{lcub}G{rcub} model, called rGURAtextsubscript{lcub}G{rcub}. In general the problem is PSPACE-complete, however for certain cases polynomial time algorithms have been devised.
Second, we investigate the smart cars ecosystem and propose an authorization framework to secure this dynamic and distributed system where interaction among vehicle and infrastructures is not pre-defined. We provide an extended access control oriented (E-ACO) architecture relevant to connected vehicles and discuss the need of vehicular clouds in this time and location sensitive environment. We also develop dynamic groups and attribute-based access control (ABAC) model (referred as CV-ABACG) to secure communication, data exchange and resource access in smart vehicles ecosystem. This model takes into account the user-centric privacy preferences along with system-defined policies to make access decisions. We propose a novel concept of groups in context of cloud assisted smart cars, which are dynamically assigned to moving entities like vehicles, based on their current GPS coordinates, direction or other attributes, to ensure relevance of location and time sensitive notification services offered to drivers, and to provide administrative benefits to manage large numbers of entities and enable attributes inheritance for fine grained authorization.
Finally, as all IoT devices and smart cars produce enormous amounts of data which is sent to central cloud for processing and storage, it is imperative to understand and develop authorization solutions for most widely used Big data processing platform, Hadoop. Henceforth, we first formalize the current access control model for Hadoop ecosystem, called HeAC. We then extend this model to provide a cohesive object-tagged role-based access control (OT-RBAC) model, consistent with generally accepted academic concepts of RBAC. We also present a fine-grained attribute-based access control model, referred as HeABAC, catering to the security and privacy needs of multi-tenant Hadoop ecosystem.
In closing, we conclude this dissertation and provide some future work directions.