IoT technology allows people to connect to and control devices remotely anywhere and anytime. However, serious concerns are raised over access control of sensitive IoT devices (e.g. portable health device) and personal information pertaining to them. The static access control model used in conventional system, which does not take into account the profile and behaviour of the agent requesting access to the system to determine the risk associated with the request, does not fit well to be used in some scenarios of some IoT application domains (e.g. smart healthcare). In this paper, we propose an adaptive risk-aware access control and the integration of this concept into the existing access control models, such as attribute-based and privacy-aware role-based access control. The proposed model is designed to address both security and privacy concerns for data sharing in IoT system. A prototype of the access control system implemented in XACML based on the proposed model is also presented in this paper.
|Nom||Proceedings - 2017 International Workshop on Secure Internet of Things, SIoT 2017|
|Une conférence||2017 International Workshop on Secure Internet of Things, SIoT 2017|
|période||15/09/17 → …|