A capability-based security approach to manage access control in the Internet of Things

Mathematical and Computer Modelling

Volumn 58, Issue 5-6, 2013, Pages 1189-1205

  Gusmeroli, Sergio ^a   Piccione, Salvatore ^a   Rotondi, Domenico ^a  

^a TXT e solutions SpA ^*  (Italy)

Author keywords

Authorization; Capability based access control; Internet of Things; Rights delegation; Rights revocation

Indexed keywords

AUTHORIZATION; CAPABILITY BASED ACCESS CONTROLS; INTERNET OF THINGS (IOT); RIGHTS DELEGATION; RIGHTS REVOCATIONS;

AUTOMATION; DOMESTIC APPLIANCES; INTELLIGENT BUILDINGS; INTERNET; NETWORK SECURITY;

ACCESS CONTROL;

EID: 84880621938     PISSN: 08957177     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.mcm.2013.02.006     Document Type: Article

References (40)

1. S. Gusmeroli, S. Piccione, D. Rotondi, IoT@Work automation middleware system design and architecture, in: Presented at 17th IEEE International Conference on Emerging Technology and Factory Automation, ETFA'12, September 2012.
2. S. Gusmeroli, S. Piccione, D. Rotondi, IoT access control issues: a capability based approach, in: Proc. 6th Int. Conf. on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS-2012, July 2012, pp. 787-792. http://dx.doi.org/10.1109/IMIS.2012.38.
3. J. Li, A.H. Karp, Access control for the services oriented architecture, in: ACM Workshop on Secure Web Services, SWS'07, November 2007.
4. A.H. Karp, Authorization-based access control for the services oriented architecture, in: Proc. 4th Int. Conf. on Creating, Connecting, and Collaborating through Computing, C5, January 2006, pp. 160-167,. http://dx.doi.org/10.1109/C5.2006.9.
5. A.H. Karp, H. Haury, M.H. Davis, From ABAC to ZBAC: the evolution of access control models, HP laboratories, Tech. Report HPL-2009-30, February 2009, pp. 9-17.
6. A.H. Karp, J. Li, Solving the transitive access problem for the services oriented architecture, in: Proc. 2010 Int. Conf. on Availability, Reliability, and Security, ARES'10, February 2010, pp. 46-53.
7. G.D. Skinner, Cyber security management of access controls in digital ecosystems and distributed environments, in: Proc. 6th Int. Conf. on Information Technology and Applications, ICITA 2009, November 2009, pp. 77-82.
8. L. Fang, D. Gannon, F. Siebenlist, XPOLA-an extensible capability-based authorization infrastructure for grids, in: 4th Annual PKI R&D Workshop, April 2005, pp. 30-40.
9. Shrobe H., Adams D. Suppose we got a do-over: a revolution for secure computing. IEEE Security and Privacy 2012, 10(6):36-39. 10.1109/MSP.2012.84.
10. Hardy N. The Confused Deputy: (or why capabilities might have been invented). ACM SIGOPS Operating Systems Review 1988, 22(4):36-38.
11. Lampson B.W. Protection. SIGOPS Operating Systems Review 1974, 8:18-24. 10.1145/775265.775268.
12. D.F. Ferraiolo, D.R. Kuhn, Role based access control, in: 15th National Computer Security Conf., 1992, pp. 554-563.
13. Information technology requirements for the implementation and interoperability of role based access control, in: ANSI/INCITS Standard 459-2011, January 2011.
14. Shim S.S.Y., Bhalla G., Pendyala V. Federated identity management. Computer 2005, 38(12):120-122. 10.1109/MC.2005.4.
15. eXtensible access control markup language version 3.0, OASIS XACML v. 3.0, August 2010.
16. Adams A., Sasse M.A. Users are not the enemy. Communications of the ACM 1999, 42(12):40-46. 10.1145/322796.322806.
17. K. Beznosov, P. Inglesant, J. Lobo, R. Reeder, M.E. Zurko, Usability meets access control: challenges and research opportunities, in: Proc. of the 14th ACM Symposium on Access control models and technologies, SACMAT'09, 2009, pp. 73-74. http://dx.doi.org/10.1145/1542207.1542220.
18. M.L. Mazurek, J.P. Arsenault, J. Bresee, N. Gupta, I. Ion, C. Johns, D. Lee, Y. Liang, J. Olsen, B. Salmon, R. Shay, K. Vaniea, L. Bauer, L. Faith Cranor, G.R. Ganger, Access control for home data sharing: attitudes, needs and practices, in: Proc. of the 28th Int. Conf. on Human Factors in Computing Systems, CHI 2010, April 2010, pp. 645-654. http://dx.doi.org/10.1145/1753326.1753421.
19. K. Kostiainen, O. Rantapuska, S. Moloney, V. Roto, U. Holmstrom, K. Karvonen, Usable access control inside home networks, in: IEEE Int. Symposium. on World of Wireless, Mobile and Multimedia Networks, WoWMoM 2007, June 2007, pp. 1-6. http://dx.doi.org/10.1109/WOWMOM.2007.4351809.
20. J.B. Dennis, E.C. Van Horn, Programming Semantics for multiprogrammed computations, MIT, Tech. Report MIT/LCS/TR-23, 1965.
21. Levy H. Capability-Based Computer Systems 1984, Digital Press, Bedford, Massachusetts, Available: http://www.cs.washington.edu/homes/levy/capabook/.
22. A.S. Tanenbaum, S.J. Mullender, R. van Renesse, Using sparse capabilities in a distributed operating system, in: Proc. 6th Int. Conf. on Distributed Computing Systems, 1986, pp. 558-563. Available:. ftp://ftp.cs.vu.nl/pub/papers/amoeba/dcs86.ps.Z.
23. SPKI Certificate Theory, IETF RFC 2693, September 1999. Available:. http://www.ietf.org/rfc/rfc2693.txt.
24. ITU-T recommendation X 509 information technology-open systems interconnection-The directory: public-key and attribute certificate frameworks (also know as ISO/IEC 9594-8), ITU-T Recommendation X.509, November 2008.
25. An Internet attribute certificate profile for authorization, IETF RFC 3281, April 2002. Available:. http://www.ietf.org/rfc/rfc3281.txt.
26. Balfanz D., Durfee G.E., Smetters D.K. Making the impossible easy: usable PKI. Security and Usability 2005, O'Reilly, (Chapter 16). L. Cranor, S. Garfinkel (Eds.).
27. A. Lackorzynski, A. Warg, Taming subsystems: capabilities as universal resource access control in L4, in: Proc. 2nd Workshop on Isolation and Integration in Embedded Systems, IIES'09, April 2009, pp. 18-23.
28. Suzukia S., Shinjoa Y., Hirotsub T., Itanoa K., Katoa K. Capability-based egress network access control by using DNS server. Journal of Network and Computer Applications 2007, 30(4):1275-1282. (Special Issue on Information technology). 10.1016/j.jnca.2006.09.009.
29. M. Factor, D. Naor, E. Rom, J. Satran, S. Tal, Capability based secure access control to networked storage devices, in: Proc. of the 24th IEEE Conf. on Mass Storage Systems and Technologies, MSST'07, September 2007, pp. 114-128. http://dx.doi.org/10.1109/MSST.2007.6.
30. Architecting the Internet of Things 2011, Springer-Verlag, Berlin, Heidelberg. D. Uckelman, M. Harrison, F. Michahelles (Eds.).
31. L. Trappeniers, M. Roelands, M. Godon, J. Criel, P. Dobbelaere, Towards abundant DiY service creativity successfully leveraging the Internet-of-things in the city and at home, in: Presented at 13th Int. Conf. on Intelligence in Next Generation Networks, ICIN 2009, September 2009.
32. E. Yuan, J. Tong, Attributed based access control (ABAC) for web services, in: Proc. of the IEEE Int. Conf. on Web Services, ICWS'05, July 2005.
33. Kuhn D.R., Coyne E.J., Weil T.R. Adding attributes to role-based access control. IEEE Computer 2010, 43(6).
34. G. Danezis, R. Dingledine, N. Mathewson, Mixminion: design of a type III anonymous remailer protocol, in: Proc. of 2003 Symposium on Security and Privacy, May 2003, pp. 2-15. http://dx.doi.org/10.1109/SECPRI.2003.1199323.
35. Camenisch J., Lysyanskaya A. An efficient system for non-transferable anonymous credentials. LNCS 2001, vol. 2045:93-118. Springer-Verlag.
36. Camenisch J., Lysyanskaya A. A signature scheme with efficient protocols. LNCS 2002, vol. 2576:268-289. Springer-Verlag.
37. W3C efficient XML interchange (EXI) format 1.0. W3C Recommendation, March 2011. http://www.w3.org/TR/exi/.
38. A. Shamir, Identity-based cryptosystems and signature schemes, in: Proc. of CRYPTO 84 on Advances in cryptology, 1985, pp. 47-53.
39. Hankerson D., Menezes A., Vanstone S.A. Guide to Elliptic Curve Cryptography 2004, Springer-Verlag.
40. Wang Z. A new construction of the server-aided verification signature scheme. Mathematical and Computer Modelling, Advanced Theory and Practice for Cryptography and Future Security 2012, 55(1-2):97-101. 10.1016/j.mcm.2011.01.054.