XACML for building access control policies in internet of things

IoTBDS 2018 - Proceedings of the 3rd International Conference on Internet of Things, Big Data and Security

Volumn 2018-March, Issue , 2018, Pages 253-260

  Atlam, Hany F ^a,b   Alassafi, Madini O ^a   Alenezi, Ahmed ^a   Walters, Robert J ^a   Wills, Gary B ^a  

^a UNIVERSITY OF SOUTHAMPTON   (United Kingdom)

^b MENOUFIA UNIVERSITY   (Egypt)

Author keywords

Access Control; Access Policies; Adrbac; Internet of Things; Policy Language; XACML

Indexed keywords

BIG DATA; INTERNET OF THINGS;

ACCESS CONTROL MODELS; ACCESS CONTROL POLICIES; ACCESS DECISION; AUTHORIZED USERS; INTERNET OF THING (IOT); POLICY LANGUAGE; SECURITY ISSUES; SYSTEM RESOURCES;

ACCESS CONTROL;

EID: 85047877972     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.5220/0006725102530260     Document Type: Conference Paper

References (37)

1. Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter., M., 2003. Enterprise Privacy Authorization Language (EPAL 1.2).
2. Atlam, H.F., Alenezi, A., Alharthi, A., Walters, R., Wills, G., 2017a. Integration of cloud computing with internet of things: challenges and open issues. In: 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). pp. 670–675.
3. Atlam, H.F., Alenezi, A., Hussein, R.K., Wills, G.B., 2018. Validation of an Adaptive Risk-based Access Control Model for the Internet of Things. I.J. Comput. Netw. Inf. Secur. 26–35.
4. Atlam, H.F., Alenezi, A., Walters, R.J., Wills, G.B., 2017b. An Overview of Risk Estimation Techniques in Risk-based Access Control for the Internet of Things. In: Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security (IoTBDS 2017). pp. 254–260.
5. Atlam, H.F., Alenezi, A., Walters, R.J., Wills, G.B., Daniel, J., 2017c. Developing an adaptive Risk-based access control model for the Internet of Things. In: 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). pp. 655–661.
6. Atlam, H.F., Attiya, G., El-Fishawy, N., 2013. Comparative Study on CBIR based on Color Feature. Int. J. Comput. Appl. 78, 975–8887.
7. Atlam, H.F., Attiya, G., El-Fishawy, N., 2017d. Integration of Color and Texture Features in CBIR System. Int. J. Comput. Appl. 164, 23–28.
8. Bauer, L., Ligatti, J., David Walker, 2004. A language and system for composing security policies.
9. Bijon, K.Z., Krishnan, R., Sandhu, R., 2013. A framework for risk-aware role based access control. 2013 IEEE Conf. Commun. Netw. Secur. 462–469.
10. Bugiel, S., Heuser, S., Sadeghi, A.-R., 2013. Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies. Proc. 22nd USENIX Secur. Symp. 131–146.
11. Gasparini, L., 2013. Risk-Aware Access Control and XACML.
12. Hada, S., Michiharu Kudo, 2000. Xml access control language: Provisional authorization for xml documents.
13. Hu, V.C.V., Ferraiolo, D.F., Kuhn, D.R., 2006. Assessment of access control systems. Nistir 7316 60.
14. Hulsebosch, R.J., Salden, A.H., Bargh, M.S., Ebben, P.W.G., Reitsma, J., 2005. Context sensitive access control. In: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies. pp. 111–119.
15. Janak, J., Nam, H., Schulzrinne, H., 2012. On Access Control in the Internet of Things. Lix.Polytechnique.Fr 1–3.
16. Jayasekara, A., 2011. Understanding XACML policy langauge. Int. J. Inf. Technol. 35–68.
17. Jin, X., Krishnan, R., Sandhu, R.S., 2012. A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC. DBSec 12, 41–55.
18. Kumar, A., Karnik, N.M., Chafle, G., 2002. Context sensitivity in role-based access control. Oper. Syst. Rev. 36, 53–66.
19. Kumaraguru, P., Cranor, L., Lobo, J., Calo, S., 2007. A Survey of Privacy Policy Languages. In: Security, N SOUPS Workshop on Usable IT Management. pp. 35–40.
20. Liang Chen, Luca Gasparini, and T.J.N., 2013. XACML and risk-aware access control. In: Proc. ICEIS,. pp. 66–75.
21. Liu, C., Peng, Z., Wu, L., 2016. Role of Time-Domain Based Access Control Model 57–62.
22. Liu, J., Xiao, Y., Chen, C.L.P., 2012. Authentication and access control in the Internet of things. Proc. - 32nd IEEE Int. Conf. Distrib. Comput. Syst. Work. ICDCSW 2012 588–592.
23. Molloy, I., Dickens, L., Morisset, C., Cheng, P., Lobo, J., Russo, A., 2011. IBM Research Report Risk-Based Access Control Decisions under Uncertainty 25121.
24. N. P. Mahalle, , Anggorojati, B., Prasad, N.R., Prasad, R., 2013. Identity Authentication and Capability Based Access Control (IACAC) for the Internet of Things. J. Cyber Secur. Mobil. 1, 309–348.
25. Oasis, 2005. eXtensible Access Control Markup Language. OASIS Stand. 141.
26. OASIS, 2003. eXtensible Access Control Markup Language (XACLML) 1–154.
27. Rissanen, E., 2010. Xacml v3.0 privacy policy pro le version 1.0.
28. Suhendra, V., 2011. A Survey on Access Control Deployment. Commun. Comput. Inf. Sci. 11–20.
29. Turner, K.J., Stephan Rei -Marganiec Lynne Blair, G.A.C.F.W.K.J.T.S.R.L.B.A., Cambpell, G., Wang., F., 2014. Appel: Adaptable and programmable policy environment and language.
30. Vimercati di, S S.D.C. S, F., S, J., P., S., 2007. Access Control Policies and Languages in Open Environments. In: Advances in Information Security. Springer, Boston, MA, pp. 21–58.
31. W3C, 2006. Platform for privacy preferences (P3P) project [WWW Document]. http//www.w3.org/ P3P.
32. Westphall, C.M., Schmitt, G.R., 2016. A Risk Calculus Extension to the XACML Language. Brazilian Symp. Inf. Syst. 321–328.
33. Zhou, L., Varadharajan, V., Hitchens, M., 2014a. Secure administration of cryptographic role-based access control for large-scale cloud storage systems. J. Comput. Syst. Sci. 80, 1518–1533.
34. Zhou, L., Varadharajan, V., Hitchens, M., 2014b. Secure administration of cryptographic role-based access control for large-scale cloud storage systems. J. Comput. Syst. Sci. 80, 1518–1533.
35. Zhu, H., Jin, R., 2007. A Practical Mandatory Access Control Model for XML Databases A Practical Mandatory Access Control Model for XML Databases. In: 2nd International Conference: Scalable Information Systems. pp. 1–4.
36. Zhu, Y., Ahn, G.-J., Hu, H., Wang, H., 2010a. Cryptographic Role-based Security Mechanisms Based on Role-Key Hierarchy. Proc. 5th ACM Symp. Information, Comput. Commun. Secur. - ASIACCS’10 314.
37. Zhu, Y., Ahn, G.-J., Hu, H., Wang, H., 2010b. Cryptographic Role-based Security Mechanisms Based on Role-Key Hierarchy. Proc. 5th ACM Symp. Information, Comput. Commun. Secur. - ASIACCS’10 314.