Information Flow Control Based on the CapBAC (Capability-Based Access Control) Model in the IoT

Information Flow Control Based on the CapBAC (Capability-Based Access Control) Model in the IoT

Shigenari Nakamura (Hosei University, Tokyo, Japan), Tomoya Enokido (Rissho University, Tokyo, Japan) and Makoto Takizawa (Hosei University, Tokyo, Japan)
DOI: 10.4018/IJMCMC.2019100102

Abstract

In the Internet of Things (IoT), not only computers like servers but also devices with sensor and actuator devices are interconnected. It is critical to make the IoT secure, especially devices. In the capability-based access control (CapBAC) model proposed to make IoT devices secure, an owner of each device issues a capability token, i.e. a set of access rights, to a subject. Only a subject holding the capability token is allowed to manipulate the device. However, a subject may get data in a device d1 via another device d2 although the subject holds no capability token to get data from the device d1. Here, the data in the device d1 illegally flow to the subject. In this article, the authors propose the operation interruption (OI) protocol where illegal get operations are interrupted. In the evaluation, the ratio of the number of get operations interrupted to the total number of get operations is kept constant even if the numbers of subjects and access rights granted to each subject increase in the OI protocol.
Article Preview
Top

Introduction

In order to make information systems secure in presence of malicious accesses, various types of access control models (Denning, 1982) and cryptography (Ogiela, 2015; Ogiela & Ogiela, 2016) are proposed. Cryptography is used to prevent every information, i.e. objects, from being forged, stolen, or disclosed by a subject like user and application which are granted no permission, i.e. no access right. In the access control models, only an authorized subject is allowed to manipulate an object in an authorized operation. However, even if a subject is not allowed to get data in an object oi, the subject can get the data by accessing another object oj (Denning, 1982). Here, illegal information flow occurs from the object oi via the object oj to the subject. Illegal information flow among subjects and objects has to be prevented in the access control models. The LBAC (Lattice-Based Access Control) model (Sandhu, 1993) is proposed to prevent illegal information flow among subjects and objects. Here, each entity is assigned a security class. Illegal information flow is defined based on the relations among classes and every operation implying the illegal information flow is prohibited. In our previous studies, various types of protocols to prevent illegal information flow are proposed. In papers (Nakamura et al., 2015a; Nakamura et al., 2015b, Nakamura et al., 2016), types of protocols to prevent illegal information flow occurring in distributed database systems are proposed based on the RBAC (Role-Based Access Control) model (Sandhu et al., 1996). In papers (Nakamura et al., 2019a; Nakamura et al., 2019c), protocols to prevent illegal information flow occurring in P2PPSO (Peer-to-Peer Publish/Subscribe with Object concept) systems (Nakamura et al., 2019c) are proposed based on the TBAC (Topic-Based Access Control) model (Nakamura et al., 2018).

The IoT (Internet of Things) (Hanes et al., 2018; Oma et al., 2018; Soo et al., 2017) is composed of various types and millions of nodes including not only computers but also devices like sensors and actuators. Here, it is difficult to adopt traditional access control models such as the RBAC (Sandhu et al., 1996) and ABAC (Attribute-Based Access Control) (Yuan & Tong, 2005) models for the IoT due to the scalability of the IoT. Since the access list is also scalable, it is difficult to access and manipulate the access lists. Hence, the CapBAC (Capability-Based Access Control) model is proposed (Gusmeroli et al., 2013). Here, an owner of each device issues a capability token to a subject sb like user and application. The capability token is defined to be a set of access rights. An access right is a pair ⟨d, op⟩ of a device d and an operation op on the device d. The subject sb is allowed to manipulate the device d in an operation op only if the capability token including an access right ⟨d, op⟩ is issued to the subject sb.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 11: 4 Issues (2020): Forthcoming, Available for Pre-Order
Volume 10: 4 Issues (2019)
Volume 9: 4 Issues (2018)
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2014)
Volume 5: 4 Issues (2013)
Volume 4: 4 Issues (2012)
Volume 3: 4 Issues (2011)
Volume 2: 4 Issues (2010)
Volume 1: 4 Issues (2009)
View Complete Journal Contents Listing