A Model-Driven Framework for Ensuring Role Based Access Control in IoT Devices

Abstract

Ensuring security and privacy of IOT devices and the associated/ dependent complex and critical systems is certainly a major concern, especially after proliferation of IoT devices in variety of domains in current era. A considerable level of security can be achieved in these systems using the techniques of Role Based Access Control (RBAC). In contrast to Discretionary Access Control (DAC) where personal identity of the owner/ user matters, RBAC grants access permissions on the basis of roles of the user. Due to the inherent complexity associated with ensuring security in IoT devices and related systems/ services, a level of abstraction is required in the development process, in order to better understand and develop the system accordingly by integrating all the security aspects. This level of abstraction can be achieved by developing the system as per the concepts of Model Driven Development (MDD). In this paper, techniques of Model Driven Architecture (MDA)/ MDD has been used to propose such a Framework/ Meta-Model, which ensures RBAC in order to access the services associated with IoT devices. The proposed Meta-Model can be further extended for the model-based development and automation of such a system that ensure RBAC for IoT devices. Validity of proposed Meta-Model has been proved by creating an M1 level Instance Model of a real-world case study. Results prove, that the proposed Meta-Model is capable to be transformed into a reliable system that ensures RBAC in IoT devices.