ZTA-IoT: A Novel Architecture for Zero-Trust in IoT Systems and an Ensuing Usage Control Model

IF 3 4区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS ACM Transactions on Privacy and Security Pub Date : 2024-06-17 DOI:10.1145/3671147

Safwa Ameer, Lopamudra Praharaj, Ravi Sandhu, Smriti Bhatt, Maanak Gupta

{"title":"ZTA-IoT: A Novel Architecture for Zero-Trust in IoT Systems and an Ensuing Usage Control Model","authors":"Safwa Ameer, Lopamudra Praharaj, Ravi Sandhu, Smriti Bhatt, Maanak Gupta","doi":"10.1145/3671147","DOIUrl":null,"url":null,"abstract":"Recently, several researchers motivated the need to integrate Zero Trust (ZT) principles when designing and implementing authentication and authorization systems for IoT. An integrated Zero Trust IoT system comprises the network infrastructure (physical and virtual) and operational policies in place for IoT as a product of a ZT architecture plan. This paper proposes a novel Zero Trust architecture for IoT systems called ZTA-IoT. Additionally, based on different types of interactions between various layers and components in this architecture, we present ZTA-IoT-ACF, an access control framework that recognizes different interactions that need to be controlled in IoT systems. Within this framework, the paper then refines its focus to object-level interactions, i.e., interactions where the target resource is a device (equivalently a thing) or an information file generated or stored by a device. Building on the recently proposed Zero Trust score-based authorization framework (ZT-SAF) we develop the object-level Zero Trust score-based authorization framework for IoT systems, denoted as ZTA-IoT-OL-SAF, to govern access requests in this context. With this machinery in place, we finally develop a novel usage control model for users-to-objects and devices-to-objects interactions, denoted as UCONIoT. We give formal definitions, illustrative use cases, and a proof-of-concept implementation of UCONIoT. This paper is a first step toward establishing a rigorous formally-defined score-based access control framework for Zero Trust IoT systems.","PeriodicalId":56050,"journal":{"name":"ACM Transactions on Privacy and Security","volume":"17 1","pages":""},"PeriodicalIF":3.0000,"publicationDate":"2024-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Privacy and Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3671147","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Recently, several researchers motivated the need to integrate Zero Trust (ZT) principles when designing and implementing authentication and authorization systems for IoT. An integrated Zero Trust IoT system comprises the network infrastructure (physical and virtual) and operational policies in place for IoT as a product of a ZT architecture plan. This paper proposes a novel Zero Trust architecture for IoT systems called ZTA-IoT. Additionally, based on different types of interactions between various layers and components in this architecture, we present ZTA-IoT-ACF, an access control framework that recognizes different interactions that need to be controlled in IoT systems. Within this framework, the paper then refines its focus to object-level interactions, i.e., interactions where the target resource is a device (equivalently a thing) or an information file generated or stored by a device. Building on the recently proposed Zero Trust score-based authorization framework (ZT-SAF) we develop the object-level Zero Trust score-based authorization framework for IoT systems, denoted as ZTA-IoT-OL-SAF, to govern access requests in this context. With this machinery in place, we finally develop a novel usage control model for users-to-objects and devices-to-objects interactions, denoted as UCON_IoT. We give formal definitions, illustrative use cases, and a proof-of-concept implementation of UCON_IoT. This paper is a first step toward establishing a rigorous formally-defined score-based access control framework for Zero Trust IoT systems.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

ZTA-IoT：物联网系统零信任的新型架构及随之而来的使用控制模型

最近，一些研究人员提出，在设计和实施物联网身份验证和授权系统时，需要整合零信任（ZT）原则。一个集成的零信任物联网系统包括网络基础设施（物理和虚拟）以及作为 ZT 架构计划产物的物联网操作策略。本文为物联网系统提出了一种名为 ZTA-IoT 的新型零信任架构。此外，基于该架构中各层和组件之间不同类型的交互，我们提出了 ZTA-IoT-ACF 这一访问控制框架，该框架可识别物联网系统中需要控制的不同交互。在此框架内，本文将重点细化为对象级交互，即目标资源是设备（等同于事物）或设备生成或存储的信息文件的交互。在最近提出的基于零信任分值的授权框架（ZT-SAF）基础上，我们为物联网系统开发了对象级基于零信任分值的授权框架，称为 ZTA-IoT-OL-SAF，用于管理这种情况下的访问请求。有了这个机制，我们最终为用户到对象和设备到对象的交互开发了一种新的使用控制模型，称为 UCONIoT。我们给出了 UCONIoT 的正式定义、说明性用例和概念验证实现。本文是为零信任物联网系统建立严格的正式定义的基于分数的访问控制框架迈出的第一步。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

ACM Transactions on Privacy and Security Computer Science-General Computer Science

CiteScore

5.20

自引率

0.00%

发文量

期刊介绍： ACM Transactions on Privacy and Security (TOPS) (formerly known as TISSEC) publishes high-quality research results in the fields of information and system security and privacy. Studies addressing all aspects of these fields are welcomed, ranging from technologies, to systems and applications, to the crafting of policies.

期刊最新文献

ZPredict: ML-Based IPID Side-channel Measurements ZTA-IoT: A Novel Architecture for Zero-Trust in IoT Systems and an Ensuing Usage Control Model Security Analysis of the Consumer Remote SIM Provisioning Protocol X-squatter: AI Multilingual Generation of Cross-Language Sound-squatting Toward Robust ASR System against Audio Adversarial Examples using Agitated Logit