The $$\mathrm {ACAC_{D}}$$ model for mutable activity control and chain of dependencies in smart and connected systems

Abstract

With the integration of connected devices, artificial intelligence, and heterogeneous networks in IoT-driven cyber-physical systems, our society is evolving as a smart, automated, and connected community. In such dynamic and distributed environments, various operations are carried out considering different contextual factors to support the automation of connected devices and systems. These devices often perform long-lived operations or tasks (referred to as activities) to fulfill larger goals in the connected environment. These activities are usually mutable (change states) and interdependent. They can influence the execution of other activities in the ecosystem, requiring active and real-time monitoring of the entire connected environment. Traditional access control models are designed to take authorization decisions at the time of access request and do not fit well in dynamic and connected environments, which require continuous active checks on dependent and mutable activities. Recently, a vision for activity-centric access control (ACAC) was proposed to enable security modeling and enforcement from the perspective and abstraction of interdependent activities. The proposed ACAC incorporates four decision parameters: Authorizations (A), oBligations (B), Conditions (C), and activity Dependencies (D) for an object agnostic continuous access control in smart systems. In this paper, we take a step further towards maturing ACAC by focusing on the mutability of activities (the ability of changing states of activities), activity dependencies (D) and developing a family of formal mathematically grounded models, referred to as \(\mathrm {ACAC_{D}}\). We propose six practically suitable sub-models for \(\mathrm {ACAC_{D}}\) to support the state transition of a mutable activity incorporating the dependent activities’ state-check and state-update procedures. These formal models consider the real-time mutability of activities as a critical factor in resolving active dependencies among various activities in the ecosystem. Activity dependencies can form a chain where it is possible to have dependencies of dependencies. In ACAC, we also consider the chain of dependencies while handling the mutability of an activity. We highlight the challenges (such as multiple dependency paths, race conditions, circular dependencies, and deadlocks) while dealing with a chain of dependencies, and provide solutions to resolve these challenges. We also present a proof of concept implementation of our proposed \(\mathrm {ACAC_{D}}\) models with performance analysis for a smart farming use case. This paper addresses the formal models’ intended behavior while supporting activities’ dependencies. Specifically, it focuses on developing and categorizing mathematically grounded activity dependencies into various ACAC sub-models without formal policy specification and analysis of theoretical complexities, which are intentionally kept out of the scope of this work.