Security-sensitive workflows impose constraints on the control-flow and authorization policies that may lead to unsatisfiable instances. In these cases, it is still possible to find "least bad" executions where costs associated to authorization violations are minimized, solving the so-called Multi-Objective Workflow Satisfiability Problem (MO-WSP). The MO-WSP is inspired by the Valued WSP and its generalization, the Bi-Objective WSP, but our work considers quantitative solutions to the WSP without abstracting control-flow constraints. In this paper, we define variations of the MO-WSP and solve them using bounded model checking and optimization modulo theories solving. We validate our solutions on real-world workflows and show their scalability on synthetic instances.
{"title":"Solving Multi-Objective Workflow Satisfiability Problems with Optimization Modulo Theories Techniques","authors":"Clara Bertolissi, D. R. D. Santos, Silvio Ranise","doi":"10.1145/3205977.3205982","DOIUrl":"https://doi.org/10.1145/3205977.3205982","url":null,"abstract":"Security-sensitive workflows impose constraints on the control-flow and authorization policies that may lead to unsatisfiable instances. In these cases, it is still possible to find \"least bad\" executions where costs associated to authorization violations are minimized, solving the so-called Multi-Objective Workflow Satisfiability Problem (MO-WSP). The MO-WSP is inspired by the Valued WSP and its generalization, the Bi-Objective WSP, but our work considers quantitative solutions to the WSP without abstracting control-flow constraints. In this paper, we define variations of the MO-WSP and solve them using bounded model checking and optimization modulo theories solving. We validate our solutions on real-world workflows and show their scalability on synthetic instances.","PeriodicalId":423087,"journal":{"name":"Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117113631","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In context-aware applications, user's access privileges rely on both user's identity and context. Access control rules are usually statically defined while contexts and the system state can change dynamically. Changes in contexts can result in service disruptions. To address this issue, this poster proposes a reactive access control system that associates contingency plans with access control rules. Risk scores are also associated with actions part of the contingency plans. Such risks are estimated by using fuzzy inference. Our approach is cast into the XACML reference architecture.
{"title":"Reactive Access Control Systems","authors":"Maryam Davari, E. Bertino","doi":"10.1145/3205977.3208947","DOIUrl":"https://doi.org/10.1145/3205977.3208947","url":null,"abstract":"In context-aware applications, user's access privileges rely on both user's identity and context. Access control rules are usually statically defined while contexts and the system state can change dynamically. Changes in contexts can result in service disruptions. To address this issue, this poster proposes a reactive access control system that associates contingency plans with access control rules. Risk scores are also associated with actions part of the contingency plans. Such risks are estimated by using fuzzy inference. Our approach is cast into the XACML reference architecture.","PeriodicalId":423087,"journal":{"name":"Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies","volume":"159 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131896709","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Devices with embedded sensors are permeating the computing landscape, allowing the collection and analysis of rich data about individuals, smart spaces, and their interactions. This class of devices enables a useful array of home automation and connected workplace functionality to individuals within instrumented spaces. Unfortunately, the increasing pervasiveness of sensors can lead to perceptions of privacy loss by their occupants. Given that many instrumented spaces exist as platforms outside of a user's control---e.g., IoT sensors in the home that rely on cloud infrastructure or connected workplaces managed by one's employer---enforcing access controls via a trusted reference monitor may do little to assuage individuals' privacy concerns. This calls for novel enforcement mechanisms for controlling access to sensed data. In this paper, we investigate the interplay between sensor fidelity and individual comfort, with the goal of understanding the design space for effective, yet palatable, sensors for the workplace. In the context of a common space contextualization task, we survey and interview individuals about their comfort with three common sensing modalities: video, audio, and passive infrared. This allows us to explore the extent to which discomfort with sensor platforms is a function of detected states or sensed data. Our findings uncover interesting interplays between content, context, fidelity, history, and privacy. This, in turn, leads to design recommendations regarding how to increase comfort with sensing technologies by revisiting the mechanisms by which user preferences and policies are enforced in situations where the infrastructure itself is not trusted.
{"title":"Sensing or Watching?: Balancing Utility and Privacy in Sensing Systems via Collection and Enforcement Mechanisms","authors":"Adam J. Lee, Jacob T. Biehl, C. Curry","doi":"10.1145/3205977.3205983","DOIUrl":"https://doi.org/10.1145/3205977.3205983","url":null,"abstract":"Devices with embedded sensors are permeating the computing landscape, allowing the collection and analysis of rich data about individuals, smart spaces, and their interactions. This class of devices enables a useful array of home automation and connected workplace functionality to individuals within instrumented spaces. Unfortunately, the increasing pervasiveness of sensors can lead to perceptions of privacy loss by their occupants. Given that many instrumented spaces exist as platforms outside of a user's control---e.g., IoT sensors in the home that rely on cloud infrastructure or connected workplaces managed by one's employer---enforcing access controls via a trusted reference monitor may do little to assuage individuals' privacy concerns. This calls for novel enforcement mechanisms for controlling access to sensed data. In this paper, we investigate the interplay between sensor fidelity and individual comfort, with the goal of understanding the design space for effective, yet palatable, sensors for the workplace. In the context of a common space contextualization task, we survey and interview individuals about their comfort with three common sensing modalities: video, audio, and passive infrared. This allows us to explore the extent to which discomfort with sensor platforms is a function of detected states or sensed data. Our findings uncover interesting interplays between content, context, fidelity, history, and privacy. This, in turn, leads to design recommendations regarding how to increase comfort with sensing technologies by revisiting the mechanisms by which user preferences and policies are enforced in situations where the infrastructure itself is not trusted.","PeriodicalId":423087,"journal":{"name":"Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116004026","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Developing a secure system (or, protocol) in general boils down to having a correct and robust specification which developers faithfully implement with the available platform support. Vulnerabilities can thus crop up due to inadequate specification, buggy implementations, or the lack of appropriate security constructs in the platform. In this talk, I will present examples of insecurity due to inadequate specification, wrong implementations, and deficient platform support. I will particularly focus on how automated reasoning and formal verification techniques can greatly contribute towards detecting vulnerabilities. In the first example, I will show how 4G LTE telecommunication protocol specification lacks security considerations which can be exploited by adversaries to have catastrophic impacts. Next, I will present how incorrect X.509 certificate validation implementations in open-source SSL/TLS libraries leave users prone to impersonation attacks. Finally, I will conclude my talk with a discussion of how lack of hardware support makes enforcing Digital Rights Management (DRM) policies infeasible for mobile devices.
{"title":"How Inadequate Specification, Buggy Implementation, and Deficient Platform-Support Hinder Security","authors":"Omar Chowdhury","doi":"10.1145/3205977.3206002","DOIUrl":"https://doi.org/10.1145/3205977.3206002","url":null,"abstract":"Developing a secure system (or, protocol) in general boils down to having a correct and robust specification which developers faithfully implement with the available platform support. Vulnerabilities can thus crop up due to inadequate specification, buggy implementations, or the lack of appropriate security constructs in the platform. In this talk, I will present examples of insecurity due to inadequate specification, wrong implementations, and deficient platform support. I will particularly focus on how automated reasoning and formal verification techniques can greatly contribute towards detecting vulnerabilities. In the first example, I will show how 4G LTE telecommunication protocol specification lacks security considerations which can be exploited by adversaries to have catastrophic impacts. Next, I will present how incorrect X.509 certificate validation implementations in open-source SSL/TLS libraries leave users prone to impersonation attacks. Finally, I will conclude my talk with a discussion of how lack of hardware support makes enforcing Digital Rights Management (DRM) policies infeasible for mobile devices.","PeriodicalId":423087,"journal":{"name":"Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128916331","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jiaming Jiang, Rada Y. Chirkova, J. Doyle, A. Rosenthal
Attribute-based access control (ABAC) is a general access control model that subsumes numerous earlier access control models. Its increasing popularity stems from the intuitive generic structure of granting permissions based on application and domain attributes of users, subjects, objects, and other entities in the system. Multiple formal and informal languages have been developed to express policies in terms of such attributes. The utility of ABAC policy languages is potentially undermined without a properly formalized underlying model. The high-level structure in a majority of ABAC models consists of sets of tokens and sets of sets, expressions that demand that the reader unpack multiple levels of sets and tokens to determine what things mean. The resulting reduced readability potentially endangers correct expression, reduces maintainability, and impedes validation. These problems could be magnified in models that employ nonuniform representations of actions and their governing policies. We propose to avoid these magnified problems by recasting the high-level structure of ABAC models in a logical formalism that treats all actions (by users and others) uniformly and that keeps existing policy languages in place by interpreting their attributes in terms of the restructured model. In comparison to existing ABAC models, use of a logical language for model formalization, including hierarchies of types of entities and attributes, promises improved expressiveness in specifying the relationships between and requirements on application and domain attributes. A logical modeling language also potentially improves flexibility in representing relationships as attributes to support some widely used policy languages. Consistency and intelligibility are improved by using uniform means for representing different types of controlled actions---such as regular access control actions, administrative actions, and user logins---and their governing policies. Logical languages also provide a well-defined denotational semantics supported by numerous formal inference and verification tools.
{"title":"Towards Greater Expressiveness, Flexibility, and Uniformity in Access Control","authors":"Jiaming Jiang, Rada Y. Chirkova, J. Doyle, A. Rosenthal","doi":"10.1145/3205977.3208950","DOIUrl":"https://doi.org/10.1145/3205977.3208950","url":null,"abstract":"Attribute-based access control (ABAC) is a general access control model that subsumes numerous earlier access control models. Its increasing popularity stems from the intuitive generic structure of granting permissions based on application and domain attributes of users, subjects, objects, and other entities in the system. Multiple formal and informal languages have been developed to express policies in terms of such attributes. The utility of ABAC policy languages is potentially undermined without a properly formalized underlying model. The high-level structure in a majority of ABAC models consists of sets of tokens and sets of sets, expressions that demand that the reader unpack multiple levels of sets and tokens to determine what things mean. The resulting reduced readability potentially endangers correct expression, reduces maintainability, and impedes validation. These problems could be magnified in models that employ nonuniform representations of actions and their governing policies. We propose to avoid these magnified problems by recasting the high-level structure of ABAC models in a logical formalism that treats all actions (by users and others) uniformly and that keeps existing policy languages in place by interpreting their attributes in terms of the restructured model. In comparison to existing ABAC models, use of a logical language for model formalization, including hierarchies of types of entities and attributes, promises improved expressiveness in specifying the relationships between and requirements on application and domain attributes. A logical modeling language also potentially improves flexibility in representing relationships as attributes to support some widely used policy languages. Consistency and intelligibility are improved by using uniform means for representing different types of controlled actions---such as regular access control actions, administrative actions, and user logins---and their governing policies. Logical languages also provide a well-defined denotational semantics supported by numerous formal inference and verification tools.","PeriodicalId":423087,"journal":{"name":"Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128755371","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Traditional role-based access control fails to meet the privacy requirements for patient data in medical systems, as it is infeasible for policy makers to foresee what information doctors may need for diagnosis and treatment in various situations. The universal practice in hospitals is to grant doctors unlimited access, which in turn increases the risk of breaching patient privacy. In this paper, we propose a dynamic risk-adaptive access control model for health IT systems by taking into consideration the relationships between data and access behaviors. By training topic models to portray individual and group-level access behaviors, we quantify the risk for each user over a certain period of time. Malicious users are supposed to get higher risk scores than honest users due to improper requests. Thus their further access would be denied under our access control scheme. The topic model and risk scores are periodically updated to advance the self-adaptability of the system. Experimental results have shown that our solution could effectively distinguish malicious doctors even if they deliberately conceal the misconducts.
{"title":"Privacy-Aware Risk-Adaptive Access Control in Health Information Systems using Topic Models","authors":"Wenxi Zhang, Hao Li, Min Zhang, Zhiquan Lv","doi":"10.1145/3205977.3205991","DOIUrl":"https://doi.org/10.1145/3205977.3205991","url":null,"abstract":"Traditional role-based access control fails to meet the privacy requirements for patient data in medical systems, as it is infeasible for policy makers to foresee what information doctors may need for diagnosis and treatment in various situations. The universal practice in hospitals is to grant doctors unlimited access, which in turn increases the risk of breaching patient privacy. In this paper, we propose a dynamic risk-adaptive access control model for health IT systems by taking into consideration the relationships between data and access behaviors. By training topic models to portray individual and group-level access behaviors, we quantify the risk for each user over a certain period of time. Malicious users are supposed to get higher risk scores than honest users due to improper requests. Thus their further access would be denied under our access control scheme. The topic model and risk scores are periodically updated to advance the self-adaptability of the system. Experimental results have shown that our solution could effectively distinguish malicious doctors even if they deliberately conceal the misconducts.","PeriodicalId":423087,"journal":{"name":"Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116389937","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Data security and privacy issues are magnified by the volume, the variety, and the velocity of Big Data and by the lack, up to now, of a standard data model and related data manipulation language. In this paper, we focus on one of the key data security services, that is, access control, by highlighting the differences with traditional data management systems and describing a set of requirements that any access control solution for Big Data platforms may fulfill. We then describe the state of the art and discuss open research issues.
{"title":"Access Control in the Era of Big Data: State of the Art and Research Directions","authors":"Pietro Colombo, E. Ferrari","doi":"10.1145/3205977.3205998","DOIUrl":"https://doi.org/10.1145/3205977.3205998","url":null,"abstract":"Data security and privacy issues are magnified by the volume, the variety, and the velocity of Big Data and by the lack, up to now, of a standard data model and related data manipulation language. In this paper, we focus on one of the key data security services, that is, access control, by highlighting the differences with traditional data management systems and describing a set of requirements that any access control solution for Big Data platforms may fulfill. We then describe the state of the art and discuss open research issues.","PeriodicalId":423087,"journal":{"name":"Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126357909","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
While the standard language XACML is very expressive for specifying fine-grained access control policies, defects can get into XACML policies for various reasons, such as misunderstanding of access control requirements, omissions, and coding errors. These defects may result in unauthorized accesses, escalation of privileges, and denial of service. Therefore, quality assurance of XACML policies for real-world information systems has become an important issue. To address this issue, this paper presents a family of coverage criteria for XACML policies, such as rule coverage, rule pair coverage, decision coverage, and Modified Condition/Decision Coverage (MC/DC). To demonstrate the assurance levels of these coverage criteria, we have developed methods for automatically generating tests, i.e., access requests, to satisfy the coverage criteria using a constraint solver. We have evaluated these methods through mutation analysis of various policies with different levels of complexity. The experiment results have shown that the rule coverage is far from adequate for revealing the majority of defects in XACML policies, and that both MC/DC and decision coverage tests have outperformed the existing methods for testing XACML policies. In particular, MC/DC tests achieve a very high level of quality assurance of XACML policies.
{"title":"Automated Coverage-Based Testing of XACML Policies","authors":"Dianxiang Xu, Roshan Shrestha, Ning Shen","doi":"10.1145/3205977.3205979","DOIUrl":"https://doi.org/10.1145/3205977.3205979","url":null,"abstract":"While the standard language XACML is very expressive for specifying fine-grained access control policies, defects can get into XACML policies for various reasons, such as misunderstanding of access control requirements, omissions, and coding errors. These defects may result in unauthorized accesses, escalation of privileges, and denial of service. Therefore, quality assurance of XACML policies for real-world information systems has become an important issue. To address this issue, this paper presents a family of coverage criteria for XACML policies, such as rule coverage, rule pair coverage, decision coverage, and Modified Condition/Decision Coverage (MC/DC). To demonstrate the assurance levels of these coverage criteria, we have developed methods for automatically generating tests, i.e., access requests, to satisfy the coverage criteria using a constraint solver. We have evaluated these methods through mutation analysis of various policies with different levels of complexity. The experiment results have shown that the rule coverage is far from adequate for revealing the majority of defects in XACML policies, and that both MC/DC and decision coverage tests have outperformed the existing methods for testing XACML policies. In particular, MC/DC tests achieve a very high level of quality assurance of XACML policies.","PeriodicalId":423087,"journal":{"name":"Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132706578","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Preventing unauthorized access to sensitive data is an exceedingly complex access control problem. In this keynote, I will break down the data breach problem and give insights into how organizations could and should do to reduce their risks. The talk will start with discussing the technical reasons behind some of the recent high-profile data breach incidents (e.g., in Equifax, Target), as well as pointing out the threats of inadvertent or accidental data leaks. Then, I will show that there are usually multiple points to stop data breach and give an overview of the relevant state-of-the-art solutions. I will focus on some of the recent algorithmic advances in preventing inadvertent data loss, including set-based and alignment-based screening techniques, outsourced screening, and GPU-based performance acceleration. I will also briefly discuss the role of non-technical factors (e.g., organizational culture on security) in data protection. Because of the cat-and-mouse-game nature of cybersecurity, achieving absolute data security is impossible. However, proactively securing critical data paths through strategic planning and placement of security tools will help reduce the risks. I will also point out a few exciting future research directions, e.g., on data leak detection as a cloud security service and deep learning for reducing false alarms in continuous authentication and the prickly insider-threat detection.
{"title":"Data Breach and Multiple Points to Stop It","authors":"D. Yao","doi":"10.1145/3205977.3206001","DOIUrl":"https://doi.org/10.1145/3205977.3206001","url":null,"abstract":"Preventing unauthorized access to sensitive data is an exceedingly complex access control problem. In this keynote, I will break down the data breach problem and give insights into how organizations could and should do to reduce their risks. The talk will start with discussing the technical reasons behind some of the recent high-profile data breach incidents (e.g., in Equifax, Target), as well as pointing out the threats of inadvertent or accidental data leaks. Then, I will show that there are usually multiple points to stop data breach and give an overview of the relevant state-of-the-art solutions. I will focus on some of the recent algorithmic advances in preventing inadvertent data loss, including set-based and alignment-based screening techniques, outsourced screening, and GPU-based performance acceleration. I will also briefly discuss the role of non-technical factors (e.g., organizational culture on security) in data protection. Because of the cat-and-mouse-game nature of cybersecurity, achieving absolute data security is impossible. However, proactively securing critical data paths through strategic planning and placement of security tools will help reduce the risks. I will also point out a few exciting future research directions, e.g., on data leak detection as a cloud security service and deep learning for reducing false alarms in continuous authentication and the prickly insider-threat detection.","PeriodicalId":423087,"journal":{"name":"Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies","volume":"2013 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133484038","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Confidentiality and privacy of data managed by IoT ecosystems is becoming a primary concern. This paper targets the design of a general access control enforcement mechanism for MQTT-based IoT ecosystems. The proposed approach is presented with ABAC, but other access control models can be similarly supported. The solution is based on an enforcement monitor that has been designed to operate as a proxy between MQTT clients and an MQTT server. The monitor enforces access control constraints by intercepting and possibly manipulating the flow of exchanged MQTT control packets. Early experimental evaluations have overall shown low enforcement overhead.
{"title":"Access Control Enforcement within MQTT-based Internet of Things Ecosystems","authors":"Pietro Colombo, E. Ferrari","doi":"10.1145/3205977.3205986","DOIUrl":"https://doi.org/10.1145/3205977.3205986","url":null,"abstract":"Confidentiality and privacy of data managed by IoT ecosystems is becoming a primary concern. This paper targets the design of a general access control enforcement mechanism for MQTT-based IoT ecosystems. The proposed approach is presented with ABAC, but other access control models can be similarly supported. The solution is based on an enforcement monitor that has been designed to operate as a proxy between MQTT clients and an MQTT server. The monitor enforces access control constraints by intercepting and possibly manipulating the flow of exchanged MQTT control packets. Early experimental evaluations have overall shown low enforcement overhead.","PeriodicalId":423087,"journal":{"name":"Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116776607","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: