Safwa Ameer, Lopamudra Praharaj, Ravi Sandhu, Smriti Bhatt, Maanak Gupta
{"title":"ZTA-IoT:物联网系统零信任的新型架构及随之而来的使用控制模型","authors":"Safwa Ameer, Lopamudra Praharaj, Ravi Sandhu, Smriti Bhatt, Maanak Gupta","doi":"10.1145/3671147","DOIUrl":null,"url":null,"abstract":"<p>Recently, several researchers motivated the need to integrate Zero Trust (ZT) principles when designing and implementing authentication and authorization systems for IoT. An integrated Zero Trust IoT system comprises the network infrastructure (physical and virtual) and operational policies in place for IoT as a product of a ZT architecture plan. This paper proposes a novel Zero Trust architecture for IoT systems called ZTA-IoT. Additionally, based on different types of interactions between various layers and components in this architecture, we present ZTA-IoT-ACF, an access control framework that recognizes different interactions that need to be controlled in IoT systems. Within this framework, the paper then refines its focus to object-level interactions, i.e., interactions where the target resource is a device (equivalently a thing) or an information file generated or stored by a device. Building on the recently proposed Zero Trust score-based authorization framework (ZT-SAF) we develop the object-level Zero Trust score-based authorization framework for IoT systems, denoted as ZTA-IoT-OL-SAF, to govern access requests in this context. With this machinery in place, we finally develop a novel usage control model for users-to-objects and devices-to-objects interactions, denoted as UCON<sub><i>IoT</i></sub>. We give formal definitions, illustrative use cases, and a proof-of-concept implementation of UCON<sub><i>IoT</i></sub>. This paper is a first step toward establishing a rigorous formally-defined score-based access control framework for Zero Trust IoT systems.</p>","PeriodicalId":56050,"journal":{"name":"ACM Transactions on Privacy and Security","volume":"17 1","pages":""},"PeriodicalIF":3.0000,"publicationDate":"2024-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"ZTA-IoT: A Novel Architecture for Zero-Trust in IoT Systems and an Ensuing Usage Control Model\",\"authors\":\"Safwa Ameer, Lopamudra Praharaj, Ravi Sandhu, Smriti Bhatt, Maanak Gupta\",\"doi\":\"10.1145/3671147\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>Recently, several researchers motivated the need to integrate Zero Trust (ZT) principles when designing and implementing authentication and authorization systems for IoT. An integrated Zero Trust IoT system comprises the network infrastructure (physical and virtual) and operational policies in place for IoT as a product of a ZT architecture plan. This paper proposes a novel Zero Trust architecture for IoT systems called ZTA-IoT. Additionally, based on different types of interactions between various layers and components in this architecture, we present ZTA-IoT-ACF, an access control framework that recognizes different interactions that need to be controlled in IoT systems. Within this framework, the paper then refines its focus to object-level interactions, i.e., interactions where the target resource is a device (equivalently a thing) or an information file generated or stored by a device. Building on the recently proposed Zero Trust score-based authorization framework (ZT-SAF) we develop the object-level Zero Trust score-based authorization framework for IoT systems, denoted as ZTA-IoT-OL-SAF, to govern access requests in this context. With this machinery in place, we finally develop a novel usage control model for users-to-objects and devices-to-objects interactions, denoted as UCON<sub><i>IoT</i></sub>. We give formal definitions, illustrative use cases, and a proof-of-concept implementation of UCON<sub><i>IoT</i></sub>. This paper is a first step toward establishing a rigorous formally-defined score-based access control framework for Zero Trust IoT systems.</p>\",\"PeriodicalId\":56050,\"journal\":{\"name\":\"ACM Transactions on Privacy and Security\",\"volume\":\"17 1\",\"pages\":\"\"},\"PeriodicalIF\":3.0000,\"publicationDate\":\"2024-06-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Transactions on Privacy and Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1145/3671147\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Privacy and Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3671147","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
ZTA-IoT: A Novel Architecture for Zero-Trust in IoT Systems and an Ensuing Usage Control Model
Recently, several researchers motivated the need to integrate Zero Trust (ZT) principles when designing and implementing authentication and authorization systems for IoT. An integrated Zero Trust IoT system comprises the network infrastructure (physical and virtual) and operational policies in place for IoT as a product of a ZT architecture plan. This paper proposes a novel Zero Trust architecture for IoT systems called ZTA-IoT. Additionally, based on different types of interactions between various layers and components in this architecture, we present ZTA-IoT-ACF, an access control framework that recognizes different interactions that need to be controlled in IoT systems. Within this framework, the paper then refines its focus to object-level interactions, i.e., interactions where the target resource is a device (equivalently a thing) or an information file generated or stored by a device. Building on the recently proposed Zero Trust score-based authorization framework (ZT-SAF) we develop the object-level Zero Trust score-based authorization framework for IoT systems, denoted as ZTA-IoT-OL-SAF, to govern access requests in this context. With this machinery in place, we finally develop a novel usage control model for users-to-objects and devices-to-objects interactions, denoted as UCONIoT. We give formal definitions, illustrative use cases, and a proof-of-concept implementation of UCONIoT. This paper is a first step toward establishing a rigorous formally-defined score-based access control framework for Zero Trust IoT systems.
期刊介绍:
ACM Transactions on Privacy and Security (TOPS) (formerly known as TISSEC) publishes high-quality research results in the fields of information and system security and privacy. Studies addressing all aspects of these fields are welcomed, ranging from technologies, to systems and applications, to the crafting of policies.