An efficient security risk estimation technique for Risk-based access control model for IoT
Journal article
| Authors | Atlam, Hany F. and Wills, Gary |
|---|---|
| Abstract | The need to increase information sharing in the Internet of Things (IoT) applications made the risk-based access control model to be the best candidate for both academic and com- mercial organizations. Risk-based access control model carries out a security risk analysis on the access request by using IoT contextual information to provide access decisions dy- namically. Unlike current static access control approaches that are based on predefined policies and give the same result in different situations, this model provides the required flexibility to access system resources and works well in unexpected conditions and situa- tions of the IoT system. One of the main issues to implement this model is to determine the appropriate risk estimation technique that is able to generate accurate and realistic risk values for each access request to determine the access decision. Therefore, this paper pro- poses a risk estimation technique which integrates the fuzzy inference system with expert judgment to assess security risks of access control operations in the IoT system. Twenty IoT security experts from inside and outside the UK were interviewed to validate the proposed risk estimation technique and build the fuzzy inference rules accurately. The proposed risk estimation approach was implemented and simulated using access control scenarios of the network router. In comparison with the existing fuzzy techniques, the proposed technique has demonstrated it produces precise and realistic values in evaluating security risks of access control operations in the IoT context. |
| Keywords | Security risk; Risk estimation; Internet of Things; Risk-based access control model; Fuzzy logic system |
| Year | 2019 |
| Journal | Internet of Things |
| Publisher | Elsevier |
| ISSN | 25426605 |
| Digital Object Identifier (DOI) | https://doi.org/10.1016/j.iot.2019.100052 |
| Web address (URL) | http://hdl.handle.net/10545/624238 |
| http://creativecommons.org/licenses/by/4.0/ | |
| hdl:10545/624238 | |
| Publication dates | 15 Apr 2019 |
| Publication process dates | |
| Deposited | 24 Oct 2019, 13:27 |
| Accepted | 09 Apr 2019 |
| Rights | Attribution 4.0 International |
| Contributors | University of Southampton |
| File | File Access Level Open |
| File | File Access Level Open |
https://repository.derby.ac.uk/item/93610/an-efficient-security-risk-estimation-technique-for-risk-based-access-control-model-for-iot
Download files
60
total views0
total downloads1
views this month0
downloads this month
Export as
Related outputs
Deep labeller: automatic bounding box generation for synthetic violence detection datasets
Nadeem, M., Kurugollu, F., Saravi, S., Atlam, H. and Franqueira, V. 2023. Deep labeller: automatic bounding box generation for synthetic violence detection datasets. Multimedia Tools and Applications. pp. 1-18. https://doi.org/10.1007/s11042-023-15621-5Business Email Compromise Phishing Detection Based on Machine Learning: A Systematic Literature Review
Atlam, H. and Olayonu Oluwatimilehin 2022. Business Email Compromise Phishing Detection Based on Machine Learning: A Systematic Literature Review. Electronics. 12 (1), pp. 1-28. https://doi.org/10.3390/electronics12010042ANFIS for risk estimation in risk-based access control model for smart homes
Atlam, H. and Gary B. Wills 2022. ANFIS for risk estimation in risk-based access control model for smart homes. Multimedia Tools and Applications. pp. 1-30. https://doi.org/10.1007/s11042-022-14010-8DEEPSEL: A novel feature selection for early identification of malware in mobile applications
Muhammad Ajmal Azad, Farhan Riaz, Anum Aftab, Syed Khurram Jah Rizvi, Junaid Arshad, Hany F. Atlam and Atlam, H. 2021. DEEPSEL: A novel feature selection for early identification of malware in mobile applications. Future Generation Computer Systems. 129, pp. 54-63. https://doi.org/10.1016/j.future.2021.10.029
IoT forensics: A state-of-the-art review, callenges and future directions
Alenezi, Ahmed, Atlam, Hany, Alsagri, Reem, Alassafi, Madini and Wills, Gary 2019. IoT forensics: A state-of-the-art review, callenges and future directions. SCITEPRESS - Science and Technology Publications. https://doi.org/10.5220/0007905401060115Experts reviews of a cloud forensic readiness framework for organizations
Alenezi, Ahmed, Atlam, Hany F. and Wills, Gary B. 2019. Experts reviews of a cloud forensic readiness framework for organizations. Journal of Cloud Computing. 8 (1). https://doi.org/10.1186/s13677-019-0133-zSecurity, cybercrime and digital forensics for IoT
Atlam, Hany F., Alenezi, Ahmed, Alassafi, Madini O., Alshdadi, Abdulrahman A. and Wills, Gary B. 2019. Security, cybercrime and digital forensics for IoT. in: Intelligent Systems Reference Library Springer International Publishing.A famework for data sharing between healthcare providers using blockchain
Alzahrani, Ahmed G., Alenezi, Ahmed, Atlam, Hany F. and Wills, Gary 2020. A famework for data sharing between healthcare providers using blockchain. Proceedings of the 5th International Conference on Internet of Things, Big Data and Security. https://doi.org/10.5220/0009413403490358Intersections between IoT and distributed ledger
Atlam, Hany F. and Wills, Gary B. 2019. Intersections between IoT and distributed ledger. in: Advances in Computers Elsevier.IoT security, privacy, safety and ethics
Atlam, Hany F. and Wills, Gary B. 2019. IoT security, privacy, safety and ethics. in: Internet of Things Springer International Publishing.Fuzzy logic with expert judgment to implement an adaptive risk-based access control model for IoT
Atlam, Hany F., Walters, Robert J., Wills, Gary B. and Daniel, Joshua 2019. Fuzzy logic with expert judgment to implement an adaptive risk-based access control model for IoT. Mobile Networks and Applications. https://doi.org/10.1007/s11036-019-01214-w