An efficient security risk estimation technique for Risk-based access control model for IoT

Journal article


Atlam, Hany F. and Wills, Gary 2019. An efficient security risk estimation technique for Risk-based access control model for IoT. Internet of Things. https://doi.org/10.1016/j.iot.2019.100052
AuthorsAtlam, Hany F. and Wills, Gary
Abstract

The need to increase information sharing in the Internet of Things (IoT) applications made the risk-based access control model to be the best candidate for both academic and com- mercial organizations. Risk-based access control model carries out a security risk analysis on the access request by using IoT contextual information to provide access decisions dy- namically. Unlike current static access control approaches that are based on predefined policies and give the same result in different situations, this model provides the required flexibility to access system resources and works well in unexpected conditions and situa- tions of the IoT system. One of the main issues to implement this model is to determine the appropriate risk estimation technique that is able to generate accurate and realistic risk values for each access request to determine the access decision. Therefore, this paper pro- poses a risk estimation technique which integrates the fuzzy inference system with expert judgment to assess security risks of access control operations in the IoT system. Twenty IoT security experts from inside and outside the UK were interviewed to validate the proposed risk estimation technique and build the fuzzy inference rules accurately. The proposed risk estimation approach was implemented and simulated using access control scenarios of the network router. In comparison with the existing fuzzy techniques, the proposed technique has demonstrated it produces precise and realistic values in evaluating security risks of access control operations in the IoT context.

KeywordsSecurity risk; Risk estimation; Internet of Things; Risk-based access control model; Fuzzy logic system
Year2019
JournalInternet of Things
PublisherElsevier
ISSN25426605
Digital Object Identifier (DOI)https://doi.org/10.1016/j.iot.2019.100052
Web address (URL)http://hdl.handle.net/10545/624238
http://creativecommons.org/licenses/by/4.0/
hdl:10545/624238
Publication dates15 Apr 2019
Publication process dates
Deposited24 Oct 2019, 13:27
Accepted09 Apr 2019
Rights

Attribution 4.0 International

ContributorsUniversity of Southampton
File
File Access Level
Open
File
File Access Level
Open
Permalink -

https://repository.derby.ac.uk/item/93610/an-efficient-security-risk-estimation-technique-for-risk-based-access-control-model-for-iot

Download files

  • 53
    total views
  • 0
    total downloads
  • 5
    views this month
  • 0
    downloads this month

Export as

Related outputs

Deep labeller: automatic bounding box generation for synthetic violence detection datasets
Nadeem, M., Kurugollu, F., Saravi, S., Atlam, H. and Franqueira, V. 2023. Deep labeller: automatic bounding box generation for synthetic violence detection datasets. Multimedia Tools and Applications. pp. 1-18. https://doi.org/10.1007/s11042-023-15621-5
Business Email Compromise Phishing Detection Based on Machine Learning: A Systematic Literature Review
Atlam, H. and Olayonu Oluwatimilehin 2022. Business Email Compromise Phishing Detection Based on Machine Learning: A Systematic Literature Review. Electronics. 12 (1), pp. 1-28. https://doi.org/10.3390/electronics12010042
ANFIS for risk estimation in risk-based access control model for smart homes
Atlam, H. and Gary B. Wills 2022. ANFIS for risk estimation in risk-based access control model for smart homes. Multimedia Tools and Applications. pp. 1-30. https://doi.org/10.1007/s11042-022-14010-8
DEEPSEL: A novel feature selection for early identification of malware in mobile applications
Muhammad Ajmal Azad, Farhan Riaz, Anum Aftab, Syed Khurram Jah Rizvi, Junaid Arshad, Hany F. Atlam and Atlam, H. 2021. DEEPSEL: A novel feature selection for early identification of malware in mobile applications. Future Generation Computer Systems. 129, pp. 54-63. https://doi.org/10.1016/j.future.2021.10.029
IoT forensics: A state-of-the-art review, callenges and future directions
Alenezi, Ahmed, Atlam, Hany, Alsagri, Reem, Alassafi, Madini and Wills, Gary 2019. IoT forensics: A state-of-the-art review, callenges and future directions. SCITEPRESS - Science and Technology Publications. https://doi.org/10.5220/0007905401060115
Experts reviews of a cloud forensic readiness framework for organizations
Alenezi, Ahmed, Atlam, Hany F. and Wills, Gary B. 2019. Experts reviews of a cloud forensic readiness framework for organizations. Journal of Cloud Computing. 8 (1). https://doi.org/10.1186/s13677-019-0133-z
Security, cybercrime and digital forensics for IoT
Atlam, Hany F., Alenezi, Ahmed, Alassafi, Madini O., Alshdadi, Abdulrahman A. and Wills, Gary B. 2019. Security, cybercrime and digital forensics for IoT. in: Intelligent Systems Reference Library Springer International Publishing.
A famework for data sharing between healthcare providers using blockchain
Alzahrani, Ahmed G., Alenezi, Ahmed, Atlam, Hany F. and Wills, Gary 2020. A famework for data sharing between healthcare providers using blockchain. Proceedings of the 5th International Conference on Internet of Things, Big Data and Security. https://doi.org/10.5220/0009413403490358
Intersections between IoT and distributed ledger
Atlam, Hany F. and Wills, Gary B. 2019. Intersections between IoT and distributed ledger. in: Advances in Computers Elsevier.
IoT security, privacy, safety and ethics
Atlam, Hany F. and Wills, Gary B. 2019. IoT security, privacy, safety and ethics. in: Internet of Things Springer International Publishing.
Fuzzy logic with expert judgment to implement an adaptive risk-based access control model for IoT
Atlam, Hany F., Walters, Robert J., Wills, Gary B. and Daniel, Joshua 2019. Fuzzy logic with expert judgment to implement an adaptive risk-based access control model for IoT. Mobile Networks and Applications. https://doi.org/10.1007/s11036-019-01214-w
A validation of security determinants model for cloud adoption in Saudi organisations’ context
Alassafi, Madini O., Atlam, Hany F., Alshdadi, Abdulrahman A., Alzahrani, Abdullah I., AlGhamdi, Rayed A. and Buhari, Seyed M. 2019. A validation of security determinants model for cloud adoption in Saudi organisations’ context. International Journal of Information Technology. https://doi.org/10.1007/s41870-019-00360-4