Fuzzy logic with expert judgment to implement an adaptive risk-based access control model for IoT
Journal article
Authors | Atlam, Hany F., Walters, Robert J., Wills, Gary B. and Daniel, Joshua |
---|---|
Abstract | The Internet of Things (IoT) is becoming the future of the Internet with a large number of connected devices that are predicted to reach about 50 billion by 2020. With proliferation of IoT devices and need to increase information sharing in IoT applications, risk-based access control model has become the best candidate for both academic and commercial organizations to address access control issues. This model carries out a security risk analysis on the access request by using IoT contextual information to provide access decisions dynamically. This model solves challenges related to flexibility and scalability of the IoT system. Therefore, we propose an adaptive risk-based access control model for the IoT. This model uses real-time contextual information associated with the requesting user to calculate the security risk regarding each access request. It uses user attributes while making the access request, action severity, resource sensitivity and user risk history as inputs to analyze and calculate the risk value to determine the access decision. To detect abnormal and malicious actions, smart contracts are used to track and monitor user activities during the access session to detect and prevent potential security violations. In addition, as the risk estimation process is the essential stage to build a risk-based model, this paper provides a discussion of common risk estimation methods and then proposes the fuzzy inference system with expert judgment as to be the optimal approach to handle risk estimation process of the proposed risk-based model in the IoT system. |
Keywords | Computer Networks and Communications; Hardware and Architecture; Software; Information Systems |
Year | 2019 |
Journal | Mobile Networks and Applications |
Publisher | Springer Science and Business Media LLC |
ISSN | 1383-469X |
1572-8153 | |
Digital Object Identifier (DOI) | https://doi.org/10.1007/s11036-019-01214-w |
Web address (URL) | http://hdl.handle.net/10545/624857 |
https://creativecommons.org/licenses/by/4.0 | |
hdl:10545/624857 | |
Publication dates | 28 Jan 2019 |
Publication process dates | |
Deposited | 03 Jun 2020, 08:32 |
Accepted | 01 Jan 2019 |
Contributors | University of Southampton, Menoufia University, Menoufia, Egypt and Security Futures Practice, BT Research & Innovation, Ipswich, UK |
File | File Access Level Open |
https://repository.derby.ac.uk/item/947q7/fuzzy-logic-with-expert-judgment-to-implement-an-adaptive-risk-based-access-control-model-for-iot
Download files
32
total views0
total downloads2
views this month0
downloads this month