Fuzzy logic with expert judgment to implement an adaptive risk-based access control model for IoT

Journal article

Atlam, Hany F., Walters, Robert J., Wills, Gary B. and Daniel, Joshua 2019. Fuzzy logic with expert judgment to implement an adaptive risk-based access control model for IoT. Mobile Networks and Applications. https://doi.org/10.1007/s11036-019-01214-w
AuthorsAtlam, Hany F., Walters, Robert J., Wills, Gary B. and Daniel, Joshua
Abstract

The Internet of Things (IoT) is becoming the future of the Internet with a large number of connected devices that are predicted to reach about 50 billion by 2020. With proliferation of IoT devices and need to increase information sharing in IoT applications, risk-based access control model has become the best candidate for both academic and commercial organizations to address access control issues. This model carries out a security risk analysis on the access request by using IoT contextual information to provide access decisions dynamically. This model solves challenges related to flexibility and scalability of the IoT system. Therefore, we propose an adaptive risk-based access control model for the IoT. This model uses real-time contextual information associated with the requesting user to calculate the security risk regarding each access request. It uses user attributes while making the access request, action severity, resource sensitivity and user risk history as inputs to analyze and calculate the risk value to determine the access decision. To detect abnormal and malicious actions, smart contracts are used to track and monitor user activities during the access session to detect and prevent potential security violations. In addition, as the risk estimation process is the essential stage to build a risk-based model, this paper provides a discussion of common risk estimation methods and then proposes the fuzzy inference system with expert judgment as to be the optimal approach to handle risk estimation process of the proposed risk-based model in the IoT system.

KeywordsComputer Networks and Communications; Hardware and Architecture; Software; Information Systems
Year2019
JournalMobile Networks and Applications
PublisherSpringer Science and Business Media LLC
ISSN1383-469X
1572-8153
Digital Object Identifier (DOI)https://doi.org/10.1007/s11036-019-01214-w
Web address (URL)http://hdl.handle.net/10545/624857
https://creativecommons.org/licenses/by/4.0
hdl:10545/624857
Publication dates28 Jan 2019
Publication process dates
Deposited03 Jun 2020, 08:32
Accepted01 Jan 2019
ContributorsUniversity of Southampton, Menoufia University, Menoufia, Egypt and Security Futures Practice, BT Research & Innovation, Ipswich, UK
File
File Access Level
Open
Permalink -

https://repository.derby.ac.uk/item/947q7/fuzzy-logic-with-expert-judgment-to-implement-an-adaptive-risk-based-access-control-model-for-iot

Log in to edit

Download files

  • 30
    total views
  • 0
    total downloads
  • 0
    views this month
  • 0
    downloads this month

Export as

Related outputs

Deep labeller: automatic bounding box generation for synthetic violence detection datasets
Nadeem, M., Kurugollu, F., Saravi, S., Atlam, H. and Franqueira, V. 2023. Deep labeller: automatic bounding box generation for synthetic violence detection datasets. Multimedia Tools and Applications. pp. 1-18. https://doi.org/10.1007/s11042-023-15621-5
Business Email Compromise Phishing Detection Based on Machine Learning: A Systematic Literature Review
Atlam, H. and Olayonu Oluwatimilehin 2022. Business Email Compromise Phishing Detection Based on Machine Learning: A Systematic Literature Review. Electronics. 12 (1), pp. 1-28. https://doi.org/10.3390/electronics12010042
ANFIS for risk estimation in risk-based access control model for smart homes
Atlam, H. and Gary B. Wills 2022. ANFIS for risk estimation in risk-based access control model for smart homes. Multimedia Tools and Applications. pp. 1-30. https://doi.org/10.1007/s11042-022-14010-8
DEEPSEL: A novel feature selection for early identification of malware in mobile applications
Muhammad Ajmal Azad, Farhan Riaz, Anum Aftab, Syed Khurram Jah Rizvi, Junaid Arshad, Hany F. Atlam and Atlam, H. 2021. DEEPSEL: A novel feature selection for early identification of malware in mobile applications. Future Generation Computer Systems. 129, pp. 54-63. https://doi.org/10.1016/j.future.2021.10.029
IoT forensics: A state-of-the-art review, callenges and future directions
Alenezi, Ahmed, Atlam, Hany, Alsagri, Reem, Alassafi, Madini and Wills, Gary 2019. IoT forensics: A state-of-the-art review, callenges and future directions. SCITEPRESS - Science and Technology Publications. https://doi.org/10.5220/0007905401060115
Experts reviews of a cloud forensic readiness framework for organizations
Alenezi, Ahmed, Atlam, Hany F. and Wills, Gary B. 2019. Experts reviews of a cloud forensic readiness framework for organizations. Journal of Cloud Computing. 8 (1). https://doi.org/10.1186/s13677-019-0133-z
Security, cybercrime and digital forensics for IoT
Atlam, Hany F., Alenezi, Ahmed, Alassafi, Madini O., Alshdadi, Abdulrahman A. and Wills, Gary B. 2019. Security, cybercrime and digital forensics for IoT. in: Intelligent Systems Reference Library Springer International Publishing.
A famework for data sharing between healthcare providers using blockchain
Alzahrani, Ahmed G., Alenezi, Ahmed, Atlam, Hany F. and Wills, Gary 2020. A famework for data sharing between healthcare providers using blockchain. Proceedings of the 5th International Conference on Internet of Things, Big Data and Security. https://doi.org/10.5220/0009413403490358
Intersections between IoT and distributed ledger
Atlam, Hany F. and Wills, Gary B. 2019. Intersections between IoT and distributed ledger. in: Advances in Computers Elsevier.
IoT security, privacy, safety and ethics
Atlam, Hany F. and Wills, Gary B. 2019. IoT security, privacy, safety and ethics. in: Internet of Things Springer International Publishing.
A validation of security determinants model for cloud adoption in Saudi organisations’ context
Alassafi, Madini O., Atlam, Hany F., Alshdadi, Abdulrahman A., Alzahrani, Abdullah I., AlGhamdi, Rayed A. and Buhari, Seyed M. 2019. A validation of security determinants model for cloud adoption in Saudi organisations’ context. International Journal of Information Technology. https://doi.org/10.1007/s41870-019-00360-4
An efficient security risk estimation technique for Risk-based access control model for IoT
Atlam, Hany F. and Wills, Gary 2019. An efficient security risk estimation technique for Risk-based access control model for IoT. Internet of Things. https://doi.org/10.1016/j.iot.2019.100052